Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security Wireless Networking Hardware

80% of WiFi Networks are still Insecure, Kismet Author Says 430

acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"
This discussion has been archived. No new comments can be posted.

80% of WiFi Networks are still Insecure, Kismet Author Says

Comments Filter:
  • by n2rjt ( 88804 ) on Thursday August 19, 2004 @05:15PM (#10017665) Journal
    I leave an unencrypted access point open in the no-mans-land between my broadband modem and my router, on purpose. I think a lot of people do something like that, or even keep their whole LAN open to the access point, in order to promote free WiFi.
    • by huckda ( 398277 ) on Thursday August 19, 2004 @05:17PM (#10017684) Journal
      Yes...same here...
      why? because I was taught to share growing up...
    • Sorry, but no. (Score:5, Insightful)

      by ItMustBeEsoteric ( 732632 ) <ryangilbert@gm a i l .com> on Thursday August 19, 2004 @05:24PM (#10017741)
      A "lot" of people don't do that. The overwhelming majority of people who have WiFi have no idea or comprehension of setting up free WiFi for others when they put it in their home. This is /. so you might not be so out of the oridinary here, but in the general populace such reasons for that config are not statistically significant.
      • Re:Sorry, but no. (Score:3, Interesting)

        by Anonymous Coward
        I beg to differ. A lot of people _do_ do that.

        Wireless is still mostly in the hands of early-adopters; many of who know what they're doing.

        My wireless covers one coffee shop near my apartment complex.... someone else is covering the other one. Out of the 8 or so wireless access points I can see from right here, 5 have WEP, 2 I know are open intentionally (the two I mented), and the other one is T-Mobile (damn expensive).

        • Re:Sorry, but no. (Score:3, Interesting)

          by IANAAC ( 692242 )

          Wireless is still mostly in the hands of early-adopters; many of who know what they're doing.

          I disagree. The fact that you see wireless routers for sale at BestBuy seems to confirm.

          Case in point: My neighbor recently bought a wireless router and did the default setup (ie: wide open). I discovered it while rebuilding a machine at home. Living in the Bay area houses are fairly close together, so I initially associated to his AP. No WEP. Broadcast. No MAC filtering.

          I went over and asked him if

    • I would never wish a child-porn cop visit or a DMCA copyright suit on you, but them's the dangers when running a public network...

      I make all my clients close their networks, scaring them with made-up horror stories of cops showing up at people's doors, yada yada. But it's for their own protection.
      • Has anybody running an open wifi connection *ever* had either of these happen? I've been running semi-open wifi (port 80 open, rest of the ports filtered on a Linksys DHCP router) for two years now- of course, I've yet to get up that dish so that I can access it from the park (ran out of time soon after getting the dish) but you can access it from the other side of my fence on the sidewalk just fine. And I've NEVER had a problem.
      • Personally, I wish more cheapie access points you buy at CompUSA would include some kind of DNS rerouting feature like you see at coffee shops and so on. To get access to the AP, you need to try to pull up something in your Web browser. When you do, you first get redirected to a page that says, "Hi, welcome to our network!" or something similar.

        For free/open access points, this would be handy for two things:

        1. Saying who you were and letting people know that, yes, you do know your access point is open and
      • by ifwm ( 687373 ) on Thursday August 19, 2004 @06:32PM (#10018301) Journal
        Listen, don't take this personally it's not meant for you, but I'm so fucking tired of hearing people justify their paranoia by citing the potential for abuse. ESPECIALLY child porn. It seems like that's the first place someone runs to in discussions like this. There are better arguments for maintaining security, so do us all a favor and retire that one.
        • by kbahey ( 102895 ) on Thursday August 19, 2004 @11:18PM (#10019700) Homepage

          There was a case here in Canada last year, namely in Toronto, where the cop stopped some youth in a car going the wrong way in one-way street.

          To the cop's surprise, this guy had his pants down (i.e. naked from the waist down) in the car, and a laptop with WiFi in it. He was war driving that neighborhood.

          Had he not gone against the traffic, he would not have been caught at all ...

          So, the threat is real. If someone choses to open their wireless LAN to outsiders, then he should know the risks.

          Same thing applies if you run a message board or web site then it becomes a mouth piece for hate speech or terrorism or whatever. If you know the risks and chose to do this regardless, then be prepared for the consequences.

    • by jkravitz ( 806844 ) on Thursday August 19, 2004 @05:27PM (#10017764) Homepage
      I wonder how many unpatched computers are connected to the wired web? Probably an equally scary amount. It seems to me that there are greater long term risks with this scenario. Most spammers and child pornographers unless they are your neighbor or using an antenna are not going to set up shop on your front lawn where as your unprotected wired box can be owned and operated by anyone in the world.
    • by Have Blue ( 616 ) on Thursday August 19, 2004 @05:30PM (#10017786) Homepage
      I would hope those lots of people keep in mind that they'd be liable for any trouble, legal or technical, that gets traced back to their anonymous access point. That's one of the main reasons I secure mine.
      • by Anonymous Coward on Thursday August 19, 2004 @05:58PM (#10018022)
        That's as stupid as saying that if someone taps into your phone line (note the "unsecured" wires coming into the side of your house!!!) and calls in a threat that you would be liable.

        Of course thats not true. Sure, you might be investigated... but in both cases probably cleared. The wireless case is even more clear-cut because it's easy to see that it was left open. The phone lines would be much harder to explain why you let someone on your property to tap in like that, and didn't shoot them while they were connecting alligator clips to your wires.

