Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Wireless Networking Government The Courts Hardware Your Rights Online News

Growth of Wi-Fi Opens New Path for Thieves 171

E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."
This discussion has been archived. No new comments can be posted.

Growth of Wi-Fi Opens New Path for Thieves

Comments Filter:
  • License to steal? (Score:5, Interesting)

    by bigtallmofo ( 695287 ) on Saturday March 19, 2005 @01:39PM (#11985265)
    When criminals operate online through a Wi-Fi network, law enforcement agents can track their activity to the numeric Internet Protocol address corresponding to that connection. But from there the trail may go cold, in the case of a public network, or lead to an innocent owner of a wireless home network.

    After reading the article, it gives me the impression that you have a license to do just about any illegal internet activity so long as your WiFi router uses the default SSID, broadcasts its SSID and keeps the default passwords. If anything is traced back to you, you just blame the WiFi-Boogeyman for any illegal activities originating from your IP address.
    • by Anonymous Coward on Saturday March 19, 2005 @01:43PM (#11985296)
      Maybe so, maybe not. If the traffic is originating from your IP and the authorities track you down, don't you think they'll check your computer before you can blame it on the WiFi-Boogeyman. I think the WiFi-Boogeyman is more a defence you can use in court if the police didn't find anything on your computer.
      • by nuggz ( 69912 ) on Saturday March 19, 2005 @01:47PM (#11985322) Homepage
        Not only that, they'll take all your computer stuff for a few years as evidence for their investigation.
        Just being accused of a crime is enough of a problem to worry about.
        • Not only that, they'll take all your computer stuff for a few years as evidence for their investigation.
          Just being accused of a crime is enough of a problem to worry about.


          But they only do that to people who are not me. This is a non-issue until I see it on the local news.
      • Re:License to steal? (Score:2, Interesting)

        by Bootard ( 820506 )
        Defenitly the cops will check out your computer to see if there is evidence in the logs; maybe they can check the physical address of the card too. But if you had a laptop out on the table and your illegal laptop hidden under the bed, you could probably get by with the WiFi-Boogeyman defense. ("This is my only computer; I don't know anything; I'm just a simple, simple man")
        • Re:License to steal? (Score:2, Interesting)

          by DavidTC ( 10147 )
          In fact, to be on the safe side, you should actually use the wifi to do illegal things, in case they actually come by while something illegal is going on. (Or if they want to catch someone in the act.)

          Get a USB wifi adapter, or something that can easily be unplugged, stick it in your desktop computer, and spoof the MAC address. Have the router laying there, with the cable from your computer not plugged in. If the police come knocking at your door, yank the wifi out, slide it under a pile of junk, plug the

        • I don't know anything; I'm just a simple, simple man

          That story only works if you're really not a computer expert who knows nothing about computers. It'll probably take all of five minutes to check out that story (employment history, ask family if you know about computers, etc.).
    • Everybody is forgetting each and every ethernet adapter has a unique serial number/address, called the MAC address. It would be very easy to prove/disprove you were the one or not by that address.

      Also more sophisticated tracking of the type of operating system, version, etc. can be determined by passive profiling of your network activity. This is called fingerprinting.

      The combination of "Oh we've got a Win2K box with this MAC address doing the deed". Pretty hard to disprove or refute.
      • Re:Simple! (Score:4, Informative)

        by mattyrobinson69 ( 751521 ) on Saturday March 19, 2005 @02:00PM (#11985387)
        MAC addresses are not unspoofable.

        Hooray for double negatives!
      • Everybody is forgetting each and every ethernet adapter has a unique serial number/address, called the MAC address. It would be very easy to prove/disprove you were the one or not by that address.

        Many of the current cards let you set the MAC in software. Filtering keeps out the casual people, but those sniffing the network can probably spoof the MAC as well.
      • Re:Simple! (Score:5, Informative)

        by pegr ( 46683 ) * on Saturday March 19, 2005 @02:02PM (#11985399) Homepage Journal
        Everybody is forgetting each and every ethernet adapter has a unique serial number/address, called the MAC address. It would be very easy to prove/disprove you were the one or not by that address.

