Pushing Back On Fear Mongering Reports About Open WiFi Networks

from the about-time dept

We've covered so many fear mongering reports about how dangerous open WiFi networks are, it's quite amazing to see a press article that quotes security researchers pushing back on the latest fear mongering report. As Bruce Schneier notes in the article, it's not the open network that's the issue, but the devices on the network. If the devices are secured, it can be quite safe to use an open network or leave your network open. It seems like there's just a kneejerk reaction against the idea of open WiFi these days. While there may be some risk in getting falsely accused if someone misuses your WiFi, we've yet to hear of any such case where it took very long for the innocence of the network owner to be established.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dorpus, 28 Jun 2006 @ 1:40am

    Can you steal wifi?

    Can you steal the router devices? I was just wondering, after spending a day on another forum discussing unusual stolen goods -- stolen mailboxes, fire trucks, ambulances, cranes, wedding cakes, port-a-johns, ....

    link to this | view in chronology ]

  • identicon
    Bill, 28 Jun 2006 @ 3:50am

    disagree

    we should not leave our networks open that is unless you're willing to put another hard wired router between your connection and your computers. by leaving your wifi open all of your computers are vulnerable. software firewalls including windows firewall and mac osx's firewall are weak to say the least. there is some truth "if your devices are secured". which means 13 character secure passwords on your machine. secure means, no words, just a jumble of letters and numbers. now do that and enable the software firewall on a mac and roll the dice. but as for windows, there are a plethora of hacks that need NO authentication(password or user name) so don't think the windows firewall, or zone alarm or strong passwords on windows are going to make you safe. they're not!

    link to this | view in chronology ]

    • identicon
      Jesse McNelis, 28 Jun 2006 @ 7:40am

      Re: disagree

      Again I have to state it.
      Personal Software Firewalls are pointless. They provide nothing in terms of security and actually decrease security by adding another process that requires administrator privileges.
      You are much better off disabling the network services that you don't require.

      13 character passwords are also unnescessary. You can just prevent brute forcing of passwords by limiting the number of remote login attempts allowed in a given time period, say 5 per minute and change your password every few weeks.

      There is quite a bit of crazyness about Windows not being secure, I agree that it's not secure on a default install. But it can be easily made much more secure.

      - Jesse McNelis

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jun 2006 @ 9:19am

      Re: disagree

      which means 13 character secure passwords on your machine
      What will a 13 character password do? http://support.microsoft.com/?kbid=299656"

      link to this | view in chronology ]

  • identicon
    Tom, 28 Jun 2006 @ 6:54am

    Security thru ignorance

    If lack of physical access to your computer network is the only security you have, then you are destined for being stolen from. Open WiFi is no different than having a network jack on the outside wall of your building where anyone can plug in. You should have security procedures that will let a hacker plug into your network physically or connect via Open WiFi and not be able to access sensitive information. If you can't do that, then every employee is potential thief.

    link to this | view in chronology ]

  • identicon
    Daryl Licked, 28 Jun 2006 @ 7:04am

    wi fi security guard

    im just waiting for the day the government requires you to have internet insurance, to pay for the "damage" you cause by using wifi hot spots.

    dont think thats a stretch

    link to this | view in chronology ]

  • identicon
    Dan.No, 28 Jun 2006 @ 7:58am

    Scare tactics and Indoctrination

    I'm tired of hearing how WiFi is going to be the downfall of corporations. Give me a break.

    It's as likely that someone will walk into your building and plug into an extra network jack than it is that someone will use your wireless network - in some cases, even if you haven't secured it.

    If you plan your wireless network so that the signal covers all of your building, but not so much out of your building; then use a WEP key or similar to make it 'secure', the likelyhood of wardriving or some random person accessing your network are slim to none.

    Having been the System Administrator at a school division that uses various technologies and have significantly varying needs, the use of WiFi in many cases is convenient and cost effective. Not only have we not had ANY issues with lost data and hacking, we have not had ANY issues with lost data and hacking. We've been running wireless for several years now.

    As far as I'm concerned, the majority of what you hear about the dangers of wireless are simply scare tactics.

