Slashdot Mirror
Drive-By Hacking in London
delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.
In Prince Rupert, we do drive by hax0ring all the time. Especially at dawn.
Hacking (er cracking) seems to get more and more low-tech, it's now been reduced to actually leaving your house. What is the world coming to?
We should be worried about these sort of things, especially in our Post-Colombine world. If the medai were to get a hold of this knowledge, teenage hackers will forever be blamed for insecure networks
All your Pounds are belong to us
They were doing this at the 2600 meeting here in Utah in October. I didn't make it, but it appears they had some success.
...but in the meantime, your mugshot has been captured by zillions of cameras... Y'a know, that's Britain after all, the land of Her Majesty's Subjects.
I get ethernet connectivity once in a while in the Linux Car. There's some details in the news section of the page.
Enjoy.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
For those who want to read more on this subject, check out this past slashdot article
Or just go here.
I have to believe that the network honchos at these companies are in the *testing* phase of their wireless implementation. I bet some of them just threw up the network, with some monitoring tools - just to see what would happen.
That's what I'd do.
Roger that, we have one network down on the corner of State and Madison!
This is definitely proof that times are changing.
"...and postin me too like some brain at AOL-er" -- Wierd Al
cool. I'm going to Comdex in Chicago in the next couple of weeks, and I think I'll spend some time walking around the TradeCenter with my laptop. Might be very interesting to see what I can pickup. What's that you say? It's illegal to do that? Not my problem, I liken this to a publicly accessable park.
--- Think of it as evolution in action ---
IEEE 802.11b Working Group
In geek speak, the IEEE 802.11b standard is the family of specifications created by the Institute of Electrical and Electronics Engineers Inc. for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space. The rest of us English-language users should think of IEEE 802.11b as a way to connect our computers and other gadgets to each other and to the Internet at very high speed without any cumbersome wiring--or a significant price tag. Providing as much wireless speed as it does at its modest price promises to have profound implications for a world bent of anytime/anywhere communication.
Without any cumbersome wiring, yeah, or pesky security or annoying encryption. What about the profounf implications of that. You really have to wonder what they were thinking.
I defy you to find a European Kilometre in Britain.
It's all miles.
from the article:
"From an attackers point of view you want back roads because there is less road traffic," said Codex, "and you might be able to park when you find a network."
Are they seriously suggesting that you can find a parking space in central London during office hours?
A pizza of radius z and thickness a has a volume of pi z z a
this is very interesting to me in particular - i've been considering a system for establishments that would in part run on a wireless scheme (ease of installation, basically), and encryption was honestly one thing i hadn't thought of.
this alerts us to something else, too: wireless networks, encrypted or not, can be sniffed easier than regular wire networks, since you don't have to be physically connected to the internet to be sniffed.
now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?
i'm amazed that i survived - an airbag saved my life.
- 801.1 outdoor range: approximately 100 to 300 metres.
- 12 open networks found within 1Km.
- In the financial district of London.
Is this industrial-espionage-by-numbers?Well, isn't it a very old story? I remember seeing it on /. quite a while ago.
e-mail: karol at tls-technologies.com
www: http://www.tls-technologies.com
sig: not found
how many clueless people are running corporate networks. It's the same with mail server worms etc etc. Patches never get applied and security features are not even switched on. Not that WEP is secure, but if the corp nets are advanced enough to be running wireless kit, they should be using an O/S that supports proper encryption and IPSec. And ALL wireless, remote and dial-up access should be regulated by an independant firewall, possibly with one-time authentication tokens such as RSA SecurID etc etc (insert favourite auth here...).
There was a talk on this at Defcon this year. Pete Shipley was having success rates of 80 networks per hour in San Francisco.
See: http://www.sans.org/infosecFAQ/wireless/war.htm and http://www.theregister.co.uk/content/8/18285.html
Hrm... I wonder why they call The City the 'Square Mile'.
The problem seems to me to be one of inertia. Everyone with at least a vague knowledge of the facts is well aware that, whilst WEP is a small hurdle, it's really no obstacle to anyone who's vaguely determined to get in.
On the other hand, it's some hassle to set up a firewall before plugging your access point in. Especially for development work, when you're not setting out to install a "proper" network, it's all too easy to just plug it in for a short period and hope, on the grounds that it'll somehow all be OK. Especially when deadlines are tight, setting up all the security properly is always going to be seen as too time-consuming.
What's fairly inevitable is that there will come off the shelf access points with real security built in. Let's just hope it's not each manufacturer having their own proprietary standard, so there's no interoperability...
I read this as saying that the network owners are leaving their networks open on purpose. And really, why not? This is the way I have mine configured... Wireless Freenets anyone? If my machines are secure, why shouldn't I let the neighbor piggyback?
Guvegrra?
Not to be all "been there, done that", but I know guys who were doing it in downtown NYC a year and a half ago. Amazing how many Wall Street corporations can be so freaking clueless about segmenting off the generically insecure portions of their network.