        • by cornjones ( 33009 ) on Thursday August 19, 2004 @08:15PM (#10018899) Homepage
          Sure, you might be investigated... but in both cases probably cleared.

          This used to be my arguement but it has one fatal flaw. The investigation itself. Sure I could weasle out whatever horrible violation that brought the feds to my door (even if I did it) by pointing out my unsecured wifi connection. But they would still seize my comp gear in the investigation. If it turns out that not all my software is licensed correctly or some of my media may not have easily accessible originals I am still fucked.
        • Unfortunately computers and WiFi tend to fall under slightly different terms than phone lines in my opinion.

          For starters, phone lines are not your responsibility, they are the responsibility of the phone company, including all security and problems arising from tapping a phone line.

          Along that same line, computers and a WiFi router, are the responsibility of whoever sets them up. If you setup a WiFi router, and *willingly* leave it open to promote free WiFi net access, any infraction noted by your servi

    • by slamb ( 119285 ) * on Thursday August 19, 2004 @05:50PM (#10017968) Homepage
      I leave an unencrypted access point open in the no-mans-land between my broadband modem and my router, on purpose. I think a lot of people do something like that, or even keep their whole LAN open to the access point, in order to promote free WiFi.

      I hope you at least block outbound port 25 (SMTP). Because this will be abused by spammers otherwise.

      Legitimate people can still send mail through the submission port (see RFC 2476 [faqs.org]). This is a separate port that exists for MUAs to submit new mail; typically it requires SASL authentication. So they can connect to their own ISP's server and submit mail, but not send directly to the recipient's server, as a spammer would.

      • by shadow303 ( 446306 ) on Thursday August 19, 2004 @06:25PM (#10018246)
        That is of course assuming that there is a spammer within range of your access point. For most people, spammers will be a non-issue. Especially for those of us who live in the middle of nowhere. The main reason I do not use encryption is because I cannot use it under BeOS, and don't have any BeOS compatible wired connection on my laptop. For normal people, leaving the connection unencrypted will hardly ever be a problem.
    • Same here, though I don't think anyone's using it besides me. I set my SSID to "call (my phone number)" to see if anyone was using it. After about two months, I checked the wap's logs and only found my MAC address in the connect list.

      I was thinking of getting someone to make me a "warchalk" sign to hang on my house, so people could see there was internet access here. Then it occurred to me that the idea might be sellable to enough people to turn a buck or two. Anyone feel like a little entrepenurship?
  • Unsecure? (Score:5, Funny)

    by Flakeloaf ( 321975 ) on Thursday August 19, 2004 @05:16PM (#10017666) Homepage
    Shouldn't that be "insecure"? How someone could make this mistake in the day and age of internet dictionaries is unpossible to contemplate.
  • by sunilonline ( 609351 ) on Thursday August 19, 2004 @05:16PM (#10017669)
    Go for a drive around town running netstumbler or kismet. I can pick up two hundred access points in 5-10 miles, and the vast majority of them are unprotected... Probably more than 80%. Even more interesting than that is the fact that you can tell which people have actually tried to configure their access points. Many people are using default SSID's and no protection. Kind of scary if you ask me, but hey, it almost guarantees free internet in some neighborhoods.
    • I took my friend war driving for his first time the other night. He had just gotten a new AMD64 laptop. We picked up 41 APs at houses within about a 5 square block area, and when we drove by the local public grade school we picked up about 20 open access points, it was nuts. Most successful war driving ever. We had a blast. We are going to go back out one night and try out AirPwn just for fun, and let people know that they could be encrypted.
      Regards,
      Steve

      Anyone know of a tool similar to AirPwn that doesn't
  • by Gay Oreo ( 739738 ) on Thursday August 19, 2004 @05:16PM (#10017670) Homepage
    I know in suburba the number is much higher as opposed to downtown San Francisco.
  • by Billly Gates ( 198444 ) on Thursday August 19, 2004 @05:16PM (#10017671) Journal
    The key can easily be obtained and with the tools out there it is just as insecure as having the data unencrpted since its easy to fool the AP to giving you the key.

    IPSEC is the way to go but my router and older system do not support it.

    Linksys supports IPSEC but guess what?

    There is a default admin password that anyone can use to log in. SO whats the point?

    • How insecure is WEP? What I mean is, is it so trivial that I need to worry about my home net being insecure, or is it just "not 100% secure"... such that I'd only really need to worry if I were a bank/corporate/government type?
      • WEP is so insecure that if you're concerned about security, you shouldn't be depending on WEP. Easy to use tools exist to automatically crack WEP just by analyzing traffic.
      • Someone can get sufficient info to be on your network and read the packets in less than an hour.
      • by radish ( 98371 ) on Thursday August 19, 2004 @06:04PM (#10018074) Homepage
        Contrary to what some other posters have said, I'd posit that it's secure enough for the home user.

        Even if it could be cracked in an hour (I doubt that figure - the number of packets needed for an analysis is huge, and unless your network is very busy it will take much longer than that) - most would-be attackers (a) don't know how and (b) can't be bothered. Think about it, 99% of people looking at your AP just want free net access. Chances are there are multiple available APs (in my apartment I can pick up at least 5). If one's closed, they'll just move on to the next. It's the "don't outrun the bear, just outrun the other guy" situation.