    It bugs me when people believe everything they read without doing a little research and experimentation.

    link to this | view in chronology ]

    • identicon
      Joe T, 29 Jun 2006 @ 9:25am

      Re: Scare tactics and Indoctrination

      I hate to resort to this, but there's no polite way to put this: You, sir, are clueless and ignorant in this subject and the fact that you are guarding the personal information of children from pedophiles scares me. I am in the wireless industry, I *HAVE* done the research, testing, and pen testing, and I submit that if you haven't had any issues with your wireless being compromised it's because you haven't a clue how to determine that you have. While using WEP on a home network might be a mild deterrent, a saavy pedophile will see you as a nice, juicy target and take the 20 minutes to break your WEP key.

      link to this | view in chronology ]

  • identicon
    harry hackerman, 28 Jun 2006 @ 8:09am

    We will hack you

    We have hacked you, we are hacking you, we will hack you.
    Hack you
    Harry.

    link to this | view in chronology ]

  • identicon
    I, for one, 28 Jun 2006 @ 8:34am

    security by regulation

    There was a time when you couldn't even plug a non-approved telephone into your line. Deregulation was a major component force in allowing the internet to flourish, and I don't see a time when we will go back to the old Soviet system. But every now and then someone shouts "regulation!" and it seems so seductive. Here's my list of "why it won't work" for all the naive arguments I hear so often

    • Licence equipment
    • Licence Users
    • User insurance
    • Licence Technicians
    Licencing equipment

    It seems like its possible to mandate a standard for hardware. Perhaps a security rating. But look at Microsoft. There is simply no question that they have gone out of their way to deliberately make software and hardware insecure, perhaps not for sinister reasons - just to ease installation complexity. It works by default, which is the opposite of any good security policy where everything should be turned off by default. Then there are the more sinister questions like hardware manufacturers leaving backdoors in routers. Could industry ever come on side for hardware/software licenced standards? Not a chance imho. And if they could, what kind of moneypit would enforcement become? Stopping all those "unlicenced" low standard cheap Chinese devices getting into our shops and homes? No chance. And where would that leave free software? The entire planet has trillions invested behind that unstoppable juggernaut

    Licencing Users

    We licence cars and guns, so why not internet access. Maybe a certain level of competence should be demonstrated in order to be allowed on to the wide area network? Well it will never work because 99% of people will fail the test. By the time the standards are lowered enough for even 30% to get through the training will be so watered down as to be useless. Driving a car or using a firearm is a skill that doesn't change. But every month the landscape of the network shifts to require new skills and knowledge. Even us IT people have a hard time keeping ahead of it all.

    User insurance

    Possibly the worst idea of all. Insurance would lower security standards even further by shifting responsibilty. We need to encourage people to take more responsibility not less. Besides it cannot be applied in the same way that auto insurance or home insurance pertains to fixed assets and events. Things are already very fluid on the network, IP6 and mesh WiFi are only going to make it more so. Blame game antics will quickly get out of hand when your IP6 drinks fridge in your car decides to call home to the wrong address and does a drive by DOS on the local fire stations VOIP. Companies cannot handle the complexity of the claims or afford to hire experts in the same relatively simple and sensible way that culpability in an RTA or storm damage to a house can be decided.

    Licence install and repair techs

    If a dentist or lawyer needs a licence to practice why not a computer technician? Well, it's no secret that right now the entire domestic internet is kept alive only by dint of unpaid 12-18 year old geek kids who have the slightest clue what is going on most of the time. Technology is moving too fast for professional standards to ever take hold and get established. The skill pool moves through very fast and frankly, we need every able pair of hands connected to a brain just to keep things at the level they are now. Even a sniff of regulation would be catastrophic. If it really cost you $100/hour twice a month to get your infected Windows machine fixed up (because that's what a tech is going to charge as a professional rate, like every other professional) then most people are going to just say "sod it" and throw out their computers. Don't ever believe we've passed the point where that can't happen, there is plenty of scope for a collosal anti-tech backlash at this point in history.

    Solutions? What will work? I haven't a clue, which is why it's al so interesting still. All I know is that everything listed above is a dumb step backwards.

    link to this | view in chronology ]

  • identicon
    anonymous coward, 28 Jun 2006 @ 9:43am

    i shut down my wifi router. not because of security concerns, but because i replaced it with Belkin powerline Ethernet adapters. dramatically faster and more reliable than wifi with an added bonus of improved security.

    link to this | view in chronology ]

  • identicon
    BMR777, 28 Jun 2006 @ 1:17pm

    The Future of Open WiFi - FON

    The future of open WiFi is FON.

    http://www.fon.com/

    It seems that you can have your Wifi open and still be secure. The FON service lets fon users use each other's wifi. Basically you share your wifi with other FON users securily and other FON users share with you securily.