Sad to think that we'll have an entire generation of hackers growing up who have no idea what Tone Loc is just because wireless networks are so much of a sexier, easier target than open modem banks, isn't it?
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
It's illegal to do that? Not my problem, I liken this to a publicly accessable park.
I'm wondering if its possible to track down people who are illegally gaining access down to their physical locations, such as through triangulations and such.
In case of fire, do not use elevator. Use water!
Check out BBC TV Center with a scanner... you can really fuck about with their radio mic's, of the fun.
Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?
the byproduct of years of oppression by the white man
What is the point of a wireless network in these cases? do people really need to access their files from the bog? i think not. What if i drove around with a reasonably powerful transmitter and jammed the frequency? would every company in the city be screwed? Also, how do people who are imcompetant get good jobs? i would be interested to know, as i feel that i am a tiny bit less incompetant than most and would like to be in a high position (i can write in joined-up and make coffee on my own!!!).
This comment does not represent the views or opinions of the user.
1. Individual companies knowingly installed these networks, and failed to encrypt and secure the access to them.
:-)
2. "Hackers" used their own legally obtained hardware and software to identify these networks.
3. They identified these networks while traveling on a public right of way.
From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies. The onus is on the people setting up the wireless nets to secure them. If individuals can ID these networks, use them, and not cause damage, more power to them.
If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.
Finally, why does a brick and mortar office NEED wireless? Isn't cat5 already available to every desktop? Wired nets are invulnerable to wireless hacks, hence, 100% secure against wireless hackers. Well, unless the wireless hackers find a vulnerable wireless net, hack onto your network throught that one.......yadda.
At my company, we use WEP, but complete the connection you must log in using a VPN. We'll probably just switch to VPN only, but this makes me wonder how many of those networks simply did not have WEP enabled but DID require some other authorization to access network resources?
Just because it does not have WEP does not mean it is secure.
Actually, the European Commission has declared that the "Square Mile" will soon be known as the "Square Kilometre". Companies based in the existing square mile are fighting eachother off to move even closer to the centre, for fear that when the smaller kilometre is imposed, they will be left outside, in plain old Central London.
As you will get your IP form DHCP. You don't have an internet proveder or phone line to go through. Neat.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
First of all, British Citizens have never been 'subjects', that was reserved for people in the colonies.
If you think Britain is bad then you may want to watch developments in the USA post Sept 11th, I'm sure new cameras will be instituted, and it may well end up 'worse' than the UK since the USA has very weak data protection laws due to corporate interests.
Schadenfreude has a nasty habit of coming back and biting you in the arse.
"Yeah, ten-roger, the data 's thicker 'n bugs on a bumper tonight! For shore!"
"Copy that, good buddy. Guess they'll never know why their stock price keeps droppin'!"
"A firm a tiv, pard. Just keep your ears on, and never tell 'em yer' 20!"
"Roger that. We gone, bye-bye."
-- With apologies to C.W. McCall
Isn't it all under the City of Westminster anyway?
Could be worse... they could have ended up in Lambeth. To the uninitiated, that translates into a right fucking dump! As is most of London apart from a few select bits, but you still pay £250+ for a shoebox even in the crappy bits.
Point of my post, maybe when a couple financial firms get cracked via this method it will be the necessary wake up call to some folks that information security is not a tack on service.
- Cheers,
- RLJ
You've never used CB, have you? It's "ten-four" or "roger".
Best Slashdot Co
Its lucky that nothing like that would ever happen in the land of the free.
ps. I hate responding to so called trolls, but this one has been modded up twice
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Rumor (should that be rumour?) has it that the euro was invented so that the pound sterling would not be replaced by the kilogram(me).
I'm off down the pub for a quick litre.
Actually, the biggest problem concerning wireless networks ist the sniffing. Using a Intersil Prism II - card in promiscuous mode, together with an USV in your car, you can even crack an 128 Bit - WEP - encrypted net in approx. 5 hours to 14 days. Thats why some firms went to shielding the buildings to keep the signal from reaching the street. Thats what a friend of mine and me found out asking some tech guys from alcatel at this year's systems in munich.
If you're interested you might also check out the radio show with two guys from the CCC(www.ccc.de). They talk - among other things - about how they got IBM WEP-keys through social engineering at a systems some while ago.
Nope, it is the City of London. And although £250 a month will get you a shoebox, per week you can have a very nice pad.
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Yes, and you NEVER call someone "good buddy." That means you're gay, and you want that person to be your partner.
Oh what's the (decimal) point?
From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies.
Not in the UK mate
The Computer Misuse Act 1990 makes it an offence to read a computer file that you do not have authorisation to read. (As well as other 'cracker' type offences)
Basicly this also means that if I look over your shoulder in the office and read what is on your monitor I have commited a crimminal offence punishable by 5 years in prison! (last I looked)
If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.