        Sure, if some ubergeek happens to live within range of you, and really wants in to your network (for some unspecified reason - to steal your pr0n?) then they could get it. What are the chances of that happening? Well it depends how think the tinfoil in your hat is. But it doesn't keep me awake at night.
  • by ElForesto ( 763160 ) <elforesto&gmail,com> on Thursday August 19, 2004 @05:16PM (#10017673) Homepage
    When I got my first wi-fi enabled laptop, I decided to wardrive down a busy road in a residential area. I picked up 11 APs along the way, one of which had been secured. The other 10 used the default SSID with no WEP. Whatever befalls the people with the unsecured APs is deserved for not reading the freaking manual. They have the mentality of "I plugged it in and it just works! Whoopee!"
    • by timmyf2371 ( 586051 ) on Thursday August 19, 2004 @05:28PM (#10017771)
      They have the mentality of "I plugged it in and it just works! Whoopee!"

      Isn't that the way it should be though?

      Last time I bought a new TV, I switched it on, pressed a few buttons as indicated by the quick-start guide and it auto-tuned all the channels - same with my VCR. If I want to do something advanced such as mess about changing picture settings etc then I'll read the relevant section of the manual.

      If I buy a hifi system and plug in the revelant speaker cables, popping a CD into the drive and pressing play generally results in music. Similarly, should I want to (for example) record every 2nd track on a CD to casette then I'll read the relevant section of the manual.

      That's how computer technology should be - I don't need to read a manual to work my other home entertainment devices and I don't see why computer technology should be any different.

      • "Isn't that the way it should be though? "

        Um, no. Computers and networking gear are complex electronic systems. People WANT to treat them like a toaster, but then they complain when somthing goes wrong.

      • Yes, but there is a difference here. You don't buy a cordless phone and expect anyone passing by to make calls do you? Nor do you install your television facing the window with a controller outside plus speakers so passersby can enjoy your television.

        Manufacturers decided it was better for business to have it work easier out of the box than to add in a couple of steps of configuring encryption during setup.

        Personally, I think they should have had a 10 step or 15 step or whatever process such that the wir
      • by Some Dumbass... ( 192298 ) on Thursday August 19, 2004 @06:37PM (#10018345)
        That's how computer technology should be - I don't need to read a manual to work my other home entertainment devices and I don't see why computer technology should be any different.

        I can think of a few counter-arguments to this:

        1. When was the last time someone 0wn3d your TV or VCR? Okay, I know, that's a joke, but there is a point there -- very little harm can come to you or others from a poorly set-up TV or VCR. A poorly set-up wireless router can be used to anonymously (for the crook, not for you!) break into banking computers and the like. A computer can be taken over and used to distribute pr0n, DoS some other computer, store warez, etc. That's why you need to read more instructions -- because of the amount of harm which could be caused if you don't.

        I for one wouldn't want to get anywhere near a car which claimed that anyone could "just use it without reading any instructions". The potential for harm if something goes wrong is too high, even if it's unlikely to happen. The same with computer technologies.

        2. More complex systems require more complex instructions. Your computer is not just a "home entertainment device", plain and simple. If there were a different button on your computer (a la "Play") for everything you could do with it, every option in every program, then the keyboard would be bigger than your living room. A computer can do much more than just play a few movies, songs or video games, and that's why more instructions are needed to use it. If you want a simple "home entertainment device" to play games, movies, music or surf the web (video consoles, DVDs/VCRs, stereos, and web terminals a la WebTV, respectively), then go get one.

        3. Adding a wifi router to an existing computer setup is more akin to adding a VCR to an existing TV setup. Ever noticed how some people can never get the TV-VCR wiring right (my Mom, for one)? It's the same when you add on to your existing computer setup. Even if individual technologies are simple, using them together isn't always so simple. Computers are almost always used with additional peripherals (printers, network devices, and so on). Thus the need for more detailed instructions.
        • "1. When was the last time someone 0wn3d your TV or VCR?"

          Actually, I hope you do realize you've just proven the other guy's point. That computers are such a fragile tool, and for a lot of people they can cause more grief than good, is precisely the _problem_.

          What Joe Average wants -- or for that matter what _I_ want -- is something that just does a certain job, with a minimum of fuss. Yes, like a TV or a VCR. If I want to read my email or play a game or whatever, I should just get straight to doing that,
  • by Paulrothrock ( 685079 ) on Thursday August 19, 2004 @05:16PM (#10017680) Homepage Journal
    Globally, 80% of all WiFi might be insecure, but locally it can often be much higher. Tooling around with my Powerbook and KisMac I've found that 95% of 802.11 networks in the Harrisburg area are totally open. I'm thinking of starting a weekend gig closing these down. For a modest fee, that is.

    Ahh... digital extortion. "I secures dis here network, see, or Clamps here breaks into yous guyses computer and steals yur credit card numbers. Capice?"

    • I've had that idea myself, but I've read nothing but horror stories about people that have actually tried it... e.g., the winners of this year's Wi-Fi Shootout at Defcon:

      "We were going to war-drive around Cincinnati and find unencrypted wireless access points," Corrado said. "We knocked on people's doors and asked if (they) wanted us to encrypt them, and they just got all freaked out. So we were searching for other things to do with the equipment we had just purchased."

      From this story at Wired News [wired.com]...
  • I'm Confused Now (Score:5, Insightful)

    by Stuart Gibson ( 544632 ) on Thursday August 19, 2004 @05:17PM (#10017691) Homepage
    Are we supposed to be securing our WiFi networks to stop people using them as SPAMming outlets and entry points to delicate data, or are we supposed to be leaving our WiFi networks open so we can share our connectivity and bring about a utopian world of high speed, anywhere connectivity?

