Growth of Wi-Fi Opens New Path for Thieves 171
E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."
License to steal? (Score:5, Interesting)
After reading the article, it gives me the impression that you have a license to do just about any illegal internet activity so long as your WiFi router uses the default SSID, broadcasts its SSID and keeps the default passwords. If anything is traced back to you, you just blame the WiFi-Boogeyman for any illegal activities originating from your IP address.
Re:License to steal? (Score:5, Insightful)
Re:License to steal? (Score:5, Insightful)
Just being accused of a crime is enough of a problem to worry about.
Re:License to steal? (Score:2)
Just being accused of a crime is enough of a problem to worry about.
But they only do that to people who are not me. This is a non-issue until I see it on the local news.
Re:License to steal? (Score:2, Interesting)
Re:License to steal? (Score:2, Interesting)
Get a USB wifi adapter, or something that can easily be unplugged, stick it in your desktop computer, and spoof the MAC address. Have the router laying there, with the cable from your computer not plugged in. If the police come knocking at your door, yank the wifi out, slide it under a pile of junk, plug the
Re:License to steal? (Score:1)
They'll take the hard drive. (And probably make an image of it and give it back, unless they want to do lowlevel stuff on it. In which case they'll give the image back, instead.) They'll take the USB adapter, if they see it. They might even wander off with your wifi router, hoping it recorded something. (They'll demand the password for i
Re:License to steal? (Score:2)
"How would they stopping using the radio stop you from using the radio?"
Please !
Re:License to steal? (Score:2)
That story only works if you're really not a computer expert who knows nothing about computers. It'll probably take all of five minutes to check out that story (employment history, ask family if you know about computers, etc.).
Simple! (Score:2)
Also more sophisticated tracking of the type of operating system, version, etc. can be determined by passive profiling of your network activity. This is called fingerprinting.
The combination of "Oh we've got a Win2K box with this MAC address doing the deed". Pretty hard to disprove or refute.
Re:Simple! (Score:4, Informative)
Hooray for double negatives!
Re:Simple! (Score:2)
Re:Simple! (Score:2)
Many of the current cards let you set the MAC in software. Filtering keeps out the casual people, but those sniffing the network can probably spoof the MAC as well.
Re:Simple! (Score:5, Informative)
Google "etherchange" and see what you get... Here [ntsecurity.nu] is the first hit... MAC addresses don't prove diddley...
Re:Simple! (Score:3, Informative)
To the world outside your local network, every MAC address coming from your local network appears to be the same one - the one of your router. Any such WiFi Boogeyman would appear to have the same exact MAC address as you.
As for the "more sophisticated tracking"... There are some things that can be done but to be honest they're not very sophisticated. Suffice it to say that
Re:Simple! (Score:1)
First of all, MAC addresses don't get passed over the Internet. They're a feature of Ethernet, not IP. So by the time you've passed outside your subnet, your MAC address is nowhere to be found.
So this would only work if the ISP could somehow log your MAC address before it's routed anywhere. The problem with that, is that most people that have home wireless networks, usually use NAT too. So the only thing your ISP will see is the MAC address of the Internet-facing interface of your NAT box.
So in or
Re:Simple! (Score:3, Informative)
article is telco/cable demonization/propaganda (Score:5, Insightful)
--theft
--child porn
--terrorism
And the article here never even questions whether associating these practices with wifi could be a subterfuge by the telcos and cable companies to demonizes wifi so as to be able to outlaw municipal wifi through legislation, which is what they are afraid of, as that will cause them to cut their broadband prices.
This whole article is a propaganda piece, bought and paid for by the vested interests, such as telcos and cable companies.
What a sham is the NY Times. Just another cog in the CorpGovMedia propaganda machine...
quotes "anonymous gov't sources" on terrorism (Score:3, Insightful)
Re:quotes "anonymous gov't sources" on terrorism (Score:2)
Corporate socialism? Isn't that just a silly way of saying fascism? [reference.com]
Re:article is telco/cable demonization/propaganda (Score:1, Funny)
All internet activity should require user identification with a license issued by the government or a cooperative licensed ISP.
This would also go a long way to stamping out IP theft."Amnonymous" internet use should be a Federal felony and carry a stiff term equivlent to the penalties for kiddy porn,IP theft,and subversio
Re:article is telco/cable demonization/propaganda (Score:2)
... Quoth the Anonymous Coward about an NYT article based on information from an "anonymous government source".