        Google "etherchange" and see what you get... Here [ntsecurity.nu] is the first hit... MAC addresses don't prove diddley...
      • Re:Simple! (Score:3, Informative)

        by bigtallmofo ( 695287 )
        Mister Transistor, yours is a common misconception. Your workstation's address is never transmitted outside your local network.

        To the world outside your local network, every MAC address coming from your local network appears to be the same one - the one of your router. Any such WiFi Boogeyman would appear to have the same exact MAC address as you.

        As for the "more sophisticated tracking"... There are some things that can be done but to be honest they're not very sophisticated. Suffice it to say that
      • by Anonymous Coward
        Er, no.

        First of all, MAC addresses don't get passed over the Internet. They're a feature of Ethernet, not IP. So by the time you've passed outside your subnet, your MAC address is nowhere to be found.

        So this would only work if the ISP could somehow log your MAC address before it's routed anywhere. The problem with that, is that most people that have home wireless networks, usually use NAT too. So the only thing your ISP will see is the MAC address of the Internet-facing interface of your NAT box.

        So in or
      • Re:Simple! (Score:3, Informative)

        by SCHecklerX ( 229973 )
        um. Even the WINDOZE driver for my orinoco card lets me change the ethernet address using the GUI, fer chrissakes! In linux, it's this simple, buddy:
        ifconfig [interface name] hw ether [new MAC address]
        But...how does one find the address to spoof? Fire up kismet. Valid Ethernet addresses galore, my friend. Mac filtering is USELESS.
    • by Cryofan ( 194126 ) <cryofan.yahoo@com> on Saturday March 19, 2005 @02:56PM (#11985685) Homepage Journal
      Notice that this article goes out of its way to associate the following practices with wifi:
      --theft
      --child porn
      --terrorism

      And the article here never even questions whether associating these practices with wifi could be a subterfuge by the telcos and cable companies to demonizes wifi so as to be able to outlaw municipal wifi through legislation, which is what they are afraid of, as that will cause them to cut their broadband prices.

      This whole article is a propaganda piece, bought and paid for by the vested interests, such as telcos and cable companies.

      What a sham is the NY Times. Just another cog in the CorpGovMedia propaganda machine...

      • Notice that this NY Times article quotes "anonymous" government sources in their attempt to associate wifi with terrorism. This is the typical attempt to use terrorism to demonize a competitor. THe telcos and cable companies lobbies almost certainly paid off someone at the NY Times to get them to write this article. Now they will use this article when thieir lobbyists meet with state governments trying to get them to pass laws that make municipal wifi illegal. This is just the first step in manufacturing co
      • by Anonymous Coward
        This is the best reason to outlaw municipal wifi and private un-encrypted routers.Do you want our children turned into porn victims,killed by terrorists and have their identities stolen?
        All internet activity should require user identification with a license issued by the government or a cooperative licensed ISP.
        This would also go a long way to stamping out IP theft."Amnonymous" internet use should be a Federal felony and carry a stiff term equivlent to the penalties for kiddy porn,IP theft,and subversio
        • This would also go a long way to stamping out IP theft."Amnonymous" internet use should be a Federal felony and carry a stiff term equivlent to the penalties for kiddy porn,IP theft,and subversion which are the only reasons someone would want to be anonymous anyway.

          ... Quoth the Anonymous Coward about an NYT article based on information from an "anonymous government source".

          Seems to me that if everyone just changed their names to "Anonymous", we could all just use our real names without fear.

  • simpsons (Score:4, Funny)

    by kerv ( 734279 ) on Saturday March 19, 2005 @01:41PM (#11985283) Homepage
    Hm... maybe I should have downloaded that 35GB Simpsons torrent on a neighbors wireless internet. Ooops.
    • Hm... maybe I should have downloaded that 35GB Simpsons torrent on a neighbors wireless internet.

      Well than, since 90% of Slashdot users do not pirate intellectual property, I can only assume that you already own a legally purchased copy of the Simpson's episode in question, and thus this would be "fair use". Right?

      • Well, he can't legally own all 15 completed seasons of the Simpsons yet, as the studio has only released the first FIVE seasons on DVD. I'm assuming this is so they can charge the networks a premium for reruns, any shows from 1994 and newer are unavailable to consumers legally except as reruns on TV.