Aggreed. But remember that is isn't just sysadmins that suffer, but maybe some poor sod on 4quid an hour just trying to do their boring desk job. Also no matter what we know is right as geeks dosn't mean the legal world agrees with us (DMCA, micro$oft etc etc etc)
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
£250 per square milimeter! A crappy flat (room for bed + door) is pretty cheap at £300k.
Since there isn't currently a widely-supported and secure wireless protocol, they say that you should put your wireless network behind a firewall and treat it as an untrusted link. But they didn't actually do anything to see if the networks they were finding were firewalled off that way. So the article doesn't really say anything about deployed security. Of course, their correspondants probably actually know that the security sucks, but didn't want to demonstrate that.
It does make an interesting example of how you can confuse people, though: they actually wrote an article in which they say they went looking for networks, found them, looked for security, didn't find it, and learned that the only good security wouldn't have shown up, and they didn't come to the conclusion that they weren't looking for the right things.
Presumably these companies have insecure internet connections, but nobody would write an article about it without finding out if they have firewalls on them.
I used to live in Brixton in South London. At first, I was against the cameras, but then I saw how they had a positive effect on reducing crime.
I now live in central Barcelona, where the pickpocketing and bag snatching is terrible. Frankly I wish they would install those cameras here.
And having walked around the streets of New York and San Francisco at night, I think they wouldn't go amiss there either.
It's not the cameras that you need to be afraid of, it's how they are used. As far as I can see they have had a good effect on reducing crime in many UK crimespots, without any infringements on anyones personal freedom (unless you're completely paranoid, in which case you'd better stay indoors with the lights out and your lead helmet on).
Um, Even guys like Peter Shipley (who thinks he's a vampire) know how to do this stuff, and that was reported about a year ago. Maybe we can post a story after Xmas about the world trade center?
-- http://www.criticalassets.com
For myself, the answer is simply easy and unllimited access to the network without lugging that damn cable (that's never quite long enough) around everywhere you go.
When I need to do an impromptu presentation of something on the net anywhere in the building, it becomes really easy and convienent. Or even more recently, when I've got three laptops to be used simultaneously and only one LAN drop... wireless comes to the rescue.
Not to mention that our IS team seems to be very strict on lending out cat5 cables
Suggesting that a site might be secure and yet not have WEP is akin to suggesting that a host might be secure and yet not have enabled shadow passwords. Yes, it is possible, but it is higly unlikely.
Actually, your last line almost says something very important, just change a couple of words:
Remember, "Security is a process, not a product"
I do not deploy Linux. Ever.
The thing that you have to understand about the UK is that there really is a history of these things been put in place and then not used, through apathy, budget constraints, or good old fashioned incompetence.
The omnipresent cameras are useless for identifying individuals; all they are used for is to grab grainy, wobbly pictures of suspects that identify height, clothing (maybe) and gender (if you're lucky) which are then splashed all over tabloids and the TV as part of appeals for actual eye witnesses to come forward.
A few more examples. The UK has had a DMCA since 1988, but few people know about it, because it's never been used. The RIP act, that mandates prison sentences if you fail to hand over encryption keys, is again a paper tiger because the Home Office doesn't have the budget to train anyone in its use. In fact, the police already suffer from having a surfeit of powers.
There was a case last year of a young student who went missing, sparking a nationwide hunt for her. She (or someone purporting to be her) sent an email from an internet cafe claiming that she was all right. The police eventually found her not by tracking back the message through the headers to find the cafe (a 30 second process), or through cameras, or through any technological procedure. Instead, they guessed where she was by looking at her past history, then blanketed the area with police handing out leaflets to cybercafes, until they got a response from an owner, then they staked it out until she turned up again.
So, sure, the UK has Draconian laws (but I'm sure the US will catch up), and sure, open networks and all that, but on the other hand, blurgh, it's a typical wet and windy British night tonight, and the Evil Things will be tucked up all warm and cosy in bed, not prowling the land looking for innocents to molest. ;-)
If you were blocking sigs, you wouldn't have to read this.
Since 802.11b uses a flawed encryption scheme there is no way to make the over-the-air protocol truy secure.
This does not mean that the networks are compromised. One way to set this up would be to leave the 802.11b interface wide open (thus making it easier for laptop-users to roam onto the network), but to place the wireless access point outside the firewall. Legitimate users VPN into the network (with VPN encryption of course). The exposure is no worse than any other point at which a private network is exposed to the public internet through a firewall.
One problem is that "anyone" can set up a wireless access point for their personal use -- without realizing that they are exposing their company's LAN (Apple Airport anyone). A contributing factor is a false sense of security because most notebook 802.11b cards have a far shorter range than the access point broadcasts. Your notebook may not be able to pick up the signal outside the office but someone with an external antenna can pick it up at much greater range.
No, I don't want to explore the Recycle Bin.