Seems to me that if everyone just changed their names to "Anonymous", we could all just use our real names without fear.
simpsons (Score:4, Funny)
Fair Use? (Score:3, Funny)
Well than, since 90% of Slashdot users do not pirate intellectual property, I can only assume that you already own a legally purchased copy of the Simpson's episode in question, and thus this would be "fair use". Right?
Re:Fair Use? (Score:2)
I also downloaded the 35GB 15 season torrent of the Simpsons, plus downloaded each episode from the current season as it was aired. I own the first 5 seasons on DVD, but I don't want to wait 5 to 10 years for
Re:Fair Use? (Score:2)
Re:Fair Use? (Score:2, Interesting)
Re:simpsons (Score:2)
coffee house voyeur (Score:5, Interesting)
Re:coffee house voyeur (Score:2)
Re:coffee house voyeur (Score:1)
Re:coffee house voyeur (Score:2)
What's with the pathetic default settings? (Score:5, Insightful)
While the user has to take some blame for technical ignorance, the AP makers also have to take some blame here since they have the tech people to implement better security.
--
Want a free iPod? [freeipods.com]
Or try a free Nintendo DS, GC, PS2, Xbox. [freegamingsystems.com] (you only need 4 referrals)
Wired article as proof [wired.com]
Re:What's with the pathetic default settings? (Score:2)
Re:What's with the pathetic default settings? (Score:1)
Effective security defaults would likely be more complex, which would involve more problems for user setup, which would generate more support calls. A million things could go wrong with a scheme like redirecting web conn
Re:What's with the pathetic default settings? (Score:2)
Re:What's with the pathetic default settings? (Score:3, Informative)
Re:What's with the pathetic default settings? (Score:2)
I want my AP open (Score:2)
I consider leaving on open AP free for any laptop owner to use part of my "Christian duty". It costs me nothing, and it might help my neighbor. (not the guy who lives next door, he should have his own access, the Samaritan visiting from far away who stops is car for a moment to check email!)
I depending on you in turn not abusing this service. I set it up to help you out for little things. (I do of course keep my machine secure)
Registration free link (Score:5, Informative)
I'm Not a Network Administrator... (Score:5, Interesting)
Now, I realize that I'm the exception, but how hard can it be to type 192.168.1.1 in a web browser? Of course, people should check the air pressure in their tires once a week, and clean the air filter on the furnace once in a while...
Re:I'm Not a Network Administrator... (Score:3, Interesting)
So far so good.
His elder daughter was surfing away happily, but could not access the other PCs. It turned out that the strongest signal she was receiving was from an unencrypted network in a neighbouring house/flat.
That
Re:I'm Not a Network Administrator... (Score:2)
Some of us believe in the right to be anonymous. I have a publicly accessible unencrypted WiFi network. Outbound port 25 is blocked, but everything else is open and unlogged.
The convenience of law enforcement officials does not override citizens' rights.
Re:I'm Not a Network Administrator... (Score:2)
I think your blocking of the smtp port only stops guests sending mails under you account (assuming you are logged in). It does not stop anyone:
- downloading kiddie porn using an IP Address traceable back to you
- file sharing using an IP Address . .
The first case is probably the most dangerous one, investigators are both entitled and w
Re:I'm Not a Network Administrator... (Score:3, Insightful)
Everything else -- I am not going to be cowed by alarmist propag
Re:I'm Not a Network Administrator... (Score:2)
As to the other thing, I am not in the US so the legal situation is not the same here. I do have backups, but would still be royally screwed if everything was removed.
I run my small business on these computers and would have serious problems if I had to replace everything.
Re:I'm Not a Network Administrator... (Score:3, Informative)
Re:I'm Not a Network Administrator... (Score:2)
How likely is that? The media and the government hype up each crime and whip us up into a state of frenzy. Crime has become glamorous. They each have their own motives for doing so, of course, but keep in mind there are 300,000,000 people in the US, and 6.5 billion people in the world. I'm not going to buy into this culture of hysteria. I could get hit by a meteorite tomorrow, but t
Re:I'm Not a Network Administrator... (Score:2)
http://www.agol.dk/elgaard/torap/
Re:I'm Not a Network Administrator... (Score:2)
Well, you f'ed that opportunity up real good
Re:I'm Not a Network Administrator... (Score:2)
Re:I'm Not a Network Administrator... (Score:2)
Chances are, cute chick doesn't know you're alive. Remedy that by getting presentable (just washed clothes, not a nerdy-suit!) and having a conversation with her. Explain that, while you're cool with her Wifi use, you *need* the MAC. Security reasons. Lock her ass out if she refuses, apologetically. While you're there to get the MAC, offer to tweak firefox, antivir, adaware, etc. Repeat every month, just to make sure she isn't a security risk.