    (Yes, yes, I know, the right security for the right place)

    Stuart
    • In an ideal world we would be able to leave them open and share. Just like we wouldn't have to worry about patching every little security exploit that appears in Windows, nor would we need to worry if our anti-virus definitions were more then a week out of date.

      But alas the world is full of people with less then honest intentions.

      Treat WiFi access points as you would a machine connected to the net, unless you want to let every script kiddie in your neighbourhood abuse it, secure it up.

    • by utexaspunk ( 527541 ) on Thursday August 19, 2004 @05:45PM (#10017921)
      i agree. shouldn't we just leave the networks open and have secure computers? what's the problem with having a wide open network if you've got your computer all patched up and are encrypting your e-mail, etc?

      seems to me that if you secure your data at the earliest possible point, it doesn't matter what sort of insecure territory (and there will likely always be insecure territory SOMEWHERE) it passes through to get to its destination.
  • With all of the controversy over who is responsible for downloads off of someones access point I will stay wired just to be safe. I can at least provide some kind of physical security over cat5 runs.
  • 'KERSH! (Score:4, Funny)

    by MarcQuadra ( 129430 ) * on Thursday August 19, 2004 @05:18PM (#10017693)
    LOL, I went to high school with 'Kersh. I remember how he showed me the first UN*X I've ever seen, mkLinux on his PowerBook 3400. The man is single-handedly responsible for both my affection for Apple and for getting me into Linux. Not to mention that he showed my friends and I 'South Park' long before it was ever on TV (it was '97 or '98 when he showed us jesus-vs-santa).

    Now he's the guy behind kismet, which I use to monitor WiFi at work.

    Thanks 'Kersh! I wish you much success with career and hobby, and hope you find a real-life anime chick to settle down with. Send me some tentacle-shots when you do. :-)
  • by Sagarian ( 519668 ) <smiller&alum,mit,edu> on Thursday August 19, 2004 @05:19PM (#10017699)
    Wireless networks have a lower Totacl Cost of 0wnership (TC0) !!!
  • by LS ( 57954 ) on Thursday August 19, 2004 @05:19PM (#10017705) Homepage
    Can someone answer the following:

    * Why aren't WAPs shipped with encryption turned on by default?
    * With many well-known strong encryption schemes, why was the weak WEP made standard?

    LS
    • by mwillems ( 266506 ) on Thursday August 19, 2004 @05:30PM (#10017787) Homepage
      >> Can someone answer the following:
      >> Why aren't WAPs shipped with encryption
      >> turned on by default?

      Because the power of WiFi is that it is easy to use. My neighbour could not possibly use it if it wasn't.

      WEP is complicated. You need to be able to shell in (sometimes even to a port other than 80) from within the LAN. Then you need to know an admin ID/password. Then you need to know what on earth hex/ascii/etc mean, and 56/128/etc bits (and how the security ranslates to a number of characters). Then you need to set it all up using complex menus, and then you need to figure out how to set up all PC's (which call it something else).

      By this time we would have lost the typical buyer, oh, 5 times over. That is why it is shipped open by default - the support would cost a fortune, otherwise. WEP is way too complex in its consumer implementation.

      Michael

      • by gwernol ( 167574 ) on Thursday August 19, 2004 @05:43PM (#10017903)
        WEP is complicated. You need to be able to shell in (sometimes even to a port other than 80) from within the LAN. Then you need to know an admin ID/password. Then you need to know what on earth hex/ascii/etc mean, and 56/128/etc bits (and how the security ranslates to a number of characters). Then you need to set it all up using complex menus, and then you need to figure out how to set up all PC's (which call it something else).

        By this time we would have lost the typical buyer, oh, 5 times over. That is why it is shipped open by default - the support would cost a fortune, otherwise. WEP is way too complex in its consumer implementation.


        Very true.

        I wonder if it would be possible to create a feature that allows you to "auto sync" a WAP and a device over a wired network. This would allow you to connect your (say) laptop to the WAP over a local wired connection and the software would automatically configure encryption to allow the laptop to access the WAP wirelessly. It could auto-generate a random key each time the sync was performed.

        Basically anyone with physical access to the WAP could be authorized to use it, everyone else is locked out. Most consumers understand the concept of physically securing a box better than the intricacies of WEP.

        I don't know enough about the TCP/IP stack to know if software can guarantee that two devices are directly physically connected. If you can, this might be a good approach.

        Not secure enough for every situation, but it might overcome the current difficulty of using WEP or other encryption/security?
    • Because then everybody would just be using the same default password making them unsecure anyway.
    • Can someone answer the following:

      * Why aren't WAPs shipped with encryption turned on by default?


      Please, tell us what the default password should be...
    • "Why aren't WAPs shipped with encryption turned on by default?"

      Becuase it would cost the manufacturer money to have to talk people through how to get their notebook to connect to the access point with WEP enabled. However it costs them nothing to leave the security turned off be default.

      "With many well-known strong encryption schemes, why was the weak WEP made standard?"

      At the time the cost of dedicated ASIC systems to handel encryption where too high. An encryption system with lower system requirements

    • With many well-known strong encryption schemes, why was the weak WEP made standard?

      So what well-known strong link-level encryption schemes would you suggest they should have used?
  • by j1m+5n0w ( 749199 ) on Thursday August 19, 2004 @05:20PM (#10017711) Homepage Journal

    from the post:

    80% of WiFi Networks are still Unsecure, Kismet Author Says

    from the article:

    Despite all the press about it, the overall percentage of unencrypted networks is still at about 80%

    An insecure network and an unencrypted network are not the same thing. WEP is encrypted, yet insecure, while secure IMAP and SSH are secure by providing end to end encryption, instead of relying on the network to provide it.