        I also downloaded the 35GB 15 season torrent of the Simpsons, plus downloaded each episode from the current season as it was aired. I own the first 5 seasons on DVD, but I don't want to wait 5 to 10 years for
        • It shouldn't be too difficult for the RIAA (or who ever does this these days, I don't know, I don't download) to hunt you down (though if history means much, they may confuse your grandma for you).
      • In some nations, owning the original is not necessary to being allowed a backup. Destruction of said original being a reason to MAKE backups.
    • Even better, switch connections in mid-download, make it look like your entire neighborhood downloaded one file.
  • coffee house voyeur (Score:5, Interesting)

    by spoonyfork ( 23307 ) <spoonyfork@NosPAM.gmail.com> on Saturday March 19, 2005 @01:43PM (#11985293) Journal
    Schlep your lappy to a Starbucks, tap into the wifi, and fire up Driftnet [ex-parrot.com] (linux) or EtherPEG [etherpeg.org] (mac). Watch what flies by... hours of entertainment.
    • Hm, the local Starbucks just got wi-fi not long ago. I think it's time to pay them a visit. The latest 2600 has a nice article on hijacking people's paid wi-fi connections in such places.
    • Is there any windows version of these softwares? I've been looking, but I have been stuck using Knoppix STD any time I want to watch the network fly by... And Knoppix STD doesn't support my laptop's wireless card yet...
      • I don't know of any official one, but I've been working on a .NET version of Driftnet- Yes, spare the jokes about MS and .NET :) -that works with the WinPcap library. It lacks quite a bit right now but it can sniff and detect JPEGs, and save them on your hard disk in a folder. It has a way of missing packets here and there right now, which makes it better with capturing small images. Larger images tend to be missing a packet or two when assembled which corrupts the image to various degrees depending on wher
  • by PxM ( 855264 ) on Saturday March 19, 2005 @01:45PM (#11985312)
    While I understand that Joe Six Pack wants plug and play functionality without configuring, it is really that hard to add in another layer? When the AP is running on factory settings, it can just cause all Web requests to route to the configuration page along with an easy to explain set up about passwords. AP passwords aren't hard as normal passwords since many APs are in a secure building so writing the password on the AP and locking it in the closet would work half decently.

    While the user has to take some blame for technical ignorance, the AP makers also have to take some blame here since they have the tech people to implement better security.

    --
    Want a free iPod? [freeipods.com]
    Or try a free Nintendo DS, GC, PS2, Xbox. [freegamingsystems.com] (you only need 4 referrals)
    Wired article as proof [wired.com]
    • I like the way sshd are setup - you have to manually enable it. It'l make the bastards read the manual at least, and find the config screen.
    • If the installation is insecure, it's no skin off the AP manufacturer's back. The user is usually clueless about any breakins, and things "just work". If the user does figure out that he's been harmed, the vendor can easily deflect any blame: "You should have RTFM before you turned it on."

      Effective security defaults would likely be more complex, which would involve more problems for user setup, which would generate more support calls. A million things could go wrong with a scheme like redirecting web conn

    • The thing is, in many of these situations the network owner wants anyone and everyone to be able to use their internet connection without any hassle. These sorts of unsecured networks are practically mandatory for coffee shops and the like that cater to young people, especially college students. They want customers to be able to bring their laptops along so that they can read email, work on homework, etc. while they drink their $4.75 coffee and eat their $3.50 muffin.
    • Actually, there is no good reason why the manufacturers cannot ship the devices with preprogrammed random passwords. Every device they ship can easily be unique. Any self respecting EPROM programmer can do that and then print it on a label stuck to the bottom of the device. Back in the day when we manufactured access points, we did that.
    • That's certainly what will happen for new AP products. But it's not suprising that they've dropped the ball on existing products. That's always the way it is with security issues. Initially, getting the product out the door, and outdoing your competitors takes priority. Its only after you start taking flak for security holes that you worry about them. You should do so from day one, but it takes more time and imagination than people care to spare.
    • I consider leaving on open AP free for any laptop owner to use part of my "Christian duty". It costs me nothing, and it might help my neighbor. (not the guy who lives next door, he should have his own access, the Samaritan visiting from far away who stops is car for a moment to check email!)