1. Take a wireless Xcam and plug it in, in the same general vacinity as 802.11X network.
2. Plug in the camera part
3. Tune until wireless network no longer works.
Cost of camera: $35.00
Cost of electricity to operate said camera: $.02
Cost of your favorite wireless internal LAN being completely shut down until you unplug your 'thingy': priceless.
-- http://www.criticalassets.com
IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):
Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!
I do not deploy Linux. Ever.
It's hardly a secret that your laptop will see something when you're standing out in the parking lot near any company with an 802.11 network. That doesn't mean it's insecure. A company with even a smidgen of security sense will put the wireless network outside their firewall, and require employees to use VPN to access internal stuff. People on the outside may be able to get a little free internet access, but that's it.
The article is very light on details, gives no information as to what "wide open" means (just because you can see the network, that does not mean it is insecure). There is only one mention of the word "firewall" in the whole thing, and even then it's very vague.
I think this reporter has been duped by a couple of script kiddies. The supposed terms "war driving", "war pedalling", and "war walking" sound like something the kiddies made up on the spot, and later snickered at the reporter for believing.
Free Hans!
Really hurting for new content these days, huh?
It's amazing how Americans complain about the cameras in the UK, they entrust their officers with guns which could lead you being shot dead either intentionally or otherwise, now that is potentially a pretty big infringement of your liberties (right to life), yet when people talk about cameras and the worse case senario it doesn't even come close to killing people.
British police don't have guns yet have access to cameras, US police could kill you in the spot yet don't have access to cameras. By having a polcie force you inevitably give up some of your liberties and expose yourself potential abuses of those rights, which has more potential for abuse... side arms or cameras?
This is why when people start bleating on about the cameras here, the contradictions really make me laugh, oh the hypocrisy.
you guys are so slow. everyone knows that for that last few years, to break into any major computer system, you just hold down control and double click on the pi sign on the bottom right hand corner of your screen.
The world moves for love. It kneels before it in awe.
...that I agree with your point about it not being unethical/illegal until something "bad" is done. Of course, "bad" is left to wild interpretation.
IMHO, if you're simply using the open-access wireless to access the net for non-malicious means (surf, check your personal e-mail), then more power to you.
If I wasn't worried about my cable access being cut off for sharing my connection, I'd love leave it open for passerbys -- I admit that the utopian idea of being able to access the net from anywhere anytime over a wide wireless LAN (WWLAN?) without paying intrigues me
Where I work, we have a network segement that requires no log in. Assuming you have a laptop, you can connect and get internet access - you need no special software on your machine. You are firewalled (properly) from everything else. Activity is monitored by the IP address you are assigned: if you are doing something silly, you would be booted off. ( I think the monitoring is automatic, and based on bandwidth consumed - not sure)
The whole point of this is that when people come in to do a presentation, they can get internet access without bothering the support team. Mucking around with VPN software etc on someone elses laptop always ends in tears.
How many of these wireless networks are the same sort of thing? If people started to leech in earnest then more security would be applied.
You paint a quite sad picture of the UK - in fact it is funny to compare how negative UK citizens are about their country compaired to a typical American's blind patriotism for his!
One thing that I think makes the UK a great place is the very high level of integrity of its people. Generally speaking, the Brits are a very decent lot who usually "do the right thing". Even those in positions of power, which believe me is not true in many countries. This might explain
why Brits feel safe with government controlled cameras in the streets, but many Americans would be unhappy with the situation.
Not wanting to spoil all their fun, I allocated them some bandwidth
moderators are ghey.
It wasn't actually that long ago that me and a few mates were contemplating jumping in the car and driving down to the city armed with a few laptops with wireless nic's, set to DHCP AUTO mode!
Seems a few people are doing this already and could be extremely dangerous. I wonder when the new 'hacking' or 'anti-terrorist' acts will come into place to stop you 'snooping public airspace for network availability' - it's bound to happen.
I suppose that if you stand outside of a companys building, obtain an IP address on their wireless network and are able to browse parts of their internal LAN, you have gained illegal access. Or would the case be that the company has given public access to their network because it's not encrypted or protected enough? Fun debate.
# bring back VHF scanners.. echo delta charlie..
"Never let the truth get in the way of a good story..."
Let them truckers roll, 10-4!
Yeah, the British are the only country in Europe where people don't carry ID cards, because of privacy concerns. Ironically, it is also the country with the most cameras...
Some people are intrinsically paranoid though. You know, real, They come into my house in the middle of the night and re-arrange all my furniture exactly the way it was, people. Nutters are Nutters. Besides the cameras keep them off the streets too :D Cant be that bad.
A simple solution may to just buy lower powered WAP's. You may need more but it may help a bit. The place where I work has a WAP' set up in the steel supports for the roof. Small devices that read barcodes on the floor relay through that access point. You can take these hand helds, go out across the company parking lot. Across a four lane high way and up the ditch on the other side and still get a signal. (only if the you keep the antenae vertical though) I would say that it is a little over powered for the application at hand.