    -jim

    • An insecure network and an unencrypted network are not the same thing. WEP is encrypted, yet insecure, while secure IMAP and SSH are secure by providing end to end encryption, instead of relying on the network to provide it.

      Why not use both?

      Most experts in physical building security will tell you that the front door of most buildings, when locked, is nothing more than a deterent - if someone really wants on the other side of that door, they'll get there somehow.

      My point? WEP is pretty good at making sur
  • No WEP? So what! (Score:5, Insightful)

    by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Thursday August 19, 2004 @05:22PM (#10017723) Homepage Journal
    We've been over this time and again, but my own WLAN is wide open; anyone with any MAC can connect without WEP, and I even broadcast the SSID.

    Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.

    If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.

    • by swillden ( 191260 ) * <shawn-ds@willden.org> on Thursday August 19, 2004 @05:42PM (#10017898) Journal

      More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.

      What????

      You provide WIDE OPEN completely UNAUTHENTICATED access to NTP and DNS?!?!? Do you have any idea how much damage a serious cracker if enough people take this devil-may-care attitude about network security, and just hand out accurate time information to anyone who asks? Not to mention name service <shudder>.

      You, sir, are exactly the sort that is making it possible for malicious script kiddies to ruin the Internet for everyone.

      You should be ashamed.

    • Re:No WEP? So what! (Score:5, Interesting)

      by dublin ( 31215 ) on Thursday August 19, 2004 @06:05PM (#10018081) Homepage
      In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.

      The real problem isn't that people aren't using WEP (since any blackhat with a web browser to download the tools can crack WEP in a few hours at most.)

      The REAL problem is that ALL low-cost "wireless gateway" appliances treat wireless nodes as part of the LOCAL network, when, of course, the wireless segment should be treated as another WAN (Internet) link, where the bad guys live, and where you have to authenticate yourself before connecting to the LAN. As long as this remains true, wireless will continue to be a huge security hole in most networks.

      Unfortunately, the "business" networking vendors are more than happy with this arrangement, since it keeps savvy business users from buying their network gear at CompUSA or Fry's. The sad fact is that security comes at a very serious cost premium today - it shouldn't, but the factis that companies that value security will pay *much* more for it, so the vendors simply "de-feature" the mass market products to help justify "enterprise" capabilities such as this common-sense approach to wireless networks.

      This won't change until one of the SoHo/Home market vendors gets a clue and decides that their buyers might actually like a wireless router that can protect the rest of their network. Why that hasn't happened yet is a mystery.

      BTW: If anyone knows of a low-cost wirless router device that *can* treat wireless as an "outside" network, post a reply and let us know...
      • by KevinKnSC ( 744603 ) * on Thursday August 19, 2004 @07:01PM (#10018536)
        Buy one consumer-grade wireless access point/router, and one consumer-grade router. The combination can be had for under $100.

        All local machines go behind the non-wireless router. That router's WAN port is connected to one of the LAN ports of the wireless router, and the wireless router's WAN port goes to the Internet. Now you have the public Internet (unsafe), a wireless purgatory (unsafe in a different way), and a secure LAN (as safe as the non-wireless router/firewall box allows it to be).

        Alternately, the non-wireless router can be a wireless router with the wireless features turned off.
  • by teamhasnoi ( 554944 ) <teamhasnoi@[ ]oo.com ['yah' in gap]> on Thursday August 19, 2004 @05:24PM (#10017747) Journal
    It pisses me off that in order to use Kismac fully, I have to get another wireless card - even though I have Airport Extreme. Just release the specs already - what is the point of keeping them closed source?
  • by DrMindWarp ( 663427 ) on Thursday August 19, 2004 @05:28PM (#10017770)
    The WiFi data-link layer may not be encrypted in 80% of cases but that doesn't mean that encryption isn't used or enforced at a higher level. You can run VPN, SSL, ssh etc. quite happily over what might appear to be an 'insecure' WiFi link.

    As WEP isn't that robust there seems to be little point in deluding oneself - thus many networks will be unencrypted at that layer by design rather than by default.

    Tell me how many wireless networks you can associate with and actually use.
  • Not surprised... (Score:4, Interesting)

    by ebrandsberg ( 75344 ) on Thursday August 19, 2004 @05:30PM (#10017782)
    In my the middle of Silicon Valley, I can see from my apartment complex about a dozen access points at once, and I can probably 95% of the time access the Internet through at least one. I've given up even paying for Internet access, cause I've always got it anyway. People just plug in their AP's turn them on, and if it works, thats the last time they touch it.
  • Myth's about WEP (Score:5, Informative)

    by x.Draino.x ( 693782 ) on Thursday August 19, 2004 @05:30PM (#10017784)
    Everyone still seems to think WEP is easy to crack. It's not. On AP's 2+ years old new features have been implemented to dramatically reduce the amount of weak IV's given out. For fun, I tested our network here at work, where we have over 300 employee's and multiple access points. And yes, there are plenty of people actually using the wireless network. In 3 days I was only able to pick up 75 weak IV's in Kismet. You usually need in the range of 10,000+ to make a decent attempt at cracking WEP with current tools. Now, if you have the know how to use tools like wepwedgie, or know how to do packet injection using multiple 802.11b cards/devices with HostAP then you may have better luck. But chances are that if someone knows how to use these tools and has the time to do this, they can probably break your network some other way.
    • Re:Myth's about WEP (Score:5, Interesting)