Oh, and don't get your hopes up. But if nothi
Re:I'm Not a Network Administrator... (Score:4, Interesting)
We should have gotten this out by now (Score:4, Interesting)
Some people like to share we should encorage that... The best possible solution is for the router to limit bandwidth to outside connections (length of use = more bandwidth? First 2 users connected get most bandwidth?)
Even windows doesn't have sharing on by default... Allowing users to sit behind your firewall isn't a huge deal, there are tonnes of users sharing their windows dir on Kazaa or whatever if someone wanted to be malicious they should.
There is some importance in making life better for other people, if you don't when you go on a camping trip people around you will be weighing how hungry bears are against the $ in your wallet.
Re:We should have gotten this out by now (Score:2)
The administrator must have a password set, but... ever try connecting to \\hostname\c$
That there is the administrative share for drive C. supply an administrative account and password, any you have complete access to the drive. substitute drive letters as needed. IP addresses work instead of hostnames as well.
If you are on Unix... you need smbfs/cifs kernel support.
mount -t cifs -o username=USERNAME
will get you in, after you give the p
oops, forgot (Score:2)
Re:oops, forgot (Score:2, Informative)
Link here [windowsnetworking.com], among other places.
Re:oops, forgot (Score:2)
and the problem is? (Score:3, Insightful)
Tell me.. When did it become my fault that someone can download tens of thousands of customer credit cards? Perhaps if these credit cards had been ditched long before the Internet we wouldn't be having that problem. Kerberos, challenge-response, PKI, and two-factor authentication devices have all been available for quite some time.
Someone tell the Secret Service to stop monitoring IRC connections and go after lazy banks instead, or something
Re:and the problem is? (Score:3, Informative)
Banks already have tons of lawyers and financial resources to fight back lawsuits. They also have lobbyists on capitol hill. It is easier to go after and blame individuals. (Just ask Martha Stewart; she took all the press's attention away from Enron and MCI)
The Solution (Score:3, Funny)
After these latter measures are in place, we can all be perfectly secure in knowing that no porn, violence, homosexual acts, books about evolution, untampered news, or any worthwhile content is being viewed by anyone in the U.S.
P.S. Or we could just make encryption and wifi security easy to implement and show people how to use it.
P.P.S. Nah... the former solution seems a lot more comprehensive in terms of public oppression... I mean security.
An unfortunate case. (Score:1, Informative)
Re:An unfortunate case. (Score:2)
1) SSID broadcast is disabled (Yes, I know that doesn't really do all that much)
2) WEP (again, pretty sucky)
3) DHCP filter - it will only assign one IP address, period. When I'm not on that connection, the AP is turned off.
Re:An unfortunate case. (Score:2)
What I see at home (Score:1)
When I run
I will sometimes see an unsecured network with the ESSID of NETGEAR, just as though someone took their unit out of the box. (I just did a check and NETGEAR was still there!)
My f
Is there any good reason why the defaults are crap (Score:1)
Make WiFi secure by default (Score:4, Insightful)
This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.
As an example on a new HPaq server the iLO remore management interface has complex random password, printed on a label on the device.
Imagine if Linksys, etc. did the same thing with WAPs, where no 2 WAPs with the same WEP key or password.
Sure some users would just disable the protection but I'm betting if you made it halfway convienient that most won't. Make it more work to be insecure and the security will win most of the time. You might even be able to reduce this further by having the admin interface give you lots of warnings and make you jump through hopps to disable the security funcions.
Of course secrity could be improved upon even further if the default security was better than WEP but I think that's too high a barrier for the average user to tolerate. WEP may suck but it's considerably better than wide open.
The incentive is to NOT secure it out of the box (Score:4, Insightful)
The incentive for the manufacturers is for wireless access points to NOT be secure out-of-the-box.
