Slashdot Mirror
Warflying: San Diego
geogeek6_7 writes: "WarFlying over SanDiego reveals hundreds of WAPs, and some very interesting statistics. There is a second write up of the same adventure at the pilot's personal website. All this of course should not be confused with that 1500ft 'WarDriving' effort in Australia."
Okay, there are a lot of wireless access points out there. Okay, many of them aren't secured very well (if at all).
So what? Why is it worth so much effort to reillustrate this point over and over again? Sure, Wardriving was a neat concept the first time someone pointed it out, but this is just more of the same thing. What's next? Wartraining? "Look, we got on these wireless LANs while riding the El in Chicago! Why the hell do we have to obsess on this over and over again? This has been overdone to the point where I'm sure we'll see a UserFriendly strip about it!
Okay, rant over. Sorry.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
How, exactly, would this law be enforced? How long until someone makes a law against knee-jerk 'the man will keep us down' posts.
Armed with this information, we took a few common brands of garage door opener (Genie, MultiCode, Sears, etc.) and set them to these combinations. We then hopped on our bikes and started riding around the neighborhood clicking the buttons. You wouldn't believe how many garage doors opened.
I sort of drew a parallel between unsecured WAPs and these unsecured garage doors. It was remarkably easy to do. Most people have no clue how to change the dip switches on their garage doors, just like most people have no idea how to change the default SSID, disable SSID broadcasts, and enable encryption.
Because of what I learned about the security (or lack thereof) of the typical garage door opener, I now have a much more secure Linear DX Code receiver controlling my garage, just in case some kids get the same idea I once had.
The FBI field office in San Diego has just issued the following warning:
"If you see strange symbols floating in the sky above your corporate office, this might mean your wireless networks have been targeted by hackers or terrorists. Be sure to secure you wireless networks and contact the FBI immediately."
Beauty is in the eye of the beerholder.
As a pilot I can tell you that one of the things drilled into your head, early and often during training, is the question "if the engine quits here, where are you going to land?"
At 1500' over a heavily populated area the pilot could still be in trouble with the FAA. It is technically legal, but not necessarily safe or prudent. Simply put, there is not a whole lot of options for landing at 1500', and even less over a densely populated area.
I have seen a great many tech folks at the airport who are smoking holes waiting for a place to touch down. If you consistantly treat an aicraft as a car with the z-axis, it will eventually catch up to you.
My $0.02
If brevity is the soul of wit, then how does one explain Twitter?
I was reading /.'s article about warchalking the other day and my wife asked what I was reading! This is rare as she is familiar with the slashdot masthead and has always stayed away whilst I read. Anyway, I tell her. Our resulting conversation was like this:
Wife: God, some people have way too much time.
Me: yea pretty wild huh.
Wife: Why are you grinning like that.
Me: huh? I'm not grinning.
Wife: You aren't thinking of going out to do this are you?
Me: Can't. I don't have wireless connectivity.
Wife: You've got DSL.
Me: --Edited speech about differences between dialup, dsl, wireless, 801b.11 blah blah blah.--
Wife: So you're telling me that you want to buy a laptop and walk around town with it?
Me: I didn't say that. We don't have the money anyway.
Wife: You'd do it though, wouldn't you?
Me: I dunno.
Wife: You would do it! Why the hell would you want to walk around and pry into other people computer networks.
Me: Dunno. Curiosity?
Wife: What? Curiosity. I might be curious to know why the neighbors are moaning so loud every night after letterman, but you don't see me over there with my x-10 camera laptop!
From there the discussion went downhill....
(ok moderators: Off topic, Funny, REAL LIFE)
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
...they flew over my apartment, so I'm probably one of those Apple access points. Oddly enough, because of the construction style of my unit (apparently Spanish Mission Faraday), I can't get a reliable signal from one end of my unit to the other. Glad I can be of service to local pilot community, though.
I've been searching for a few years for a way to get legit, reasonably priced, Internet connectivity in cockpit. There are many web sites where pilots can get nearly real time weather data. If we could connect in flight we could see radar images of storms ahead. Commercial weather avoidance devices cost tens of thousands of dollars. It's frustrating that every ground-based wireless connectivity solution just won't work at 3,000-10,000 feet. Besides many, such as cellular systems, are is illegal to use in flight.
Commercial in flight internet links like ground-based AirCell and satellite phones, cost more than $3000 for equipment with conenct rates of $2-5 per minute.
The $3,000 PDA-based AnyWhere WX shows the potential. The promised inflight access to NEXRAD will fill the bill, but most avionics makers are planning systems that are still in tens of thousands of dollars range, when a laptop or PDA will do the job.
Your average weekend pilot isn't going to sign up for a $200 month subcription for something only used for a few hours on nice weekends. (Flamers should douse the fire. Most pilots are mere mortals that made flying a priority, just like those who sink money in hot cars or the hottest gaming machines. Most aren't really rich.
It would be a godsend if 802.11b connectivity could be made to work reliably in flight. Does anybody have any ideas on which wireless technology might fill the need?
Ever dream you could fly? Get up from the Flight Sim. I Fly
Incidentally, the "war-" prefix either comes from "wardialing" or is an acronym for "Wireless Access Reconaissance," depending on how politically-correct you feel like being.
Be who you are...and be it in style!
Is it the same to detect a system as to use it? If this were the case, anyone using a port-scanner, traffic sniffer, or even PING could be called a criminal. He didn't make use of the networks, just pointed out that they existed.
He also disclaimed his posting of the map, in that the locations marked are those of the plane as it detected the access points, not any indication of where the point itself exists. This is hardly an assist to others in breaking the law.
Any spoon would be too big.
First - I think these guys did an excellent job - and made a nice contribution by publishing their article w/pictures hosted etc...
My issue - is that the security problems are IMHO vastly overstated. I've worked at two companies with WAPs - and those were outside of our corporate/internal firewall.
If someone wanted to work over the WAPs, they would use them like a home DSL line, and simply VPN in. No security problem there.
As for private home users, and even some small businesses (as both my parents run offices with non-secured WAPs) - the security risk is only as great as the value of their data, divided by the cost to get to it. If any of you want to (i) find, and (ii) hack my father's office's legacy Dos-based auto/office management software, than by all means - we've been in need of a windows compatable update!!! (hehe).
But seriously - what use would you have for your neighbor's email or home document/resume, etc... and would you really go thru the trouble of hacking a next-door Pentium running WinXP? I think it's far more likely to be the sploits' of a script/trojan than an individual.
All good companies will have seperate VLANs (or equivalent) running different things - i.e. the WAP should be firewall'd like the rest of the net etc...
Not to mention - anyone can be hacked over the internet, even with firewalls, but to use WAPs, you have to be within the range - typically 1/4km. Do you have the time/car/laptop/battery life to drive to your 'enemy' or soccer-mom's house and hack the encryptions? (yes I can spell - watch some more southpark).
BR
nuff said.
What's the big deal?
Well, if I had a new klez worm varient to unleash, what better way to introduce it to the world than jumping on some poor sap's low security WAN?
Crack attempts, spam, kiddie porn, whatever. Any internet activity that people avoid for fear of being traced down can be easily, safely pulled off by leeching off of some poor sap's WAN.
I'm glad to see geeks making a fuss about a glaring security hole like this. The more fuss, the more press, the more dummies with LinkSys wireless routers start securing their connections.
--