      by photonrider ( 571060 ) on Thursday August 19, 2004 @07:50PM (#10018785)
      WEP is easy to crack *if* one or more of the nodes on the WLAN are not filtering weak IV's and is *not* using WPA. In my test setup using a Netgear wireless AP and a Netgear PCMCIA card in a laptop copying a 65 mb ISO image in an endless loop to a server on the wired network, it took 24 hours to capture enough weak iv's. DWepcrack took about 10 seconds to load the capture file and 3 seconds to break the WEP key (on a PII 333mhz Dell Laptop). Netgear doesn't filter weak IV's and they're cheap enough to buy for testing. Second test was with the Netgear AP and a Linksys PCMCIA card in the the laptop, Linksys filters weak IV's. This same test, copying the 65mb ISO image in an endless loop took 36 hours to capture enough weak IV's. To contrast, using an AP and a PCMCIA card that both filter weak iv's (Cisco) I ran the same test for 8 full days and still had not captured enough weak IV's to crack the WEP key. If you have an environment where one or more nodes are not filtering weak IV's AND they have not implemented WPA or other protections, it's just a matter of time. In my research, I checked Netgear, Dlink, Cisco, Linksys, Intel, and Dell(branded intel I think). Only Cisco and Linksys filtered weak IV's. Recent discussions with Dell and Intel reveal that they don't think it's worth their time to filter weak IV's. They think everyone will run WPA and the problem will go away. WPA isn't the default setup either so if they're not filtering weak IV's... It seems to me that filtering weak IV's is such a simple thing for them to implement that it is simply negligent not to. IMHO it provides a big bang for the security buck.
  • by NeedleSurfer ( 768029 ) on Thursday August 19, 2004 @05:30PM (#10017785)
    All those talks on network security sometimes bugs me. All those leftist trying as hard as they can to make the right wing extremist's job easy.

    The lack of security over WI-FI is a good thing. Ever thought about the democratization of communications, WI-FI can bring you that, unsecure WI-FI WILL bring you that. With file encrytion files are safe (mostly) anyways, that's what we need to promote. Leaving your network open will just make it accessible by other people which, if they get the hardware themselves will make this network availlable to more and more people and so on.

    In a few years when you wanna call someone you basically open iChat, MSN messenger, whatever, turn on rendez-vous or equivalent find your contact name and double-click. Get it?

    Security isn't always a good thing, making everything locked just make sthe world harder to travel, some doors need to be opened.

    In the very unllikely event that I win a huge amount of cash, dream number one is to get several WI-FI routers and configure them to enable a neibourhood network, hoping to change it into a city network and so on. I dream of the day communication will be democratized, free, for everyone.

    Instead, as of now, the technology exist, it's there for everyone to grab, but they all stare at it, telling themselves: "too complicated and the router is around 200$CAN, it's expensive, I'd rather pay 30$ a month plus long distance and service fees for the rest of my life"...
    • Great idea. Free wireless access for everyone. Hurrah! Now, who pays the bills?

      Let's say everyone leaves their APs open. Now I don't need to pay for my cable bill, I can just leach off someone else's. Then they figure that out too, so we both have to leach from somewhere. Do you see where I'm going with this?

      I think you spell it out very well yourself...

      In the very unllikely event that I win a huge amount of cash, dream number one is to get several WI-FI routers and configure them to enable a neibourhoo
  • by TiggertheMad ( 556308 ) on Thursday August 19, 2004 @05:32PM (#10017807) Journal
    I took extra care to lock down my WiFi network, just to be sure that none of the skr1p7 k1dd13s out ther could hacATZ#4#R%F^AA@!@5[CARRIER LOST]
  • Was messing around with my new wireless router yesterday. The thing has the ability to use WEP, which is decent enough to stop el-random-fuckwad from screwing up my network and abuse my internet connection. Anyways, I decide to check it out and I try to set up a random WEP keyphrase.

    Turns out I need to cough up a random 10 character hex number. And remember it, too. Then I looked at 128bit WEP ecryption which required a 26 character hex number. I can't use my normal ( secure ) password because it contai

    • by Feztaa ( 633745 )
      What good is whitelisting? people will just sniff the packets to see which MACs are whitelisted, and then spoof that MAC address.

      So much for the whitelist.
  • Visiting relatives in Manhattan (I can see Lincoln Center from their apartment...interesting area), I've been scanning with my iBook and KisMAC whenever I'm on the road.

    So far, 452 WAPs, maybe 100 or so of them are encrypted

    Quite sad, really.
  • by students ( 763488 ) * on Thursday August 19, 2004 @05:37PM (#10017860) Journal
    even though it's not a poll. My network doesn't work well enough to break into. I can't keep my own boxes connected. I guess the correct words are "incompetent clods" - meaning the people who made my router and my ISP.
  • Around here (Austin, TX), I went driving around about a year ago (April 2003) and found about 66% of the networks didn't even use WEP.

    Last April (April 2004) I did it again ... and found about 66% of the networks DID use WEP. I guess I should go out and try it again -- I'll bet even more use it now.

    Perhaps Austin is just more saavy?

    Not that WEP automatically makes your network secure, but it makes it much much much more difficult to abuse, and pretty much guarantees that somebody will just go

  • Why... (Score:2, Interesting)

    Why aren't these articles ever about how great it is that we can all get on the internet practically everywhere? At no point in the whole interview does he talk about the benefits of open wireless, as well as people's abilities to seperate the wired and wireless connections pretty easily to do all their secret things wired, leaving free internet for anyone that wants it?

