Comments for MOJO Wireless AirTight Networks Blog Tue, 19 May 2015 22:03:04 +0000 hourly 1 Comment on iOS8 MAC Address Randomization Update by Lina Arseneault Tue, 19 May 2015 22:03:04 +0000 Hi there,

The random mac addresses are only generated under certain condition like no device and Wi-Fi activity etc. Please check the details in the blog. This is available only on IPhone 5s onwards.
1) There is no change in behavior WRT random macs in IOS8. We have tested IOS8.3 and the behavior remains the same as reported in blog
2) The phone uses the same random mac address while probing in 2.4 GHz and 5 GHz. However the random mac addresses changes periodically.

The best way to see the packets would be to place the phone close to sniffer and sniff in 2.4 GHz only on any channel (1 to 11). Please apply this display/capture filter on wireshark that will display only the packets matching the random mac criteria

((wlan.fc.type_subtype == 0x0004) && (wlan.ta [0:1] & 0x02) && (wlan.bssid == ff:ff:ff:ff:ff:ff))

Comment on Google Project Fi – New Era for Mobile Technology? by Bhupinder Misra Tue, 19 May 2015 18:26:41 +0000 Hi Sri,
Nice write up.
Just to add to this one of the other disruptor/feature I like about Google Project Fi is the low cost of usage while being abroad.
Perks include

1) Free unlimited SMS
2) Free Wi-Fi calls to US, low cost calls elsewhere.
3) Low cost data ($10 for 1 GB @256 kbps, good for email/chat etc)

Comment on iOS8 MAC Address Randomization Update by Mohanapriya Golla Fri, 20 Mar 2015 12:56:16 +0000 Hello All,

When i was trying to test with 8.2 release of 5 and 5s phones, i am not capturing the random mac addresses.

My questions here is to get some info regrading

1. Is there any updates on Random mac address behavior in 8.2 ?
2. Random mac address probes are same / different in 2.4 and 5Ghz ?

Could anyone confirm the above questions ?

Comment on AirTight at Wireless LAN Professionals Conference WLPC in Dallas by Bianca Groom Fri, 20 Mar 2015 07:53:33 +0000 Loved the 802.11ac capacity planning webinar. The idea to be with top WLAN minds is itself fascinating. I hope to catch the next one.

Comment on ISP Network on the Home Side and the Role Wi-Fi May Play by sriram Sun, 08 Mar 2015 21:51:39 +0000 Very nice article Hemant. I agree with you that the industry needs a co-ordinated effort to define the requirements of home Wi-Fi.

Scalability of Wi-Fi management is the other requirement that might become very critical for service providers if they have to operate profitably.

Comment on iOS8 MAC Address Randomization Update by Chandra Fri, 13 Feb 2015 18:54:13 +0000 I used to turn off Location Services and Cellular data to save battery and stay within limits of data usage. After a while data caps went up and realized that it’s wifi probes that drain battery more than location services and cellular data. Still keep location services off for most of the apps for privacy. Wifi only at trusted places to watch high speed videos or so.

Comment on iOS8 MAC Randomization – Analyzed! by Harshal Vora Wed, 04 Feb 2015 10:42:07 +0000 Hi,

Thanks for answering my earlier question.
Wiki Pedia page mentions that the U/L bit should be set to 1, and it does not talk anything about the unicast or multicast bit.

So are the following addresses also classified as LAM’s?



Comment on Healthcare, Wi-Fi and HIPAA – A Tricky Combination by Jack Brickman Tue, 16 Dec 2014 12:53:14 +0000 As an information security specialist for many years, I unfortunately see the same recurring theme with businesses time and time again, and that’s the failure to implement comprehensive security policies, procedures, processes, and other fundamental initiatives. With so many free and cost-effective solutions available online, there’s really no excuses as to why businesses don’t take the necessary steps for ensuring the safety and security of one’s entire network infrastructure. What’s also frustrating is not seeing comprehensive security awareness training and other basic, fundamental programs, like annual risk assessments, that should be in place for further helping protect organizational assets. There are literally hundreds of sites offering free employee training material. It’s time companies got serious about security and not just profits because data breaches are continuing to grow at such an alarming rate. Think about it, what business do you even have if a significant data breach occurs? Kiss your profits goodbye and say hello to the onslaught of lawsuits sure to arrive.

Comment on Going Beyond the Checkmark: All Things PCI by Charles Denyer Mon, 01 Dec 2014 13:04:59 +0000 As one of the longest licensed PCI-QSA’s in North America, I can attest that wireless security is a hug issue, and something that needs to be taken seriously by all companies. I actually have a few clients who use AirTight, and the products are very good. I just also wanted to add that don’t forget that one of the most important – and time consuming aspects of PCI DSS compliance – is developing all mandated policies and procedures. As a PCI-QSA for years, I’m constantly having to deal with my client’s challenges of having little or no documentation in place. If you look at the actual standards, there’s close to 50 or so policies and procedures that need to be in place, so finding a comprehensive policy packet is a must. PCI DSS is not always about the technical aspects, there’s a lot of documentation that has to be in place, so just remember that! There are numerous providers online offering cost-effective templates, so now it’s easier and more affordable than ever to put in place all mandated PCI specific documents.

Comment on Healthcare, Wi-Fi and HIPAA – A Tricky Combination by Heather McFarland Tue, 25 Nov 2014 15:43:36 +0000 Hermant, thanks for the great article on wireless security. I’ll def. be mentioning such services to my clients. I would like to add that HIPAA compliance – for most Covered Entities and Business Associates – is largely dependent on having documented policies, procedures, and processes in place for both the HIPAA Security Rule and the Privacy Rule, along with other applicable areas. But most CE’s and BA’s seem to just focus on the well-known Security Rule and forget about the dozens of “standards” and “implementation specifications” under the Privacy Rule, which are also important. There are numerous provisions regarding the uses and disclosure of Protected Health Information (PHI) – along with other important considerations that deserve attention – so remember to focus on the Privacy Rule also by putting in place all mandated policies, procedures, and controls.