Pushing Back On Fear Mongering Reports About Open WiFi Networks
from the about-time dept
We've covered so many fear mongering reports about how dangerous open WiFi networks are, it's quite amazing to see a press article that quotes security researchers pushing back on the latest fear mongering report. As Bruce Schneier notes in the article, it's not the open network that's the issue, but the devices on the network. If the devices are secured, it can be quite safe to use an open network or leave your network open. It seems like there's just a kneejerk reaction against the idea of open WiFi these days. While there may be some risk in getting falsely accused if someone misuses your WiFi, we've yet to hear of any such case where it took very long for the innocence of the network owner to be established.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Can you steal wifi?
[ link to this | view in chronology ]
disagree
[ link to this | view in chronology ]
Re: disagree
Personal Software Firewalls are pointless. They provide nothing in terms of security and actually decrease security by adding another process that requires administrator privileges.
You are much better off disabling the network services that you don't require.
13 character passwords are also unnescessary. You can just prevent brute forcing of passwords by limiting the number of remote login attempts allowed in a given time period, say 5 per minute and change your password every few weeks.
There is quite a bit of crazyness about Windows not being secure, I agree that it's not secure on a default install. But it can be easily made much more secure.
- Jesse McNelis
[ link to this | view in chronology ]
Re: disagree
[ link to this | view in chronology ]
Security thru ignorance
[ link to this | view in chronology ]
wi fi security guard
dont think thats a stretch
[ link to this | view in chronology ]
Scare tactics and Indoctrination
It's as likely that someone will walk into your building and plug into an extra network jack than it is that someone will use your wireless network - in some cases, even if you haven't secured it.
If you plan your wireless network so that the signal covers all of your building, but not so much out of your building; then use a WEP key or similar to make it 'secure', the likelyhood of wardriving or some random person accessing your network are slim to none.
Having been the System Administrator at a school division that uses various technologies and have significantly varying needs, the use of WiFi in many cases is convenient and cost effective. Not only have we not had ANY issues with lost data and hacking, we have not had ANY issues with lost data and hacking. We've been running wireless for several years now.
As far as I'm concerned, the majority of what you hear about the dangers of wireless are simply scare tactics.
It bugs me when people believe everything they read without doing a little research and experimentation.
[ link to this | view in chronology ]
Re: Scare tactics and Indoctrination
[ link to this | view in chronology ]
We will hack you
Hack you
Harry.
[ link to this | view in chronology ]
security by regulation
There was a time when you couldn't even plug a non-approved telephone into your line. Deregulation was a major component force in allowing the internet to flourish, and I don't see a time when we will go back to the old Soviet system. But every now and then someone shouts "regulation!" and it seems so seductive. Here's my list of "why it won't work" for all the naive arguments I hear so often
It seems like its possible to mandate a standard for hardware. Perhaps a security rating. But look at Microsoft. There is simply no question that they have gone out of their way to deliberately make software and hardware insecure, perhaps not for sinister reasons - just to ease installation complexity. It works by default, which is the opposite of any good security policy where everything should be turned off by default. Then there are the more sinister questions like hardware manufacturers leaving backdoors in routers. Could industry ever come on side for hardware/software licenced standards? Not a chance imho. And if they could, what kind of moneypit would enforcement become? Stopping all those "unlicenced" low standard cheap Chinese devices getting into our shops and homes? No chance. And where would that leave free software? The entire planet has trillions invested behind that unstoppable juggernaut
Licencing UsersWe licence cars and guns, so why not internet access. Maybe a certain level of competence should be demonstrated in order to be allowed on to the wide area network? Well it will never work because 99% of people will fail the test. By the time the standards are lowered enough for even 30% to get through the training will be so watered down as to be useless. Driving a car or using a firearm is a skill that doesn't change. But every month the landscape of the network shifts to require new skills and knowledge. Even us IT people have a hard time keeping ahead of it all.