    It IS possible to have an OPEN AP on the same connection as your ENCRYPTED wired environment, and the quick and dirty way costs about
  • ...water is still wet.
  • by Karpe ( 1147 ) on Thursday August 19, 2004 @05:40PM (#10017886) Homepage
    Please check out this [oreillynet.com].
  • by B747SP ( 179471 ) <slashdot@selfabusedelephant.com> on Thursday August 19, 2004 @05:53PM (#10017997)
    the overall percentage of unencrypted networks is still at about 80%.

    Many folks seem to launch into the misinterpretation that 'unencrypted' == 'insecure'. It does not. Just because your box can talk at layer 2 or layer 3 on my wireless network doesn't mean it's going to be of any earthly use to you.

    Case in point: wander around pretty much anywhere in the Haymarket, Ultimo and Broadway areas at the south end of the City of Sydney, Australia - you'll find literally dozens of open, unencrypted wilress access points, all with SSID "UTS WLAN". Natural next step for a geek is "Whoah! open wlan! I'm there!", fire up laptop, connect...

    It's shortly after that that you realise that you've just helped yourself to an open, unencrypted, and completely useless wireless network [uts.edu.au] belonging to the University of Technology, Sydney [uts.edu.au]. You know this because no matter *where* you point your web browser, you always get the same page: "Welcome to UTS WLAN, enter your username/password to continue". If you manage to guess a username/password, then you'll get the same page, with red writing, saying something to the effect of "oops, no IPSEC tunnel, no cigar".

    That network is opened, unsecured in that you can get your machine to talk on it without authentication, but you can't talk off of it without additional rights.

    Now granted, there's holes in my story. One day, some clever kid is going to figure out that he can use the wlan as his own private routed trunk from one side of the city to the other, and then the owners of the network will have to block that. Second, how hard can it be to get a username/password pair out of a drunk undergraduate? Third, this lot isn't *really* in the spirit of the story - I've built the chinese [orcon.net.nz] cookware [slashdot.org], I've found, literally, hundreds of wireless nets that really are open for all to see, most of them quite likely unintentionally so.

    So yes, there are a lot of unencrypted wireless networks out there, but they're not all unsecured.

  • by sharpone ( 706018 ) on Thursday August 19, 2004 @05:58PM (#10018024)
    powers my home internet right now. My neighbor of course is oblivious, as long as he gets his pr0n. I am friendly enough to make sure his access point gets its firmware upgrades on time ;-)
  • by tizzyD ( 577098 ) <tizzyd&gmail,com> on Thursday August 19, 2004 @06:10PM (#10018122) Homepage
    I have found that if you mix vendor implementations of security--NetGear, Dell's wireless internal card, Linksys cards--they often do not work with encryption enabled. I have tried going up to 128bit, down to 64/40bit, setting NIC restrictions and the like, but in the end, it often is just fruitless with encryption. So, I usually just keep NIC restrictions on. Some hope from the random attacker, but no real protection.

    If you want us to use security, make it simple. Make is to that I can type in a phrase for EVERY implementation, and that it generates acceptable keys. I don't want to type in a phrase for one vendor, and then have to hack out what the keys are for another. Then, just make it work. I don't want any one vendors card different than any other. When I use a Base-T cable, it works, regardless of vendor. That's what we want, folks.
  • by allgood2 ( 226994 ) on Thursday August 19, 2004 @06:35PM (#10018326)
    Obviously, I'm in the minority here at Slashdot, but I've got to say, "So What! Why Should People Secure Their Wireless Network?" Sure corporations should or at least create set-ups where the wireless network is removed from the wired network and of course all that effort to secure the computers, but I've never understood the great push for security on a wireless networks.

    For me I'm of the school that you shouldn't depend on your network for security for your computer. This view recently discussed by Jeff Schiller, MIT's Network Manager at Syllabus http://www.syllabus.com/article.asp?id=9193 [syllabus.com]. I think he makes some great arguments.

    Recently, it seems that people have just jumped on the bandwagon that YOU MUST secure your network, and I guess for the bevy of Windows users out there, with little options for ever successfully securing their computer, this is probably true and one way to get around it. But I find wireless network security to be the antithesis of what wireless connectivity promotes--freedom. So it makes great sense that people would not secure their networks.

    Wired Networks by their nature are someone closed off, insuring their security or closing them off further is no big deal. You would expect to have to handle 2, 3, 5, 10 random clients on a wired network. Sure with laptops it happens more, but typically a wired network is somewhat more static in design. You have switches, ports, hubs--it's all very physical. So sure secure it.

    But wireless networks promote freedom--you can use your laptop anywhere (anywhere with wireless). But security warps that message. Freedom has always had its limitations, but now the limitation is that someone else owns the air you need to use. What's the point of going to a coffee shop, an administrative building or even sitting on your neighbors porch with your laptop if you still can't get internet access when wireless connectivity is available.

    Sure their should be tools to prevent abuse. I don't want someone to start downloading movies off my wireless network, but WHY WOULD SHOULD I CARE if they just use it. I expect the same reciprocity if I'm in the town square or at a coffee shop or just down the street at a friends.

    Securing your network has become synonymous with securing your computer and its not. Someone decided that it was impossible to secure their computer, with all the software with bugs and wholes, with various operating systems working against your efforts. So the rallying cry became secure your network.

