Slashdot Mirror

← Back to Stories (view on slashdot.org)

Toronto, The Naked City

Posted by michael on from the so-many-networks-so-little-time dept.

PunWork writes "In an effort to promote wireless network security, Toronto consulting firm IpEverywhere (pun intended) has published a map of downtown Toronto, showing the location of both encrypted and unencrypted ('naked') wireless networks. Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant? The Toronto Star has a story about the map and the consulting firm here."

69 of 211 comments (clear)

  1. Get real.. by unicron · · Score: 2

    Like Toronto's local wardrivers don't have maps that blow that one out of the water.

    --
    Finally, math books without any of that base 6 crap in them.
    1. Re:Get real.. by unicron · · Score: 3, Informative

      Follow up: Wardrive map of the North Pole:

      http://www.securitytribe.com/

      Navigate it to the wardriving section.

      Santa seems pretty lax on security, you'll notice.

      --
      Finally, math books without any of that base 6 crap in them.
  2. its not an "or" situation by deft · · Score: 4, Insightful

    both will happen.

    1. the idiots will try and hack and abuse.
    2. the companies will slowly gain awareness, try to figure out how to secure themsleves, secure funding, initiate sucurity protocols, fix holes, etc.

    gee, i wonder who will get going first. the company or the idiots.

    --

    There's nothing Intelligent about Intelligent Design.
    1. Re:its not an "or" situation by rkwright · · Score: 4, Insightful

      I agree. If you take a look at other areas in computer security (for example, Windows 2000 servers and insecure IIS setups), the actual breakins/worms/etc. have (albeit slowly) caused more admins to lock down their Win2K servers. It has also caused a change for the better with the vendor (Microsoft) in that the next version of their server software (.Net Server 2003) will initially be relatively locked down, and the admin who is configuring the server will have to specifically turn services on. Thus, abusers and intruders have a necessary place by providing the motivation for improving security.

      However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup.

    2. Re:its not an "or" situation by Jucius+Maximus · · Score: 2
      "However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup."

      I agree. There is a similar lack of security on ResNets by clueless students. Basically at the start of each semester, some of by buddies scan the resnets for insecure machines and print out some security documentation on the printer of the insecure person or deposit a helpful security document on the person's Windows desktop. (I don't actually do this because I don't live in university residence.)

      If people did that on wardrives, you might call it 'drive-by security consulting' .

    3. Re:its not an "or" situation by earlytime · · Score: 3, Interesting
      here's what will happen:
      the hackers will get the maps and start mucking with wireless nets in toronto. As the owners of the wireless nets notice that they're being abused, they'll call security firms hoping they will fix the problems.
      Companies with weak security don't usually know they have weak security, and they don't read up on security news, so they won't know that ipeverywhere has "assisted" hackers in finding their insecure wireless network. But if they do find out, then they'll realize that the security firms and the hackers are working hand-in-hand to get $$$ from the companies. They may not be complicit, but they are symbiotic. This is just another case along the lines of what gweeds was talking about at HK2K
      , but you knew that already..... right?

      --

    4. Re:its not an "or" situation by Phroggy · · Score: 2

      Joe Homeoffice certainly doesn't know how to lock down his Web server.

      adsl-68-20-215-135.dsl.chcgil.ameritech .net - - [10/Sep/2002:12:47:47 -0700] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir" 404 83

      dsc01.hoi-tx-6.rasserver.net - - [10/Sep/2002:13:19:58 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
      NNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685 8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858% ucbd3%u7801%u9090%u9090%u8190%u00c3%u
      0003%u8b00% u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 328

      207.248.53.14 - - [10/Sep/2002:18:38:14 -0700] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
      NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685 8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858% ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u5 31
      b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 328

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  3. Ironically... by Anonymous Coward · · Score: 3, Funny

    The map on the site doesn't cover Toronto's nude beach at Hanlan's point.

  4. That's lame by Jonny+Ringo · · Score: 2, Insightful

    Unencrypted networks are now referred as "naked" networks? They just called it that to get more people to read it.

    Maybe someone should make a new insecure Linux distro called "Naked Linux". It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan). In the mean time Windows is trying to get dressed. Stupid 2 legged pants!

    1. Re:That's lame by Soko · · Score: 2

      It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan).

      Well, the latest RedHat beta is now called "null", so you never know...

      Soko

      --
      "Depression is merely anger without enthusiasm." - Anonymous
  5. Its obvious! by FortKnox · · Score: 2

    Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant?

    I'd put my life savings on the aduse of the ignorant.

