Slashdot Mirror
Disney World Goes 802.11b
LighthouseJ writes "Over at CNN they report that Disney World in Florida has a 47-square mile 802.11b wireless LAN through the park with 200 access points. The move comes after visitors complaints that they couldn't use credit cards at every place in the park. Plus, it allows "cast members" to offer guests goods and services anywhere, not restricted to where the credit card machine is at. The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support sees this as a valuable technology, citing mobility and flexibility as the main reasons for the switch.
Khan goes on to say that the system is protected by a 128-bit encryption scheme and software installed to detect intrusions.
When he was asked if visitors will have access to the wireless network, CNN quotes him to say: 'We need you to come to the park and enjoy the park,' he said. 'If we start opening Internet cafes, you won't do that.' He's a smart man." So, running AirSnort wouldn't probably be the best idea? *grin*
How long before that network is comprimised. In a matter of days People will probablly know what websites Mickey has been to (www.nakedmice.com) or what Mickey purchases online. (Probablly Real Dolls )
--
FearLinux.com
There are things the user could use besides surf the web. For instance, a little app on your wireless device that let you check the length of lines at the rides, the reservations at a restaurant etc.
Still, just as is, it is cool.
or at least, if it /is/ an IP network, each device will be a VPN client. I would presume Disney has enough money to hire people smart enough to not depend on WEP for security.
Then again, larger companies have done dumber things...
-C
"We need you to come to the park and enjoy the park"
;)
Imagine your laptop in one hand, some candy in the other one and getting chased by 23 security officers running over and knocking down mickey and his fellows...
I'm sure this scene is going to make it into "password: swordfish 2"
this sounds like a big heap of enjoyment to me
They say they have "software" that detects intrusions. That doesn't seem to imply much about tracking you down to the square foot.
OTOH, I don't recall ever seeing a laptop, so you'll stick out like a sore thumb unless you're in the bathroom with a PDA.
They do search bags currently. ALL bags, even diaper bags.
Also, there's an active Linux community among their IT people. There are definitely pockets of clue there, and it's likely that would extend to their IT security people as well.
It's not just a matter of buying 1000 whatevers that worked for the guy doing it for 150.
Shut up, be happy. The conveniences you demanded are now mandatory. -- Jello Biafra
Because I'd hate for wireless Mickey 2001 to start picking up air traffic chatter
Hi kids! I sure hope you enjoy the RED LEADER, RED LEADER THIS IS TANGO ONE. and make sure to visit our LOCKED, COCKED, AND READY TO BURN TANGO ONE, WHAT'S YOUR STATUS?
And hey, under the recent terrorism bills wouldn't that qualify Mickey as a terrorist? There's be a trial to top OJ.
Disclaimer: MINAA (Mummy! I'm Not An Animal!)
Not another wireless mouse!
Ba-dum-pa-chi! Thanks folks, I'll be here all night!
sin(6cos(r)+5A)
While on my honeymoon in DisneyWorld this year, my wife and I took quite a few of their Behind the Scenes tours. On the Epcot one, we found out why Disney will most likely never let people have 'Net access in their parks. (At least not in public places.)
Our tour guide said that they actually did have a kiosk there a few years back that let people browse the web and check their web-based e-mail. He checked on the kiosk once and found that some pervert had left up a XXX e-mail and changed the wallpaper. He wouldn't elaborate on what it was, but he said it shocked even him.
Luckily for them, they were able to remove the offensive material before anyone noticed. Still, as a place that bills itself as "family-friendly," they simply can't take the risk that it would happen again (and more high profile).
Our tour guide kept the possibility open that they would resume 'Net access with some types of safeguards against this, but no safeguard is 100%. Public Internet access is just not a high-priority item for Disney. (Believe me, there's so much to do at Disney World, that you won't have time to browse the Net.) The PR risks of another abuse far outweigh any customer gains.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Only about 35% of the 47 square miles owned by The Walt Disney Company in Central Florida is developed. I highly doubt they went through the expense of creating a WLAN cloud that covers marshland. I doubt that even the hotel resort properties are covered either. It probably only the 4 theme parks, the 3 water parks, Downtown Disney and maybe Fort Wilderness near Pioneer Hall. That drops the square mileage significantly. Even with the hotel areas its only a fraction of 47 square miles. I really hate bad reporting.
By definition, any given network is crackable. It's just a matter of time, right?
Here are some exploits that we can be sure of seeing in the future:
1. 'It's a Small World' animatronic dolls reprogrammed via wireless network to share their cultural feelings via a massive animatronic orgy of all nations.