      I depending on you in turn not abusing this service. I set it up to help you out for little things. (I do of course keep my machine secure)

  • by grumling ( 94709 ) on Saturday March 19, 2005 @01:53PM (#11985345) Homepage
    But I do play with home networks. Shortly after I set up my access point (with 128bit encryption) I found someone gained access. How? By looking at the darn DHCP client table. I saw a MAC I didn't recognize, and blocked it out. No problem. It would have been just as easy to only allow known MAC addresses, but the cute chick downstairs needed to get online and I didn't know her MAC. I guess I could reconfigure, but why bother? I haven't had any other attachements since then.

    Now, I realize that I'm the exception, but how hard can it be to type 192.168.1.1 in a web browser? Of course, people should check the air pressure in their tires once a week, and clean the air filter on the furnace once in a while...

    • I helped a friend of mine set up his WiFi network a month ago. The setup was to allow a Windows network for his family, and route all external traffic via one point where he could block certain IP Addresses (his daughters are 11 and 8 and he does not want to give them unlimited access).

      So far so good.

      His elder daughter was surfing away happily, but could not access the other PCs. It turned out that the strongest signal she was receiving was from an unencrypted network in a neighbouring house/flat.

      That
      • Culprit? Why?

        Some of us believe in the right to be anonymous. I have a publicly accessible unencrypted WiFi network. Outbound port 25 is blocked, but everything else is open and unlogged.

        The convenience of law enforcement officials does not override citizens' rights.

        • The girl is not completely computer-illiterate and I was suggesting to her that she should do some network browsing the next time she saw that network (it is not up 24x7).

          I think your blocking of the smtp port only stops guests sending mails under you account (assuming you are logged in). It does not stop anyone:
          - downloading kiddie porn using an IP Address traceable back to you
          - file sharing using an IP Address . . .

          The first case is probably the most dangerous one, investigators are both entitled and w
          • Eh? "Blocking of the smtp port only stops guests sending mails under you account"? It doesn't sound like you understand SMTP. I block outbound SMTP because I don't want a neighbour to use me for spamming -- I hate spam because it hurts us all and has no redeeming qualities. (An end-user on a wireless laptop has no business with plain SMTP anyway -- an MUA should use IMAP+SSL to receive and SMTP/TLS to send. Or they can just stick to webmail.)

            Everything else -- I am not going to be cowed by alarmist propag

            • Ah, you got me there on SMTP ports.

              As to the other thing, I am not in the US so the legal situation is not the same here. I do have backups, but would still be royally screwed if everything was removed.

              I run my small business on these computers and would have serious problems if I had to replace everything.
            • It's certainly not alarmist propaganda. The first thing that will happen when law enforcement tracks kiddy porn to you is you'll have your name in the paper for trading kiddy porn. They then take your equipment and any tiny bit of erotic material or encrypted data will be treated as "evidence". They will then tear your home, business and work place apart looking for the disks you were downloading the kiddy porn to. After you beat the rap at trial, people will still look at you like a monster because they "k
              • You paint a colourful picture. (Have you thought about going into screenwriting, for "Law & Order: Special Victims Unit"?)

                How likely is that? The media and the government hype up each crime and whip us up into a state of frenzy. Crime has become glamorous. They each have their own motives for doing so, of course, but keep in mind there are 300,000,000 people in the US, and 6.5 billion people in the world. I'm not going to buy into this culture of hysteria. I could get hit by a meteorite tomorrow, but t

        • Right, and if you are worried that a publicly accessible unencrypted WiFi will get you in trouble, there is a solutions for that, TOR:

          http://www.agol.dk/elgaard/torap/

    • "I saw a MAC I didn't recognize, and blocked it out. No problem. It would have been just as easy to only allow known MAC addresses, but the cute chick downstairs needed to get online and I didn't know her MAC. ... I haven't had any other attachements since then."

      Well, you f'ed that opportunity up real good ;)
      • That was AFTER I blocked that unknown MAC. I should really preview before posting...

      • No kidding.

        Chances are, cute chick doesn't know you're alive. Remedy that by getting presentable (just washed clothes, not a nerdy-suit!) and having a conversation with her. Explain that, while you're cool with her Wifi use, you *need* the MAC. Security reasons. Lock her ass out if she refuses, apologetically. While you're there to get the MAC, offer to tweak firefox, antivir, adaware, etc. Repeat every month, just to make sure she isn't a security risk.