User insurancePossibly the worst idea of all. Insurance would lower security standards even further by shifting responsibilty. We need to encourage people to take more responsibility not less. Besides it cannot be applied in the same way that auto insurance or home insurance pertains to fixed assets and events. Things are already very fluid on the network, IP6 and mesh WiFi are only going to make it more so. Blame game antics will quickly get out of hand when your IP6 drinks fridge in your car decides to call home to the wrong address and does a drive by DOS on the local fire stations VOIP. Companies cannot handle the complexity of the claims or afford to hire experts in the same relatively simple and sensible way that culpability in an RTA or storm damage to a house can be decided.
Licence install and repair techsIf a dentist or lawyer needs a licence to practice why not a computer technician? Well, it's no secret that right now the entire domestic internet is kept alive only by dint of unpaid 12-18 year old geek kids who have the slightest clue what is going on most of the time. Technology is moving too fast for professional standards to ever take hold and get established. The skill pool moves through very fast and frankly, we need every able pair of hands connected to a brain just to keep things at the level they are now. Even a sniff of regulation would be catastrophic. If it really cost you $100/hour twice a month to get your infected Windows machine fixed up (because that's what a tech is going to charge as a professional rate, like every other professional) then most people are going to just say "sod it" and throw out their computers. Don't ever believe we've passed the point where that can't happen, there is plenty of scope for a collosal anti-tech backlash at this point in history.
Solutions? What will work? I haven't a clue, which is why it's al so interesting still. All I know is that everything listed above is a dumb step backwards.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
The Future of Open WiFi - FON
http://www.fon.com/
It seems that you can have your Wifi open and still be secure. The FON service lets fon users use each other's wifi. Basically you share your wifi with other FON users securily and other FON users share with you securily.
BMR777
[ link to this | view in chronology ]
Insurance on WIFI
Actually, guys, it's already here. It's called "liability insurance" which is usually automatically part of your Homeowners or Renters insurance. While there's nothing specifically stated in the policy that says "WIFI is covered", there doesn't need to be. Liability insurance is on an "all risk" basis, which means that it's covered unless it's specifically excluded.
While your insurance won't pay for lost data or damage caused to you by these evil Hakkor Hordes, it will pay if someone sues you because someone else damages them through your WIFI. It will also pay if someone sues you claiming that you damaged them at Starbucks' hotspot or wherever.
Also, Starbucks et al... Their insurance will cover if someone does naughty things with that free hotspot and someone sues Starbucks for it. So if Johnny Jack-in hacks someone while sitting at Starbucks, and that someone sues Starbucks for "providing the opportunity to commit the crime", Starbucks' insurance will pay the defense costs. And if Starbucks somehow loses, the insurance will pay that too.
[ link to this | view in chronology ]
Re: Insurance on WIFI
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
There is no secure wifi. I can break any WPA setting n under 30 minutes. The only way to secure wifi is to unplug it.
I reckon you could break in to my house and plug in to my wired network in less time.
[ link to this | view in chronology ]
Re:
And people laugh at me because I don't use wi-fi at home. I just don't feel it's worth the headaches and risk. Thanks for showing me at least one other person agrees.
[ link to this | view in chronology ]
Break into a house faster then breaking a WEP
So "yeah" to the comment from Jesse McNelis.
:-P
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"just jumbled letters and numbers"
WEP keys are, just like windows passwords, nothing more than jumbled letters and numbers. In fact, they're a far weaker level of encryption. WHOPPIX (a cd-based linux distro which I think is now called WHAX) can crack any (and yes, I said any) 64-bit hex WEP key in just 10 minutes. Literally. And that's from boot to cracked, not just cracking time. It's not hard to see how if you are on (for example) a hotel wifi with 256-bit hex WEP encryption the network WEP key could easily be cracked in just one night, perhaps under 4 hours, and most routers don't offer any higher encryption.
(FYI I did that once at a Holiday Inn Express, and it took me 3 hours. Sadly I found out the WiFi was free anyway the next day, which begs the question of why they bothered to put a WEP key on it in the first place...)
So, though I'm not saying not to use a WEP key, I'm simply saying that if a hacker wants to get into YOUR computer, a WEP key is probably a little less effective than even the built-in windows firewall. WEP keys are good for stopping wardrivers, but they're an extremely small half-a-step for stopping any professional hacker, or even a hacker-for-hire.
[ link to this | view in chronology ]