And having walked around the streets of New York and San Francisco at night, I think [cameras] wouldn't go amiss there either.
The Mob would never stand for it.
Although it's quite off-topic, I had a really interesting experience one night while walking around the streets of NY. On my way back to the hotel I noticed that the street I was on was rather deserted and although I was a little uncomfortable about that I didn't know which streets might be better (or worse!), so I forged on.
At one intersection a man intercepted me. He was well-dressed, expensive coat over an expensive suit, nice shoes, perfect hair, etc. He very politely asked me where I was going and if he could help me find my way. I told him which hotel I was going to and he gave me precise and easy to follow directions.
I noticed, however, that his directions seemed to take me a couple of blocks out of my way, and that it would be shorter if I just continued the direction I was going. When I mentioned that it seemed better to go straight he politely but very firmly told me that it would be better to follow his directions, because this wasn't a good street to be on late at night.
At that point (I'm a little slow) I put things together and decided that if a very nicely dressed man of Italian ethnicity, standing all alone in the shadows on a dark and empty NY street late at night, tells me that particular street is a bad place for me to be, I should listen!
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
war driving by the bay http://www.securityfocus.com/news/192
WLAN Survey http://www.dis.org/projects.html
Actually, there aren't any more cameras in Britain than there are in the US. The only real difference is that in the US there are a lot more malls, while in Britain most shopping happens on streets.
I was surprised to find 802.11 access points not at one, but TWO neighboring car dealerships. The range was poor, but it made me ponder why they'd even have 802.11 in the first place.
I've been thinking about getting a 802.11b network going on my lan, and thinking about how to make it somewhat secure.
My idea is to add a third NIC to my firewall/masq/server machine, which the wireless hub hanging exclusively off this NIC. That way I could add some ipchains rules that only apply to the wireless network.
The question is, what sort of ipchains rules? One idea I had was to only allow the MAC address of known/authorized cards (this would require iptables/kernel 2.4 -- ipchains doesn't look at MAC AFAIK). Even though MAC address could be spoofed, it would probably be enough for my home lan.
Is this similar to what other people have tried? What do other people do for this?
It's not the cameras that you need to be afraid of, it's how they are used. As far as I can see they have had a good effect on reducing crime in many UK crimespots, without any infringements on anyones personal freedom (unless you're completely paranoid, in which case you'd better stay indoors with the lights out and your lead helmet on).
So, you say cameras by themself aren't bad? Do you consider face recognition and liscenseplate recognition software bad? On foot or in the car, they will soon be able to tell exactly where you are in London. (They already have the technology, it just isn't fully implemented over the whole city yet)
American officials are drooling over this stuff; it'll only be a matter of time before we're under a simmilar microscope.
It doesn't take a lead-helmet-wearing-paranoid to see that it's bad to have a computer database that knows where everyone is all the time. Do you really trust your government that much?
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
Oh how we were once like you, for better or worse we had the Empire and all the power that came with it, control of the seas via a huge fleet and army, including all the triumphantalism. As with the Romans, Ottomans etc things come and pass, the same will be true of the USA eventually, not in an huge apocalyptic way, but nevertheless things will change.
The UK isn't vanquished, the post colonial Britain is very prosperous, but people are more reticent, with little chest thumping, a lot of technical stuff happends in the UK but you just don't hear about it as much, I just found out today that the LCD was a British invention, as was packet switching, which is quite amazing considering how some of our institutions are underfunded.
The US is a somewhat adolescent nation, a little wayward and rowdy but yet ok deep down.
If you actually look at various commonwealth places round the world then you can see we weren't mean bastards who went and destroyed everything we merely influenced things, just like the US corporate imperialism today.
I've been monitoring my wireless (Linksys wireless switch) since I got it. For assumed security, I set up encryption features as documented. Looking at the logs, it appears that it has yet to be attacked in this manner. It does get attacked through port 80 a lot (there are no web servers on that segment) among about twenty other ports.
Is setting up encryption enough (as the article seems to suggest) or does an administrator have to get anal and allow specific MAC addresses only? Is encryption just a speed bump to crackers or a complete road block?
Ozwald
Jeez CmdrTaco, way to continue your tradition of poor spelling and error checking... It's spelled center , not centre ! Pretty soon you'll be using made-up words like defence and revolutionise!
No laptops for you!.
I totally agree, america wants to do to the world as Britain did to them all those years ago, we created them they now want to change the world to how they want it, they are doing a good job and making a good stab at it but yet they get a good hiding from some guy with not much technology compared to america......
We know that very few of those cameras actually record, let alone pick up anything useful. None have been used effectivly to stop crime or terrorism. Although where they have been installed petty crime is prevented and ordinary people feel safer, and thats why they are there.
This is the worst sig ever.
It doesn't take a lead-helmet-wearing-paranoid to see that it's bad to have a computer database that knows where everyone is all the time. Do you really trust your government that much?