        Oh, and don't get your hopes up. But if nothi
    • by Ledora ( 611009 ) on Saturday March 19, 2005 @04:38PM (#11986356)
      You should ue the security I use on my AP to prevent people from getting on it. I changed the broadcast power to 2mw... just barely enough to get a good signal where I need it. also 128bit WEP and mac filtering AND I disabled the web admit page (must telnet to run it.) This is all on a WRT54G (linksys) if anyone cares to have a setup like it
  • This is the same RIAA arguement from before in a diffrent context.

    Some people like to share we should encorage that... The best possible solution is for the router to limit bandwidth to outside connections (length of use = more bandwidth? First 2 users connected get most bandwidth?)

    Even windows doesn't have sharing on by default... Allowing users to sit behind your firewall isn't a huge deal, there are tonnes of users sharing their windows dir on Kazaa or whatever if someone wanted to be malicious they should.

    There is some importance in making life better for other people, if you don't when you go on a camping trip people around you will be weighing how hungry bears are against the $ in your wallet.
    • no windows DOES have sharing by default.

      The administrator must have a password set, but... ever try connecting to \\hostname\c$

      That there is the administrative share for drive C. supply an administrative account and password, any you have complete access to the drive. substitute drive letters as needed. IP addresses work instead of hostnames as well.

      If you are on Unix... you need smbfs/cifs kernel support.

      mount -t cifs -o username=USERNAME //hostname/c$ /mountpoint

      will get you in, after you give the p
      • forgot to mention that in Win2k and XP (not sure anything older does it) these shares are enabled at boot. You can disable them, but they reenable on boot (infact windows tells you this when you disable them).
  • by neonman ( 544 ) on Saturday March 19, 2005 @01:57PM (#11985369)
    The banks are not using secure authentication systems and WiFi users are getting blamed?

    Tell me.. When did it become my fault that someone can download tens of thousands of customer credit cards? Perhaps if these credit cards had been ditched long before the Internet we wouldn't be having that problem. Kerberos, challenge-response, PKI, and two-factor authentication devices have all been available for quite some time.

    Someone tell the Secret Service to stop monitoring IRC connections and go after lazy banks instead, or something :]
    • Someone tell the Secret Service to stop monitoring IRC connections and go after lazy banks instead, or something...

      Banks already have tons of lawyers and financial resources to fight back lawsuits. They also have lobbyists on capitol hill. It is easier to go after and blame individuals. (Just ask Martha Stewart; she took all the press's attention away from Enron and MCI)

  • by TheMeuge ( 645043 ) on Saturday March 19, 2005 @01:58PM (#11985377)
    What's needed is a layer of hardware-based identification on all internet-capable computers, which would be tied to the user's fingerprint and all of the user's actions would be logged by a central database. That way, any actions are have not been approved by the government or any corporation, would be immediately logged and the subject could be immediately arrested and shipped off to Syria/Lebanon/Turkey for tort***... i mean interrogation.

    After these latter measures are in place, we can all be perfectly secure in knowing that no porn, violence, homosexual acts, books about evolution, untampered news, or any worthwhile content is being viewed by anyone in the U.S.

    P.S. Or we could just make encryption and wifi security easy to implement and show people how to use it.

    P.P.S. Nah... the former solution seems a lot more comprehensive in terms of public oppression... I mean security.
  • An unfortunate case. (Score:1, Informative)

    by tscrum ( 829068 )
    From my experience, there is simply no way around having interlopers on your network unless you tunnel an ipsec'ed connection over the air. Granted many ap's use default settings, but even those that do not can usually be sniffed for legitimate mac addresses and subverted. To see if your ap is susceptible, you can test it against this month's article in 2600. [2600.com]
    • I have found a simple way to keep unwanted visitors off my AP:

      1) SSID broadcast is disabled (Yes, I know that doesn't really do all that much)
      2) WEP (again, pretty sucky)
      3) DHCP filter - it will only assign one IP address, period. When I'm not on that connection, the AP is turned off.
  • I have made an effort to secure my wireless network on the Westell VersaLink DSL box Verizon sent me. I do that by changing the ESSID and not broadcasting it, using WEP encryption, changing the broadcast channel and using MAC filtering to allow only my PCCard adapter and my fiancé's card for her laptop.