2. Michael Jackson's "Captain Eo 3D" video replaced with low-quality MPEG of a video taken of what really happened at Macaully Caulkin's last birthday party.
3. Ride Space Mountain during DDOS season? Only if you're feeling suicidal. You never know when that modified Nimda worm is going to kick in.
4. Parade of Lights all flash in sequence to spell out "L33+ X1DD135 OWNZ JOO DIZNY"
5. Animatronic Abe Lincoln now shouts, "Beefcake. BEEFCAKE!!!!"
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
I took note of their network over a year and half ago when I went there with my Highschool senior class.
/w 802.11b card and go to work.
I noticed the cash registers were connected to an 802.11b network.. also, I spotted some computers as well.
I didn't have an 802.11b card at the time, and my only laptop had suffered a terrible accident.. so I wasn't able to do any 'diagnostics', but I thought it was interesting. Maybe next time I'll bring my PowerBook
See, you don't need to worry about getting into the park with your laptop.. Because this also extends to their hotels and probably their on-site buses as well.
Yes, we all agree that this network may be risky for transfering credit card info around, but they could over time move to a "disney dollar" card, where you pre-load the disney card with your credit card as you enter or on the phone or whatever, then use that disney card within the park grounds to buy whatever. Disney can then provide insurance against fraud against that card instead of worrying about being libel against Visa and AmEx in the case of number theft over the airwaves...
The other advantage is that Disneys own systems could authorize the sale over the Disney card instead of having to send out to a Visa/MC/AmEx authorizer off site-- it would be considerably faster that way (since the system could be built up front to support the average # of visitors on site), especially during holiday seasons...
Just a thought...
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
They should rent out wireless digital cameras, whenever a pic is taken its upload via 802.11 and before they leave the park, the got prints of the family vacation.
Also a previous article said it would be used to play music around the park based on location. IMHO, kinda of a waste for just CC's.
"Get them before they get....
Probably some of that sick, perverted, Godless Pixar stuff. ;-)
If you were blocking sigs, you wouldn't have to read this.
Unless they're using IPSec or something like it, they're vulnerable. WEP doesn't secure worth spit even with 128 bits because they implemented the whole protocol as an insecure system. Also of note is the fact that there is pretty much no commercial IDS software that would effectively catch someone doing something bogus in time to find them in a wireless context.
It's pure bravado that bases their claims of security- unless they have a security staff sweeping the entire park with DF gear, they're NOT going to catch anyone doing something illegitimate on their WLAN.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Since you posted that AirSnort link, I was curious, so I popped over to sourceforge and downloaded it. Part of their documentation says: "For a key length of 128 bits, this translates to about 1500 packets." then it goes on to describe how you can search for certain constants (starts with 0xAA, etc) within the packet to see which random keys were successful. Interesting stuff, and definitely a clever way to decode: thanks to flaws in the logic, every bit rate can be reduced to 8-bit encryption.
However, once you've collected your packets and broken the key, you now have a decoded packet. Well, what does that mean? You have the framing information (packet length, header) and the message body (which is just raw data).
I'd bet a 7-day park-hopper pass that the data in the packet's body is encrypted a second time with a more reliable scheme. If there's one thing Disney knows how to do well, its make money, and they can't risk the bad PR for this to foul up.
"The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support"
I graduated UCF with my Computer Engineering Degree in 2000. For our senior design projects, Disney came and solicited us heavily to work on their projects. Free labor, helping a poor college student out with an idea, free labor, did I mention free labor. This project along with several others were mentioned. My comments regarding network security concerns were treated as pessimism. Needless to say I did not lend my time for Disney's free labor.
~ fact is not dependant upon your belief therein. ~ ~ Have I therefore become your enemy because I tell you the truth?
Residing in europe for some time now (hmm, since I was born ? 8) I can tell you this is old stuff.
Every (most) credit card are smartcard for 15 years in France. The credit card machine is in fact an autonomous code checker. It won't transmit your code on the air, but check it locally, then make a confirmation number that encrypt the acceptation code and your card references.
this number is either send remotely for acceptation by the central bank computer (above $500) or just locally accepts if the amount is small.
thoses devices existed before in Infrared transmission, and now use local radio link.
This allows a faster and more secure way than just the stupid magnetic strip...
Hoping to read from you 8)
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
If I'm not mistaken one of the engineers of the system tried warning the French government that it was possible to make a smart-card that could be fake; ie: not really "filled" with real money. Nobody would listen so he finally made one, bought some subway tickets and mailed them to the government proving that it could be done.
Then they threw him in jail for stealing the subway tickets. Anybody else remember this or have more info on it?