Well, yes, actually I would trust the UK government that much. Democracy is very strong in the UK - people are very aware of what is going on (it has the highest newspaper readership of any country in the world) and they let it be known when are not happy. Remember Margret Thatcher had to step down as Prime Minister mid-term because she had overstepped the mark.
Is it heresy to suggest that demoncracy is stronger in the UK than the US? I am afraid that's the impression I get with Bush apparently so easily swayed by the moneymen and the people of the USA apparently so apathetic about it. I'm not trying to be a troll, that's just the impression I get.
Bobbies: "Stop! Or I will yell 'stop' again!"
I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.
I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.
Yes, people should use VPNs, but the point of the article was that they're not.
Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.
I want to move: I thought Canada, but they're backing their ass up for the US too much for my liking, so now I'm thinking New Zealand. But it might be too late for me; I think the national apathy has soaked through to the bone. :-(
Of the people, yes, but we're (in general) as badly informed and easily manipulated as the rest of the world. I actually think that the US people are the best and greatest in the world. You still have recent memories of your reach exceeding your grasp ("We choose to go to the moon [..] not because it is easy, but because it is hard."). Unfortunately, we have both relapsed into having governments composed of a professional political class (an hereditary one at the executive level in both cases) who are alike in tolerating among their ranks liars, cheats, frauds, and manipulative and hypocrital mass murdering bastards of the highest calibre. I look at what we (Britain) are contributing to in Afghanistan and elsewhere, and I think "My god, viewed from their point of view, with their professional liars spinning it the other way, how can they not hate us?", and I want to get out, and soon.
On the bright side, as I said, at least the British government are largely too apathetic to abuse their powers, unless there's a media circus to play to. Hey ho, small blessings.
(Moderators: this is like 4 levels down. I know it's off topic, but there are better areas to vent your ire.)
If you were blocking sigs, you wouldn't have to read this.
I'm constantly amazed by the way people are 'frightened' of cameras in the streets, busways, busses, and other public places. Emphasis on the word 'public.' Like somehow, a camera on the street is going to take that away from me.
Frankly, if someone is monitoring said camera while I'm walking down the street, and I get mugged, hit by a car, or have a heart attack, I'll be thankful that (hopefully) they'll do something about it. The real worry should be if they want to start placing said devices in homes. Where privacy _should_ be.
Tin Foil helmet. TIN FOIL. The lead ones don't do any good, and they're heavy.
I actually think that the US people are the best and greatest in the world.
Followed by:
Unfortunately, we have both relapsed into having governments composed of a professional political class (an hereditary one at the executive level in both cases)
And the USA is better? Er, Bush Jnr, Bush Snr? The Kennedies?
I look at what we (Britain) are contributing to in Afghanistan
Yes, with the USA. You seen to be confused. You hate the UK and love the USA in areas where they are equally bad. I suggest you try Australia.
I'll ask you nicely to stop what you're doing, if you don't then I'll be forced to ask you nicely again!
Tin Foil helmet. TIN FOIL. The lead ones don't do any good, and they're heavy.
Ha ha! Good try. Do you think I'm that stupid? I know how frustrating it must be for you - I've seen you sitting outside in your car at night trying to scan me. The lead helmet stays!
Salt Lake City's wlan density is at least 5 times that of most large eastern cities I've wardriven. probably would not hold up on the west coast, but still... SLC is high tech :)
Some /.'ers recognize C.W. McCall for the pure sublime genius that he is.
Do a google search before posting.
Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!
Get a better radio. I have a SyncByAir prism2 based radio which gets flacky connections at 100 ft, but I can go a 1000 ft away from the same AP with one of the Cisco 350's. (I've heard good things about the Orinoco radios too.)
Seeing as how democracy in the U.S. is quite broken, I wouldn't be at all surprised if the UK's version operates slightly better. That still doesn't mean people shouldn't have a right to privacy!
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
Even keeping the pets outside
Then you hear a moment too late this sound coming over the phone
This is the spawning of the cage and aquarium
Don't wait a moment too soon
Used to be different, now you're the same
Yawn as your plane goes down in flames
Most likely the problem is environmental, appears that signal strength is good, but noise is also high, according to dstumbler.
I'm hoping to get a free eval of some of the Cisco products in the next month or so.
I do not deploy Linux. Ever.
I'm just about to take a trip to Japan with an iBook w/ airport card.
Anyone have information about wireless networks in japan? With such a high population density I would think that there would be many wireless networks, especially in downtown Tokyo and such.
I can't spell or type, but that doesn't mean I'm unusually stupid.
Here are a few links to informations and the like..
Windows: Netstumbler
Linux and various links: Wardriving.com
I never realised that miserable weather could be a security feature!
Actually C.W. McCall was first, 1980 was when "Good Ol' Boys" hit the charts, while "Convoy" was 1975.