    When I run

    iwscan list

    I will sometimes see an unsecured network with the ESSID of NETGEAR, just as though someone took their unit out of the box. (I just did a check and NETGEAR was still there!)

    My f

  • I suspect there isn't any good reason at all, but is it just because these companies have a really low opinion of consumers or that they want to make wireless seem really easy or what? It seems like it wouldn't be too much harder to enable strong security at all. For example, it seems like the WiFi guys could include some utility so once you put in your password and have the network configured as securly as it will get, you could pop a disk in which would get all the config info saved to it. Take the d
  • by raitchison ( 734047 ) <robert@aitchison.org> on Saturday March 19, 2005 @02:11PM (#11985443) Homepage Journal

    This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.

    As an example on a new HPaq server the iLO remore management interface has complex random password, printed on a label on the device.

    Imagine if Linksys, etc. did the same thing with WAPs, where no 2 WAPs with the same WEP key or password.

    Sure some users would just disable the protection but I'm betting if you made it halfway convienient that most won't. Make it more work to be insecure and the security will win most of the time. You might even be able to reduce this further by having the admin interface give you lots of warnings and make you jump through hopps to disable the security funcions.

    Of course secrity could be improved upon even further if the default security was better than WEP but I think that's too high a barrier for the average user to tolerate. WEP may suck but it's considerably better than wide open.

    • by Ungrounded Lightning ( 62228 ) on Saturday March 19, 2005 @02:59PM (#11985708) Journal
      This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.

      The incentive for the manufacturers is for wireless access points to NOT be secure out-of-the-box.

      If it's not secure, it's plug-and-play. Plug it in, it's up. If it's more secure, it makes instalation (to the point of getting traffic through it) more difficult.

      Insecurity doesn't affect the user until they get burned - mainly by lower performance as their bandwidth gets leached (assuming their important applications, like banking, already use end-to-end encryption). Leaching might not even be noticed. If it is, they can diagnose it and tighten things up.

      Security impacts ease-of-use, and thus sales.
  • networks I can see [sytes.net]

    That "SMC" network covers the entire building due to multiple people using SMC routers with the default.
  • by chrisgeleven ( 514645 ) on Saturday March 19, 2005 @02:19PM (#11985490) Homepage
    Part of the problem is that the manufacturers don't disable anything by default...instead, you can literally plug a wireless router in and it'll instantly work assuming your internet connection uses DHCP to get its IP address.

    Perhaps the easiest way to solve this problem is to disable the wireless part of the router until you run the setup program (or even better, make it launch the browser so it will work on any OS) and make you go through the steps of enabling encryption and everything.

    I have WPA enabled on my wireless router (a Linksys WRT54G with the latest firmware) and MAC filtering. I broadcast my SSID ("Break this"), but that is more for ease of use then anything.

    I then enabled SSL for the admin pages, so I must type https://192.168.1.1/ (the actual IP is different) to reach the router's admin page. I figure between SSL and WPA, it will be pretty hard for someone to break into my router's admin page.

    The key is, with WPA and MAC filtering that will keep out all but the most determined out. If they ever got past that and onto my wireless network, I have logs so I could manually block them.
    • A Wireless LAN is essentially an open invitiation for entrance into your systems by people you'd never let in your house.

      If you left something valuable out in your front yard, you'd be less surpised to find it missing than if you locked it up in your house. Wireless LANs, in their current incarnation, are little better than leaving your private data out in your front yard for anybody to snag. Entering theives leave no signs of forced entry and our current system of laws can't do much to help unless the

    • What is needed is for routers to ship with a strong password by default. It can be printed on the unit itself, and could be changed if necessary.
    • I broadcast my SSID ("Break this")

      I have a similar setup, WPA-PSK broadcasting SSID "Adamantium".
    • "I then enabled SSL for the admin pages, so I must type https://192.168.1.1/ (the actual IP is different) to reach the router's admin page."

      Cool! Now, has Linksys quit using GET for their form actions? On the password-change page, you type in your password, click 'submit', and see it in plain text in the URL of resulting page, like this:
      http://192.168.1.1/Gozilla.cgi?sysPasswd=0 w n3d&sys PasswdConfirm=0wn3d...