    So fine. Secure your landline, but leave your wireless alone. Sure change the default settings, after all one neighborhood really shouldn't have 50 linksys access points. I'm all for letting people know whose wireless access point they're using. I'd don't want someone taking over my access point, but with various hacking tools, the effort is the same regardless if I've secured my access point.

    But if Sue next door wants to use my wireless, go ahead. Don't ask me. Don't make me add you to an exception list or hand over a password. Just use it dammit and be respectful. It's there, and it doesn't really cost me anything more than what I'm currently paying to have you or 20-30 other guest using it.

    Encryption, Authentication, and Authorization, and common sense work well enough for keeping the information I need to be secure, relatively secure. I'd rather have someone distracting by the beauty of playing Doom from their front porch using my access point, then banging on my access point try to hack my setup security so they can get free access, when I could have just offered it.

    So I say, "Offer It!" Secure what you need secure and open everything else. It makes life easier, and produces good karma as well.
  • d i g i t a l (Score:4, Interesting)

    by Graymalkin ( 13732 ) * on Thursday August 19, 2004 @06:48PM (#10018436)
    I use WEP on my home WiFi network despite it being a complete pain in the ass. No two vendors want to authenticate the same way so I have to jump through hoops to get a new system on my network. On my Powerbook with its AP Extreme card I have to use xwepgen [sourceforge.net] to generate a hex key to input into the Airport settings. Trying to hook up a Windows system is ten times harder since different cards have different interfaces and not all of them work properly with Windows XP's native configuration.

    If it was easier to implement WEP between different vendors' products more people would use it. Unfortunately the product lifetime of WiFi products is a whopping 6 months so drivers and firmwares are rarely updated significantly. If you want to switch from WEP to WPA, which is easier to work with between vendors, you usually have to buy a number of new devices. I'm not apt to plunk down $100+ every year on new WiFi equipment just to get it talking to other equipment. Vendors have no impetus to increase interoperability because they want you buying from a single source.
  • by ktakki ( 64573 ) on Thursday August 19, 2004 @09:59PM (#10019360) Homepage Journal
    Last year, I found myself without a home or a job (by choice, actually). I moved to another part of the US and, while I looked for a job and a place to live, I relied on open access points for e-mail (to my old ISP over the web via SSL).

    When not job-hunting, I made a modest living helping the local businesses secure their open access points (which expiated some of the guilt over leeching on open WAPs). This led to more business as a tech support consultant, which kept me afloat and paid my motel bills until I found a permanent position.

    Using NetStumbler and a DeLorme Earthmate GPS on a laptop, I identified open access points. Then I would approach the business and offer to secure their connection for a modest fee (usually $100). Only two businesses turned me away, but the rest were glad to have my services.

    I've read some comments from people who intentionally leave their access points open. While I don't advise this, that's entirely up to you, and I'm sure that you understand the consequences. These small business owners that I worked with were not so aware of the ramifications. They bought a WAP, hooked it up, and were pleased with themselves when it worked. And with two exceptions, they were all horrified that someone 500 feet away from their office or store had access to their network and data.

    Some tips if you want to do this:

    • Look professional. I wore a suit when I made my cold calls. Think of this as a job interview. It is.
    • Be polite. If they decline your help, thank them for their time. If they do ask for your help, let them bring up the issue of compensation. I never had to ask for money; I was always asked what my fee would be.
    • Visual aids help. NetStumbler's signal strength graph was really useful for showing how far an 802.11 signal propagates.
    • Don't overplay the threat. It's enough to say that someone across the street could plug into the network. Invoking the possibility of Al Qaeda using the WAP to send coded messages is overkill.
    • Don't underplay the threat, either. Business owners do worry about identity theft, both theirs and their customers. Medical offices have HIPAA (Health Insurance Privacy and Accountability Act) compliance to worry about.
    • This is a legal grey area. So tread lightly. I avoided approaching financial institutions because of 18 USC 1030 (IIRC), which levies higher penalties on misuse or abuse of their networks and computers. While a banker wouldn't think twice about calling the cops on me, the car dealers and restaurant owners were willing to hear my pitch.
    • Don't charge an arm and a leg. Because these small business owners are always looking for tech help, a break in the price now will lead to more business later (mostly cleaning spyware and viruses, but that's another story).
    • Don't charge too little, either. Though it depends on the part of the country (or world) you live in, I've found between $60 and $100/hr. to be a reasonable price point. Feel your customer out: the cafe owner won't pay as much as the Mercedes dealer.
    • Know the gear. Some WAPs have a web interface. Others rely on SNMP or a direct connection via USB cable. Hit the manufacturers' sites and download the manuals. Be prepared.
    • Leave a business card. Because you will get a callback when the administrative assistant's computer gets hosed by spyware.


    I wouldn't want to do this full time, but for a few months I made a pretty decent living at this, enough to stay in a nice motel, eat lobster, and drink good scotch. When I was hired by a company that provided contract network administration services I had a nice stack of references (and new business for the firm, something that clinched the deal).

    k.
  • by Ed Avis ( 5917 ) <ed@membled.com> on Friday August 20, 2004 @07:40AM (#10021457) Homepage
    Suppose I want to be helpful to my next-door neighbour and let him share my network connection. If I do so deliberately I am breaking my ISP's terms of service. But if I just leave the wireless router at its default open setting and drop a couple of hints...

    Indeed, if you have a wireless network and your outbound Internet link isn't congested, there is not much reason not to share it. You do of course use SSH and other secure protocols for your networking...

"In my opinion, Richard Stallman wouldn't recognise terrorism if it came up and bit him on his Internet." -- Ross M. Greenberg

Working...