CCTV doesn't eliminate crime, it just moves it to other areas without cameras.
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
I have a real problem with laws that are never enforced.
They lead to a situation where anybody that the government is particuarly irritated by can be locked up easily because they are bound to be breaking a few laws. Lots of other people may be breaking those laws too, but since they're not doing anything that irritates those in power, they are ignored.
This is not a theoretical problem, it happens all the time. For instance, there is very selective prosecution of people breaking the official secrets act. AFAICT, the law is - if you say something that causes embarresment to active politicians or any senior member of the intelligence services, then you go to jail.
In fact, if you think about it for a moment, you'll realise that this is the entire *point* of these laws. You'll be very comfortable as long as you keep to prescribed boundaries. Stray outside, and you'll see a different side to things.
http://rareformnewmedia.com/
A guy I know has a glazing business in Reading, UK. What I mean is 24 x 7 emergency glass repair, like if some drunken piece of scrot kicks in your shop window you can call to get instant fix or at least get it covered by a slab of marine ply.
Anyhow, he says the CCTV cameras are wrecking his business!
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
(Moderators: this is like 4 levels down. I know it's off topic, but there are better areas to vent your ire.)
It's hopeless. I've marked stuff "OT" in the title and still been modded down for off-topic. There are some very slow folks getting mod points these days.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
And I'm sure there are more, and law-abiding citizens will be all the more safe and secure for it. Such a system would not be controlled by a corporation with financial interest in it, but by the government. What evil intentions do you propose the UK government has? And how would this kind of system help? As I've remarked before, privacy is something you give up when you enter a public area, by definition.
I suggest the moon; No people there. THAT solves our problem. Come on you guys, we all know that all governments on a national scale are corrupt. Just in different ways. Whether USA or UK, the laws are stupid. USA has people who do too much _TO_ their country, the UK doesn't seem to have many who will do anything _for_ theirs. Oh well. So be it. Just do what you can to uphold what is right.
You'd be amazed at how many restaurants and bars use 802.11 wireless networks for their POS (touchscreens, credit card terminals, etc.) and don't use ANY encryption back to the access point. The traffic that I captured was... interesting.. to say the least..
Lesson learned; I don't use credit cards at restaurants and bars now. :)
This whole thread has gotten offtopic, and you're a zero-posting-at troll anyway.
You don't see the benefits of privacy? Bah. Your just trying to stir up trouble. I'll go back to my 50 karma account and hope this post ends this foolishness.
I had similar reservations about NY, but I found San Francisco quite safe after dark. Maybe its because I have spent large amounts of time in Hong Kong, specifically Tsim Sha Tsui and Wan Chai, where there is *loads* of late night trouble :)
:) So you could understand how livid he was......
Although Brixton is somewhat safer than it used to be, I would still not call it a nice place to hang around in the evenings mind. I dont think that I have ever felt so threatened whilst clubbing at Fridge back in the day.
One of my friends had a real problem with surveillance cameras a few years back. We were still students in Birmingham and BBC's Watchdog was demonstrating how effective the city's new system was in tracking people around the streets. So they did a "test" and picked someone out of the crowd. Just so happens he was black, dressed like he was an extra from a rap video and wore lots of jewellery
Po
Sorry dude,but there is no prrof whatsoever that they are open. maybe to the internet, but thats like saying a web server is "wide open", its about as open a you inside some guys fence. as for wep, its been proven insecure, it may slow you down but not much more, therefore it may not be worth the overhead of administration. basically these guys found 12 wireless networks in the financial district, which is not much considereing the amount of networking equipment around there. I've worked for a few banks in london, and generally, the network teams aren't silly. now as for soho, a whole different ballgame...
jacob
OK, it doesn't say anywhere that these networks are insecure, it mearly states that they use 802.11.
So outta the whole of Bank (thats what the financial area is called) these guys found 12 wireless networks, which is acually quite a small amount cosidering the money in the area.
BIG DEAL
this ain't news, its technology
Saying these networks are insecure is a bit like saying web servers are insecure, just because they are on the internet. not using wep is not really an issue as it has been cracked, all it does is slow you down and create administrative overhead. These may be designed to be public, for visitors etc. Most bank don't tend to employ crap network admins, if anything these teams are the most critical for international banks.
that said, i'm sure soho would be a bit more interesting...
Does anyone know where one could find sniffing tools for a Windows environment? (as the tools listed in posts above were for a Linux machine).
We are in the testing stages of wireless at my work, and I am interested to see how secure our current setup is, and also how far our transmitter actually broadcasts.
For instance the Cisco Aironet 350's give you the option to block all MAC addresses by default from associating with an access point.
I can add a MAC on one access point (through a web interface) and then distribute that filter to all the other access points on my network with a couple clicks.
This comes in handy when preventing theft of service. And of course it's pretty difficult to sniff out data if you can't get on the network in the first place..
There's also an "Association Table" that lists all associated and disassociated MAC's. This comes in handy.