      Great for when you're helping your boss set up his home LAN: "OK, now type in a new password,
  • by the_REAL_sam ( 670858 ) on Saturday March 19, 2005 @02:22PM (#11985505) Journal

    i'll play devil's advocate, for a minute:

    the airwaves are supposed to be public.

    therefore, if there's a "thief," the thief would be the group that cordones the public airwaves off and claims them as their own private property.

    • It's not the 'use' of the 'public airwaves' that is the problem (especially it it costs me $0 to open it up). Rather it's what is done with that use, and the information/data gleaned from using it.

      I do not want to to be the focal point of a police investigation based on someone else's illegal activity.

      I'd have no problem leaving my AP wide open for others to use, *if* people could be trusted. Sadly, there is always that small minority who would abuse it. Screwing things up for everyone.

      Someone near me has h

      • In the open wireless router case, all your router is doing is routing. Same as the ISP's router, above you. In fact, everything YOU route, THEY route first. So, in order for YOU to be liable for what the open router routes, the ISP would also have to be liable.

        Therefore, Lucky for you, their lawyers would incidentally defended you, by analogy, as they defend the ISP. And (to the best of my knowledge) the ISP's have been pretty good at defending themselves, in terms of what they route.

        • Right. They'll go to the ISP. The ISP will tell them exactly who had that IP address at that time. There the trail ends. At my router. Barring any other info, the police will investigate me. They'd be remiss in their job if they didn't. Eventually, I will be found innocent, because there is nothing within my internal network to find. Eventually. Only after I shell out $$ for a lawyer to prove my innocence, and have the investigators go through every sector on my various hard drives, possibly confiscating th
  • happened to me (Score:4, Interesting)

    by mslinux ( 570958 ) on Saturday March 19, 2005 @02:27PM (#11985536)
    We have a Python script on our laptops that send netstat, ipconfig, route info via email when they boot. When a laptop is stolen and the thief is dumb enough to use it online, we can subponea the ISP and walk to their door. But the last one that was stolen was in an apartment building that had 5 or 6 open WAPS. We knew that the laptop was in one of the apartments, but the cops could not get a search warrant for all the apartments within 150' radius of the open WAP that the stolen laptop was on... long story short, they got away with it.
    • Shouldn't you say, "IF a laptop is stolen..."? What business are you in that laptops go missing willy-nilly! I should think that before one installs scripts to say where the laptop went I might invest in some padlocks on the office building ;)
      • Shouldn't you say, "IF a laptop is stolen..."? What business are you in that laptops go missing willy-nilly! I should think that before one installs scripts to say where the laptop went I might invest in some padlocks on the office building ;)

        He probably works at Los Alamos National Laboratories [sfgate.com]. Or the Navy [computerworld.com]. ;)
  • Notice that the NY Times NEVER questions whether there could be an ulterior motive to associating wifi with theft, child porn, and terrorism. This TImes articles is a propaganda piece aimed to associating wifi with Bad Things. This propaganda piece is likely bought and paid for by the telcos and cable lobbies who are using propaganda like this to shut dowm possible competition.
    • It's quite plausible, but there do exist other plausible motives.

      E.g., media process news for entertainment value (this is an observed fact). Occasionally making people angry is a kind of entertainment, and newspapers and other media engage in it. More frequently, like a roller-coaster, they sell fear. "Look, we're warning you about this danger! Watch me! Read me!" This reliably improves sales. (This is at the root of the frequent comment that the media rarely print good news.)

      And there doesn't nee
    • Not that I'd ever RTFA for a NYT link ("free" registration and bugmenot notwithstanding), but I'm skeptical of anyone who compares anything to terrorism.
    • ...and after having read TFA thanks to this guy's [slashdot.org] link, I can safely say you didn't read it, either.
  • by Anonymous Coward
    Regarding the argument that it is theft of services:

    If I am in a public park, and there is a bathroom there, or a water fountain, I can drink from the fountain and use the bathroom, even if they don't say "public bathroom" or "public fountain" on them. I can assume that because they are not locked, I am allowed to enter and use them.

    Regarding the argument that it is trespassing:

    I can walk all over your property unless you post NO TREPASSING signs, or tell me that I am not allowed on your property. Tres
  • by Cryofan ( 194126 ) <cryofan.yahoo@com> on Saturday March 19, 2005 @03:42PM (#11985946) Homepage Journal
    Notice how this NY Times articles is careful to associate each of this poisonous trio of ID Theft-ChildPorn-Terrorism with...WiFi.