    BMR777

    link to this | view in chronology ]

  • icon
    Gabriel Tane (profile), 29 Jun 2006 @ 7:40am

    Insurance on WIFI

    "im just waiting for the day the government requires you to have internet insurance, to pay for the "damage" you cause by using wifi hot spots. "
    -Daryl Licked

    "User insurance
    Possibly the worst idea of all. Insurance would lower security standards even further by shifting responsibilty. We need to encourage people to take more responsibility not less. Besides it cannot be applied in the same way that auto insurance or home insurance pertains to fixed assets and events. Things are already very fluid on the network, IP6 and mesh WiFi are only going to make it more so. Blame game antics will quickly get out of hand when your IP6 drinks fridge in your car decides to call home to the wrong address and does a drive by DOS on the local fire stations VOIP. Companies cannot handle the complexity of the claims or afford to hire experts in the same relatively simple and sensible way that culpability in an RTA or storm damage to a house can be decided."
    -I, for one


    Actually, guys, it's already here. It's called "liability insurance" which is usually automatically part of your Homeowners or Renters insurance. While there's nothing specifically stated in the policy that says "WIFI is covered", there doesn't need to be. Liability insurance is on an "all risk" basis, which means that it's covered unless it's specifically excluded.

    While your insurance won't pay for lost data or damage caused to you by these evil Hakkor Hordes, it will pay if someone sues you because someone else damages them through your WIFI. It will also pay if someone sues you claiming that you damaged them at Starbucks' hotspot or wherever.

    Also, Starbucks et al... Their insurance will cover if someone does naughty things with that free hotspot and someone sues Starbucks for it. So if Johnny Jack-in hacks someone while sitting at Starbucks, and that someone sues Starbucks for "providing the opportunity to commit the crime", Starbucks' insurance will pay the defense costs. And if Starbucks somehow loses, the insurance will pay that too.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 29 Jun 2006 @ 8:09am

      Re: Insurance on WIFI

      Starbucks' insurance will pay the defense costs. And if Starbucks somehow loses, the insurance will pay that too.
      No wonder that coffee is so expensive.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jun 2006 @ 8:40pm

    The previous poster in a nutcase. All that is missing is someone yelling "Won't someone please think of the children!"

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jun 2006 @ 8:41pm

    There is no secure wifi. I can break any WPA setting n under 30 minutes. The only way to secure wifi is to unplug it.

    link to this | view in chronology ]

    • identicon
      Jesse McNelis, 30 Jun 2006 @ 3:16am

      Re:

      There is no secure wifi. I can break any WPA setting n under 30 minutes. The only way to secure wifi is to unplug it.

      I reckon you could break in to my house and plug in to my wired network in less time.

      link to this | view in chronology ]

    • identicon
      ebrke, 30 Jun 2006 @ 8:23am

      Re:

      "The only way to secure wifi is to unplug it."

      And people laugh at me because I don't use wi-fi at home. I just don't feel it's worth the headaches and risk. Thanks for showing me at least one other person agrees.

      link to this | view in chronology ]

  • identicon
    Object Constant, 30 Jun 2006 @ 6:11am

    Break into a house faster then breaking a WEP

    Breaking into a house without a deadbolt is about three seconds. Breaking into a house with a deadbolt is under a minute. If a window is open it is about five seconds. If that.

    So "yeah" to the comment from Jesse McNelis.

    :-P

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Jun 2006 @ 8:47am

    Next we'll be hearing about open powerline networks without encryption enabled.

    link to this | view in chronology ]

  • identicon
    Fox McCloud, 1 Jul 2006 @ 11:14pm

    "just jumbled letters and numbers"

    I noticed a few people (namely bill way back at #2) made the point that windows password encryption is nothing more than jumbled letters and numbers, and he's right. Sadly, in making that point, he discredited his own.

    WEP keys are, just like windows passwords, nothing more than jumbled letters and numbers. In fact, they're a far weaker level of encryption. WHOPPIX (a cd-based linux distro which I think is now called WHAX) can crack any (and yes, I said any) 64-bit hex WEP key in just 10 minutes. Literally. And that's from boot to cracked, not just cracking time. It's not hard to see how if you are on (for example) a hotel wifi with 256-bit hex WEP encryption the network WEP key could easily be cracked in just one night, perhaps under 4 hours, and most routers don't offer any higher encryption.

    (FYI I did that once at a Holiday Inn Express, and it took me 3 hours. Sadly I found out the WiFi was free anyway the next day, which begs the question of why they bothered to put a WEP key on it in the first place...)

    So, though I'm not saying not to use a WEP key, I'm simply saying that if a hacker wants to get into YOUR computer, a WEP key is probably a little less effective than even the built-in windows firewall. WEP keys are good for stopping wardrivers, but they're an extremely small half-a-step for stopping any professional hacker, or even a hacker-for-hire.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.