If you're not into Cisco's products (or price), I'm assuming the Ciscos aren't the only equipment which provide this type of functionality.
Slashdot seems to be alternating two types of stories about wireless:
1. Let's all set up a new anarchist internet using overlapping wireless transmission ranges!
2. Why are there so many insecure unencrypted wireless networks around?
I see the benefits of privacy as much as the next guy, I just don't see what relevance it has when you're talking about public places which by definition are not private...
I will test this first thing Wednesday morning. Should be interesting to see how bad the interference between the two devices truly is.
I live in Hong Kong now. I have been to Chicago, New York, London. Hong Kong is deffently safer than any of the mentioned cities. There are always many people after 12.
I love the term. Is this the first organization to use the term "Drive-by hacking?"
Setting up a rogue access point in your office is simple and cheap. It will cost about $200 and setting it up is as easy as plugging it in to a spare network drop. Click. You no longer have to fight for a port on the conference room's hub. Of course, these access points tend to default in a highly functional but minimally secure configuration. So anyone within range of that access point doesn't have to fight for a port on the hub, or any physical connection, for access to the internal network either.
One has to wonder how many of these discovered networks are found via rogue access points.
This presents a serious problem for any company's network security. Rogue AP's can spring up like mushrooms. They're difficult to detect. And even if you do find one, its a game of whack-a-mole as you disable one while others pop up.
So what to do? First thing to do is remove the motivation behind rogue access points. Make the darned things available. IT should be considering an appropriate roll-out of this technology now. If the demand isn't there yet, it will be later. And if you don't provide it, your end users will provide it themselves.
Still need to hunt down rogue access points? Kirby Kuehl has a neat little project called aptools to help.
that said, i'm sure soho would be a bit more interesting...
It would - I'm guessing you mean the (ahem) "adult" industry in SoHo, but in fact the area is full of all the graphic design and special effects companies - linked by sohonet but they're all so trendy (and the offices so chaotic) that I bet there are plenty of wireless networks there... anyone want to drive-by and see if they can grab some LotR or SW-II ??
See you all in the Alphabet Bar...
T
I spent a lot of money on booze, birds and fast cars. The rest I just squandered. - George Best
I didn't read it as being "the whole of Bank", rather I thought it was a short drive down the "main road".
Actually the article does not mention VPN even once.
It mostly talks about encryption, which is pretty useless on wireless networks. It stops only the most casual snoopers (like those "hackers" described in the article). Using WEP doesn't mean your network is secure.
Free Hans!
Heh. Yeah, like "The Sun" counts as a paper. People only read it for the pretty pictures on page 3 and the sport.
For the non-brits : Half of the papers in the UK (including almost all the top selling ones) are owned by News International. As is Sky. This means that over 50% of our sources of news are controlled by one man - Richard Murdock. Who happens to be very cozy with Blair and his cronies.
I wouldn't trust this government as far as I could throw them.
The only mass outporings of democracy in recent times have been the fuel tax demonstrations. What happened then? The police and army were called in, emergency legislation was passed that meant that such action classed as terrorism, and the main guy behind it was hounded by the secret service until he backed down and quit. (Official story - "stepped down in order to spend more time with his family").
How long ago was "back in the day?". I've been to The Fridge numerous times in the last year (and other clubs in Brixon), and I've never once felt threatened.
yes, because the government were so keen to listen to us when they asked for our opinion on the RIP act. everyone asked said no so they brought it in anyways.
we may have a high newspaper readership (and how much is the Sun or the News of the World) but our gov still ignores the general populace for the most part and does as it pleases.
dave
Rupert Murdoch.
He also owns Fox I believe, the Star network in Asia, and is trying to buy a satellite TV company in the US - using the rather ironic argument that if its competitor buys it there is the danger of all the satellite TV market in the US owned by one company.
None are more hopelessly enslaved than those who falsely believe they are free. Johann Wolfgang von Goethe.
Heh. Yeah, like "The Sun" counts as a paper. People only read it for the pretty pictures on page 3 and the sport.
This is a common opinion amongst the privilaged classes. However, you and me are from educated backgrounds. The Sun is widely read in the UK because there are a lot of people who are not from such privilaged backgrounds and who require a different type of paper.
My grandfather used to read the 'redtops', not because he was stupid or was only interested in tits and sport, but because it spoke in his language. If you take a look at the Sun you'll find that actually a lot of their political coverage isn't that bad, and they do go out of their way to explain complex issues, such as changes in the economy, in everyday terms.
I think it is much preferable to have a population that is informed, by whatever means, than one that is ignorant or apathetic. Not everyone has the appropriate background to read the Times or Guardian. Don't assume that means they are all stupid or disinterested.
My question is: how is this offtopic, given that I had read the same article three days before on Slashdot? And then it was the fifth time in two days we had a duplicate. Seemed appropriate.
Put identity in the browser.