    And what a coincidence that just as this article is being published, that all over America, state governments are trying to decide whether to outlaw municipal wifi. Of course, this drive to outlaw municipal wifi is in NO WAY connected to this article that tends to associate wifi with THEFT, CHILD PORN, and TERRORISM. And in no way would the telco and cable TV lobbies that stand to lose BILLIONS (if municipal wifi takes off) try to get the NY Times to help make wifi look bad.

    No way the media would do that! They have integrity. They would never sell out to the telco-cableTV lobby like that.
    Would they?

  • by Anonymous Coward on Saturday March 19, 2005 @03:49PM (#11986011)
    It is disgusting to see someone writing FUD and bullshit like this while others are volunteering their time, efforts, and money to help build free community WiFi networks.

    Instead of cultivating even more paranoia in our country what we really need is more trust, pioneers, and heroes who help build free WiFi networks.

    I am running an open access point for everyone to use and I am happy to find the same whenever I am on the road.

    Lets all be reasonable and not spread FUD but support the urgently needed free WiFi access.
    • What's disgusting is seeing people misuse generously offered open WiFi to commit illegal acts. Maybe the journalist/editor/paper came into this story with a pro-corporate bias. Maybe they are exaggerating the misuse of wireless networks and the difficulty they pose to law enforcement. Maybe, however, you are refusing to believe these things because of your own bias.

      It seems wholly possible, even likely, that open WiFis pose opportunities for people to commit crimes while making it harder for law enforc

  • Ignorance (Score:2, Insightful)

    by gt_swagger ( 799065 )
    Most people, spoiled by plug and play, expect to plug it in and be just fine. From my wardriving experiences, still around 70% of APs are unsecure, and that's helped by buisnesses which have a very high secure rate (only about 5 to 10% I come across are open). About 90% of residential APs are open. It's really not that hard to secure an AP. WEP + Mac filtering ... bonus points for secure VPN. Even though it's very weak, even just having WEP is enough for your average person... why would a 1337 h4x0r bot
  • article error (Score:3, Informative)

    by wk633 ( 442820 ) on Saturday March 19, 2005 @04:12PM (#11986162)
    recent data thefts from ChoicePoint

    Nothing was stolen from ChoicePoint. They sold data to person or persons they should not have. There was no 'break in' as has been reported elsewhere. The only 'hacking' involved was social.
  • by computerology ( 869159 ) on Saturday March 19, 2005 @04:16PM (#11986195) Homepage
    As a consultant, I regularly deal with this issue. Customer says: "Why dont we go wireless? Wouldnt it be easier" I says: "Do you know that there are actually people who drive around looking for wireless connections to hack into and steal data?" Call me a bit paranoid, but I actually met a couple of hard-line coders/hackers who did this, trolling for useful data. While there are security features to lock down the WiFi by MAC address and you can further challenge access with passwords, for a business with valuable data (these are accountants, lawyers, financial professionals), going wireless when your computers are in a fixed position on your desk just seems to me like a whole lot of work so you dont have to run a cable. While I hate pulling cable, I'd hate to have them try to sue me for leaving their data unsecured!
  • Open AP (Score:2, Insightful)

    by Jett ( 135113 )
    I run an open access point, I password protected the config interface and check occasionally to see if anyone is using it - but really I don't care. I always have enough bandwidth when I need it, so why not share? If anyone uses it for something illegal I know I can't be held liable and I don't have any logs of what goes on with it, maybe someday I'll get hassled by the cops or the MPAA, but I'll deal with that if it ever comes.
  • New path? (Score:3, Insightful)

    by mindstrm ( 20013 ) on Saturday March 19, 2005 @08:06PM (#11987538)
    To take the other side...

    What's with open, public roads that anyone is allowed to use? My friends were tied up and robbed the other day, and the thieves used public roads to do it!

    We really need to crack down on usage of public roads.

    Seriously, as if getting on the internet anonymously was EVER hard.. sure, wifi makes it a bit easier, but it's far, far from a new thing.

A company is known by the men it keeps.

Working...