If it's not secure, it's plug-and-play. Plug it in, it's up. If it's more secure, it makes instalation (to the point of getting traffic through it) more difficult.
Insecurity doesn't affect the user until they get burned - mainly by lower performance as their bandwidth gets leached (assuming their important applications, like banking, already use end-to-end encryption). Leaching might not even be noticed. If it is, they can diagnose it and tighten things up.
Security impacts ease-of-use, and thus sales.
you should see my apartment (Score:2)
That "SMC" network covers the entire building due to multiple people using SMC routers with the default.
The defaults are the problem (Score:5, Interesting)
Perhaps the easiest way to solve this problem is to disable the wireless part of the router until you run the setup program (or even better, make it launch the browser so it will work on any OS) and make you go through the steps of enabling encryption and everything.
I have WPA enabled on my wireless router (a Linksys WRT54G with the latest firmware) and MAC filtering. I broadcast my SSID ("Break this"), but that is more for ease of use then anything.
I then enabled SSL for the admin pages, so I must type https://192.168.1.1/ (the actual IP is different) to reach the router's admin page. I figure between SSL and WPA, it will be pretty hard for someone to break into my router's admin page.
The key is, with WPA and MAC filtering that will keep out all but the most determined out. If they ever got past that and onto my wireless network, I have logs so I could manually block them.
Wi-Fi itself is the problem! (Score:2)
If you left something valuable out in your front yard, you'd be less surpised to find it missing than if you locked it up in your house. Wireless LANs, in their current incarnation, are little better than leaving your private data out in your front yard for anybody to snag. Entering theives leave no signs of forced entry and our current system of laws can't do much to help unless the
Re:The defaults are the problem (Score:2)
Re:The defaults are the problem (Score:2)
I have a similar setup, WPA-PSK broadcasting SSID "Adamantium".
Re:The defaults are the problem (Score:2)
Cool! Now, has Linksys quit using GET for their form actions? On the password-change page, you type in your password, click 'submit', and see it in plain text in the URL of resulting page, like this:
http://192.168.1.1/Gozilla.cgi?sysPasswd=0 w n3d&sys PasswdConfirm=0wn3d...
Great for when you're helping your boss set up his home LAN: "OK, now type in a new password,
piggybacker != thief (Score:5, Insightful)
i'll play devil's advocate, for a minute:
the airwaves are supposed to be public.
therefore, if there's a "thief," the thief would be the group that cordones the public airwaves off and claims them as their own private property.
Re:piggybacker != thief (Score:2)
I do not want to to be the focal point of a police investigation based on someone else's illegal activity.
I'd have no problem leaving my AP wide open for others to use, *if* people could be trusted. Sadly, there is always that small minority who would abuse it. Screwing things up for everyone.
Someone near me has h
The ISP's already won that battle for you. (Score:1)
Therefore, Lucky for you, their lawyers would incidentally defended you, by analogy, as they defend the ISP. And (to the best of my knowledge) the ISP's have been pretty good at defending themselves, in terms of what they route.
Re:The ISP's already won that battle for you. (Score:3, Insightful)
happened to me (Score:4, Interesting)
Re:happened to me (Score:1)
Re:happened to me (Score:2)
He probably works at Los Alamos National Laboratories [sfgate.com]. Or the Navy [computerworld.com].
Article Link [No Need to Register] (Score:3, Informative)
this article NEVER questions their motives (Score:2, Informative)
Re:this article NEVER questions their motives (Score:3, Insightful)
E.g., media process news for entertainment value (this is an observed fact). Occasionally making people angry is a kind of entertainment, and newspapers and other media engage in it. More frequently, like a roller-coaster, they sell fear. "Look, we're warning you about this danger! Watch me! Read me!" This reliably improves sales. (This is at the root of the frequent comment that the media rarely print good news.)
And there doesn't nee
Re:this article NEVER questions their motives (Score:2)
Re:this article NEVER questions their motives (Score:2)
Re:this article NEVER questions their motives (Score:4, Interesting)
you wrote:
Prove it. You always make these unfounded claims with nothing to back it up.
I cannot PROVE it. I do not have a complete audio-video record of every waking moment of everyone who is in control of the NY Times. But I don't HAVE to prove it. All I have to do is show that there is a LIKELIHOOD that the this article and others are biased in favor of established industry players. Really, it should be obvious to anyone who is unbiased.
