Warflying: San Diego

geogeek6_7 writes: "WarFlying over SanDiego reveals hundreds of WAPs, and some very interesting statistics. There is a second write up of the same adventure at the pilot's personal website. All this of course should not be confused with that 1500ft 'WarDriving' effort in Australia."

Obsessive

[Skyshadow]

I don't get this obsession with finding WLANs.

Okay, there are a lot of wireless access points out there. Okay, many of them aren't secured very well (if at all).

So what? Why is it worth so much effort to reillustrate this point over and over again? Sure, Wardriving was a neat concept the first time someone pointed it out, but this is just more of the same thing. What's next? Wartraining? "Look, we got on these wireless LANs while riding the El in Chicago! Why the hell do we have to obsess on this over and over again? This has been overdone to the point where I'm sure we'll see a UserFriendly strip about it!

Okay, rant over. Sorry.

Re:Regulations?

[doublesix]

How, exactly, would this law be enforced? How long until someone makes a law against knee-jerk 'the man will keep us down' posts.

Engine quits...

[Shadow+Wrought]

As a pilot I can tell you that one of the things drilled into your head, early and often during training, is the question "if the engine quits here, where are you going to land?"

At 1500' over a heavily populated area the pilot could still be in trouble with the FAA. It is technically legal, but not necessarily safe or prudent. Simply put, there is not a whole lot of options for landing at 1500', and even less over a densely populated area.

I have seen a great many tech folks at the airport who are smoking holes waiting for a place to touch down. If you consistantly treat an aicraft as a car with the z-axis, it will eventually catch up to you.

My $0.02

Re:In the US

[Keighvin]

Is it the same to detect a system as to use it? If this were the case, anyone using a port-scanner, traffic sniffer, or even PING could be called a criminal. He didn't make use of the networks, just pointed out that they existed.

He also disclaimed his posting of the map, in that the locations marked are those of the plane as it detected the access points, not any indication of where the point itself exists. This is hardly an assist to others in breaking the law.

Great work - but overstated security problems

[noahbagels]

First - I think these guys did an excellent job - and made a nice contribution by publishing their article w/pictures hosted etc...

My issue - is that the security problems are IMHO vastly overstated. I've worked at two companies with WAPs - and those were outside of our corporate/internal firewall.

If someone wanted to work over the WAPs, they would use them like a home DSL line, and simply VPN in. No security problem there.

As for private home users, and even some small businesses (as both my parents run offices with non-secured WAPs) - the security risk is only as great as the value of their data, divided by the cost to get to it. If any of you want to (i) find, and (ii) hack my father's office's legacy Dos-based auto/office management software, than by all means - we've been in need of a windows compatable update!!! (hehe).

But seriously - what use would you have for your neighbor's email or home document/resume, etc... and would you really go thru the trouble of hacking a next-door Pentium running WinXP? I think it's far more likely to be the sploits' of a script/trojan than an individual.

All good companies will have seperate VLANs (or equivalent) running different things - i.e. the WAP should be firewall'd like the rest of the net etc...

Not to mention - anyone can be hacked over the internet, even with firewalls, but to use WAPs, you have to be within the range - typically 1/4km. Do you have the time/car/laptop/battery life to drive to your 'enemy' or soccer-mom's house and hack the encryptions? (yes I can spell - watch some more southpark).

BR
nuff said.

Re:Great work - but overstated security problems

[Todd+Knarr]

I think there's two problems with unsecured wireless networks. The first is access to data. In business settings often the WAP isn't firewalled off and secured, so it provides an access point into the business's LAN that doesn't require physical access to their wiring. The risks there are obvious. In the home environment lack of a firewall's a given, but there's more risk than would be apparent. If someone searched your computer and you used Quicken, how many account numbers could they find? This is frightening when you consider that banks, when processing electronic checks, don't actually validate much. If an electronic check comes in with a valid account number, they pay it and leave it up to the account holder to screech if it's not kosher.

The second is access to bandwidth. Even if someone can't or doesn't get access to your computers, they can probably use your network connection to reach the rest of the Internet. What they do will then be traceable back to your network, with no obvious indication that the attached machine wasn't legitimate and one of yours. The result of that is that you could be held responsible for that P2P server hosting pirated content, or that huge chunk of child pornography that got downloaded to something attached to your network. You can try to prove it wasn't one of your machines, but that's going to be a tough job and isn't guaranteed to succeed.

Malicious computing via _your_ cable modem

[Neuracnu+Coyote]

What's the big deal?

Well, if I had a new klez worm varient to unleash, what better way to introduce it to the world than jumping on some poor sap's low security WAN?

Crack attempts, spam, kiddie porn, whatever. Any internet activity that people avoid for fear of being traced down can be easily, safely pulled off by leeching off of some poor sap's WAN.

I'm glad to see geeks making a fuss about a glaring security hole like this. The more fuss, the more press, the more dummies with LinkSys wireless routers start securing their connections.