Mumbai Police To Enforce Wi-Fi Security 134
caffeinemessiah writes "In the wake of the recent terrorist attacks in Mumbai, India, the local police are going to be sniffing out unsecured wi-fi access points and ordering the owners to secure them. The article notes that 'terror mails were sent through unsecured Wi-Fi connections' before bomb blasts in other Indian cities. No word on if they'll be walking around using Kismet, or if people who use pathetically weak WEP encryption will be ordered to switch to more advanced protocols. Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi. Or the fact that terrorists might actually be able to pay to use a cybercafe, and know what VPNs are."
On the other hand, the Mumbai police may still be keeping track of the mandatory keyloggers that went into the area's cybercafes in 2007.
Not enough (Score:5, Interesting)
Unless this policy is applied throughout the country, the city of Mumbai getting rid of unsecured wifi access points will not solve much. A terrorist can take a 3 hour bus ride to Pune to get unsecured wifi access. Mumbai itself is too big, are they talking about only the city or the whole suburbia included? Thane? New Mumbai?
Sounds like a scare tactic to me. A publicity stunt to make people more aware of consequences of unsecured wifi.
A bit short sited article ... (Score:3, Interesting)
Yes there are still going to be other ways for baddies to use the inter-tubes without being tracked, but limiting those access points can help. Instead of having a nearly limitless, and randomly distributed, source of connections they will now be funneled into a small set of access point which are also KNOWN access points.
Does this mean I agree ... I don't know yet ... but as with all security measures (both cyber and safety related) there is no such thing as a 100% solution. But we all know defense should be in depth, and each layer should be effective in accomplishing what it is meant to do. In many cases we all read about here, the proposed solution is nothing more than security theater, but shutting down the plethora of open wifi access points IS an effective way to limit the ability of bad actors (terrorists, kid-touchers, black-hats, etc) to access the internet at will; not a solution, but a factor.
As for law abiding citizens, since most of us use our own account anyway or walk into a cyber-cafe, and I assume few bother trying to use an insecure wifi, it really doesn't impact that much (well except when I'm at my sister's place and she has inexplicably jacked her wifi router forcing me to use someone else's wifi :O ).
I'm still not thrilled with the idea of the gov riding around with netstumbler looking for open wifi and then knocking on my door, but the idea of wanting to limit open-wifi is, imo, a good one. The execution is another issue entirely.
Now if you REALLY want to have fun thinking about it ... consider an area with known terrorists / suspects, you make sure all open wifi points are closed ... then you open your own as a honeypot ... BAM you get to see all their traffic ... well anything that isn't encrypted beyond the wifi encryption. It is a very effective technique to shut down all method of comms except one in an effort to intercept all comms.
Re:Cybercafe scenario is bogus (Score:3, Interesting)
Yup, gotta keep those citizens down, or they might rise up and blow something up in protest...
On a more serious note, since they are so against anonymity do they also outlaw personal use of encryption technologies?
Only fixing symptom not real problem (Score:3, Interesting)
This is Useless (Score:4, Interesting)
I think this is a big waste of time for the Mumbai police. If the terrorists can't send an e-mail with their threats, they will just send it by postal mail (just as they were doing before e-mail). Stopping them from sending anonymous e-mail won't stop the acts of terror. The Mumbai police should focus on investigating the actual attacks and preventing further attacks, rather than shooting the messenger.
Some people think that this can prevent them from coordinating their attacks, but I don't think so. Their attacks can be coordinated using various other techniques that may even be illegal - won't mention them, use your imagination.
Fundamentally, creating new rules will not stop terrorists - remember that there are already laws that prevent people from acquiring AK-47s & explosives. New rules will only inconvenience law abiding citizens - not terrorists.
Also, on another note - I don't like Times of India because they selectively prevent some comments from being displayed. I specifically mentioned this point in their comments and they have not published it, even after 2 days.
Re:Easy Solution to Keyloggers (Score:5, Interesting)
Create/encode on a trusty laptop, use USB key to transfer it to an internet cafe's rented computer to actually send it, have the other guy receive it at some other access point and then use a USB key to get it to his trusted computer where the message can be decoded. Simple without having to use suspicious VPNs and SSH and encryption and whatnot.
Re:Easy Solution to Keyloggers (Score:2, Interesting)
Or use steganographic [wikipedia.org] messages.
Are you really suggesting creating or decoding them on a computer you don't trust? There is no security in that.
Is this the end then? Has the government cryptofascism got so bad that even normal geeks are designing terrorist plots just as response to the outrage of hearing the latest news criminalising anyone who disagrees with the policies?