You can't even show that there is a pattern of industry favortism in the NY Times' articles, but even if I showed you numerous articles that praised wireless access, you'd try to claim (again, with no proof) its just another conspiracy to make people think that they aren't in cahoots.
Oh, so, in order to point out that this article unquestioningly cites opinions that demonize wifi, I have to FIRST be able to go back through the archives and show a pattern? Look, the evidence is right in front of us. We ALL know that established corporate lobbies want to shut competition. We ALL know that they manipulate the media to do so. With that in mind, why, oh, WHY does this article NOT take that into account? Why doesn't the reporter acknowledge the huge industtry that stands to profit from demonizing wifi as this article does? Isn't that what fair journalism is all about?
In short, there is nothing NY Times can do to be good in your eyes unless they say exactly what fits your own socialist agenda.
I am not a socialist. Period. I am a Leftist. But Rush Limbaugh and the Wall St Journal did not provide you with the information to make that distinction, did they? How unfortunate for you...
Anything that deviates from this must be some sort of Republican conspiracy to consolidate corporations and oppress the people.
The Democrats are only marginally better then the Republicans.
Re:this article NEVER questions their motives (Score:3, Insightful)
Of course, this is all just a strawman. I have already pointed out that this article is propaganda. If
Argument for wardriving being legal. (Score:1, Insightful)
If I am in a public park, and there is a bathroom there, or a water fountain, I can drink from the fountain and use the bathroom, even if they don't say "public bathroom" or "public fountain" on them. I can assume that because they are not locked, I am allowed to enter and use them.
Regarding the argument that it is trespassing:
I can walk all over your property unless you post NO TREPASSING signs, or tell me that I am not allowed on your property. Tres
Re:Argument for wardriving being legal. (Score:2)
WiFi == Identity-Theft/Child Porn/Terrorism (Score:5, Interesting)
And what a coincidence that just as this article is being published, that all over America, state governments are trying to decide whether to outlaw municipal wifi. Of course, this drive to outlaw municipal wifi is in NO WAY connected to this article that tends to associate wifi with THEFT, CHILD PORN, and TERRORISM. And in no way would the telco and cable TV lobbies that stand to lose BILLIONS (if municipal wifi takes off) try to get the NY Times to help make wifi look bad.
No way the media would do that! They have integrity. They would never sell out to the telco-cableTV lobby like that.
Would they?
FUD alert! can the author even spell "Free WiFi"? (Score:3, Interesting)
Instead of cultivating even more paranoia in our country what we really need is more trust, pioneers, and heroes who help build free WiFi networks.
I am running an open access point for everyone to use and I am happy to find the same whenever I am on the road.
Lets all be reasonable and not spread FUD but support the urgently needed free WiFi access.
Re:FUD alert! can the author even spell "Free WiFi (Score:2, Insightful)
It seems wholly possible, even likely, that open WiFis pose opportunities for people to commit crimes while making it harder for law enforc
Ignorance (Score:2, Insightful)
article error (Score:3, Informative)
Nothing was stolen from ChoicePoint. They sold data to person or persons they should not have. There was no 'break in' as has been reported elsewhere. The only 'hacking' involved was social.
Users are clueless about Wi-Fi (Score:3, Insightful)
Open AP (Score:2, Insightful)
New path? (Score:3, Insightful)
What's with open, public roads that anyone is allowed to use? My friends were tied up and robbed the other day, and the thieves used public roads to do it!
We really need to crack down on usage of public roads.
Seriously, as if getting on the internet anonymously was EVER hard.. sure, wifi makes it a bit easier, but it's far, far from a new thing.
Re:Everyone should keep their WiFi gateway open. (Score:3, Informative)
There's no tax, there aren't even rules like in CB. I could set up a radio station on the wifi bands and broadcast 24/7. I wouldn't, as no one has a radio that can tune it in, but I could.
It's law enforcement that's complaining here, and the FCC does not investigate crimes.
Re:Simple way to make yourself safer (Score:2)
In fact I have on machine in my house that perfers to connect to my neighbors access point instead of any of mine. I had to lock its AP association to one of mine so it would stop doing that. Most of my neighbors haven't even changed the default access I could take over their access points if I felt like it.