Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Hardware

Schneier Says 'Steal this Wi-Fi' 432

Posted by CmdrTaco from the can-i-steal-a-sandwich-too-i'm-hungry dept.
apolloose noted Bruce Schneier's latest entry on Wired where he talks about insecured wifi networks, and suggests that you Steal this WiFi. Basically, since insecure WiFi is everywhere, why not? You're helping make the world a little better for someone else.
This discussion has been archived. No new comments can be posted.

Schneier Says 'Steal this Wi-Fi' More

Schneier Says 'Steal this Wi-Fi'

Comments Filter:

  • Re:how do i crack a WEP password? (Score:1, Informative)

    by Anonymous Coward on Thursday January 10, 2008 @12:09PM (#21984890)
    http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks [lucidinteractive.ca]

  • Why steal when you can share? (Score:2, Informative)

    by Anonymous Coward on Thursday January 10, 2008 @12:11PM (#21984924)
    Why steal when you can *share*? i.e. get the owner's permission, a la www.sharemywifi.com

  • Re:Steal Wi-Fi? (Score:4, Informative)

    by Goaway ( 82658 ) on Thursday January 10, 2008 @12:22PM (#21985098) Homepage
    No, it's nothing like that, if you actually read what he's saying instead of rushing in to make yourself sound smart on the internet.
  • Actually, yes it is. DD-WRT (http://dd-wrt.com/ [dd-wrt.com]) has a feature that lets you put out a second (up to 4 IIRC) SSID with separate security and etc. It's only available in the RCs at the moment (and broken in RC6, but working in RC5).

  • Re:Beware of strangers bearing gifts (Score:3, Informative)

    by Daniel_Staal ( 609844 ) <DStaal@usa.net> on Thursday January 10, 2008 @12:43PM (#21985460)
    An SSL certificate is fairly cheap to purchase, just by one and operate a man-in-the-middle for all SSL connections. A few tech-savvy might notice, but most won't.

  • think it's OK .... better stay in the USA then (Score:3, Informative)

    by petes_PoV ( 912422 ) on Thursday January 10, 2008 @12:48PM (#21985560)
    Because in other countries you will get busted.

    See this example in the UK
    http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm [bbc.co.uk]

  • Re:Yeah, but... (Score:5, Informative)

    by computational super ( 740265 ) on Thursday January 10, 2008 @12:57PM (#21985708)

    What he said was, "If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence", and I often wonder if he's right. Like you, I'm pretty terrified of the accusation, so my network is locked down as tight as I can get it. I use WPA with a strong password, MAC address filtering, I renumbered the subnet from the default, I set a strong administrator password, and disabled DHCP... and if I can think of anything else I can do to lock it down, I'll probably do it, out of fear that somebody will do something nefarious with it.

    On the other hand, if I do get hacked (somehow), all that work will probably hang me. Couple that with the fact that I have an advanced degree in computer science (which to the average slashdot reader seems to mean I now *nothing* about computers, but would surely impress a jury of my "peers" that I'm impervious to being hacked), and if my network is used against me, I'm getting the death penalty.

  • Re:Encrypted private *and* unencrypted open wi-fi (Score:3, Informative)

    by cerberusss ( 660701 ) on Thursday January 10, 2008 @01:03PM (#21985810) Journal
    It's totally possible. One of those FON WiFi routers (google it) will publish two SSIDs. Each has different settings. They sell them at cost and they're meant to have the public SSID be shared with other FON users, but they also have a feature where you can generate passwords for friends/family.

  • Re:Beware of strangers bearing gifts (Score:5, Informative)

    by Braino420 ( 896819 ) on Thursday January 10, 2008 @01:17PM (#21986042)

    An SSL certificate is fairly cheap to purchase, just by one and operate a man-in-the-middle for all SSL connections. A few tech-savvy might notice, but most won't.
    You purchase an SSL cert from a CA for a single host, so you will have to go through the whole process for each site the user tries to connect to. Not only this, but CAs do, admittedly minimaly, verify that you are who you say you are (depending on how much money you give them). Not only this, but you will not be able to get a cert that says you're, for example, Bank of America. You can always self-sign a cert, but this will alert the user in all modern browsers. On top of all that, if the user does get fooled by your MITM attack, you only get the information that they give you: their username and password. Sure, you can now log in to the site, but I know that if you're signing into BoA for the first time from that location, they ask you one of the security questions (which you do not have). Even if they didn't (or you fooled the user into giving you that information too) and you got access to their account, what are you going to do? You can't just transfer that money to your account without someone finding out who you are, and the accounts only show the last 4 digits of each account number. You can't get that 3 digit number on the back of the card for most online purchases, not to mention that online purchases will also point back to you. I will admit this is all much easier than cracking the 128-bit SSL session.

    All of that means you aren't going to do shit; the payoff just isn't worth it and it's not as easy as some /. posters will have you believe.

  • Re:He's being an idiot. (Score:1, Informative)

    by Anonymous Coward on Thursday January 10, 2008 @01:18PM (#21986054)
    I have a UID here (very low, account since '98 or so), but I've chosen to post anonymously. Nobody told me I couldn't discuss what happened in public, but I'd rather not.

  • Re:Yeah, but... (Score:3, Informative)

    by aarroneous ( 973056 ) on Thursday January 10, 2008 @02:02PM (#21987022)
    You forgot to disable broadcasting of your SSID.

  • That actually seems to work! (Score:4, Informative)

    by Weaselmancer ( 533834 ) on Thursday January 10, 2008 @02:05PM (#21987086)

    Hey, how about that? Here's a link an article about it. [techdirt.com]

    "The IP address simply can help you know who paid for the internet access, but not who was using what computer on a network. In fact, this even had some people suggesting that, if you want to win a lawsuit from the RIAA, you're best off opening up your WiFi network to neighbors. It seems like this strategy might actually be working. Earlier this month the inability to prove who actually did the file sharing caused the RIAA to drop a case in Oklahoma and now it looks like the same defense has worked in a California case as well. In both cases, though, as soon as the RIAA realized the person was using this defense, they dropped the case, rather than lose it and set a precedent showing they really don't have the unequivocal evidence they claim they do."

    Well, whaddya know?

    I don't even own any WiFi equipment for fear of someone using my connection to do something questionable...but now maybe I will buy one. Nothing like a get out of jail free card, y'know?

  • Re:Yeah, but... (Score:3, Informative)

    by 1u3hr ( 530656 ) on Friday January 11, 2008 @02:46AM (#21996008)
    You forgot to disable broadcasting of your SSID.

    The six dumbest ways to secure a wireless LAN [zdnet.com]

    SSID hiding: There is no such thing as "SSID hiding". You're only hiding SSID beaconing on the Access Point. There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests. Essentially, youre talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden and all you've achieved is cause problems for Wi-Fi roaming when a client jumps from AP to AP. Hidden SSIDs also makes wireless LANs less user friendly. You dont need to take my word for it. Just ask Robert Moskowitz who is the Senior Technical Director of ICSA Labs in his white paper Debunking the myth of SSID hiding.

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close