    Lets see, annually, people get viruses from opening attachments in their emails. How many people, do you think, get re-infected because of ignorance?

    How many people go to windowsupdate.microsoft.com for security patches?

    Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.

    I anticipate a lot of abuse in the city of Toronto...

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    1. Re:Its obvious! by Anonymous Coward · · Score: 4, Insightful

      Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.
      HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

      oh man that is really funny!

      Most IT people dont know squat. and very very few of them know much about, let alone even understand security.

      If your statement were true then corperate break ins and virus's would be a much smaller problem.. 99% of all virus attacks I get are from INSIDE corperate coming from the T1 ties to the NOC not from any of my users or the internet gateway I have. Whenever there's a discussion about Virus scanners and basic virii security.. over 1/2 the IT professionals on the conference call have no idea how to ensure that all the machines are up to date or protect their networks.

      Also, I have had to resort to firewalling the corperate side to protect my network... Yes, the TRUSTED corperate network T1 tie is firewalled by me to keep out attackers and virii.

      I am one of about 700 IT professionals in my corperation... and I have to spend valuable time securing my network from the bungling boobs that this company hired.

    2. Re:Its obvious! by quantaman · · Score: 2

      Hmmm... Lets see 11:21 by my time, I think that would make it 1:21 in Toronto? Yep, I think your company does need to get rid of some of those bungling boobs they have working on their network ;)

      --
      I stole this Sig
  6. Spammers by The+Turd+Report · · Score: 5, Insightful

    I wonder how long it will take spammers to clue in on this? It is a wonderful deal for spammers; as they are untraceable via this method. There are steps that people running these networks could do to prevent spammers, but still allow legit users. But, you all know how well some admins look after security...

    --
    Michael Loves Me!
  7. Computer viruses go airborne by jhines0042 · · Score: 4, Interesting

    People get viruses delivered the their computers via email, the net, etc...

    What is to stop viruses now becoming "airborne" and people who use an open wireless network unwittingly picking them up or (knowingly or unknowingly) transmitting them into open wireless networks?

    Surely most people who wardrive would be smart enough to avoid them through various means... but most people who use computers are fairly clueless about security and virus protection.

    Any known cases of wifi virus infection?

    --
    42 - So long and thanks for all the fish.
    1. Re:Computer viruses go airborne by Cecil · · Score: 2

      For a virus to be able to infect your system simply by sending a network packet to your machine, that requires that someone first finds a remote root vulnerability within the network stack of your operating system.

      IIRC, This has happened, and may happen again, but it's REALLY REALLY UNTHINKABLY RARE. Most network stacks have been rock solid for 30 or 40 years.

      So yes, it's a nice, scary theory. But I wouldn't bet on it happening any time soon.

      --
      Random and weird software I've written.
    2. Re:Computer viruses go airborne by jhines0042 · · Score: 2

      Nice scary theory, but...

      Lets say I have a computer that is infected with a virus. This virus (say Klez) looks for network shared drives to copy itself to.

      I also have a 802.11b network.

      Someone has a laptop with a shared network drive with, for some reason (ignorance), full permissions turned on.

      Said person logs into my network because they are nearby and their network card finds the network (windows XP does this nicely) and then Klez, running on my machine, finds your network drive and copies itself there as "readme.txt.exe" or something else like that.

      Could be more likely than you might want to think. Only involves two stupid people in proximity who have technology they don't understand to have it happen. I can't even swing a dead keyboard* and not hit two idiots with Technology around here.

      (*swinging dead cats is just too hard)

      --
      42 - So long and thanks for all the fish.
    3. Re:Computer viruses go airborne by Kallahar · · Score: 2

      Do you have ANY idea how viruses actually spread? the medium is irrelevant.

      Travis

  8. Maps by NetJunkie · · Score: 2

    Which other sites show maps of APs? I'd like to see if my neighbor's is on there. Wide open...default password on the router...

    I thought I remember seeing a site once where you could just enter a zip code to get an idea.

  9. Toronto, the most secure city? by dattaway · · Score: 2

    It might be that all these points are simply honeypots.

    Did they make tcp connections to find out?

  10. Wireless nodes.. by ldopa1 · · Score: 4, Funny

    Cool, now when I go to Toronto, I have a map of all of the Starbucks downtown...

    --
    The Dopester
    "Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
    1. Re:Wireless nodes.. by Jucius+Maximus · · Score: 2
      "Cool, now when I go to Toronto, I have a map of all of the Starbucks downtown..."

      You don't need a map. If you're in the core, all you have to do is turn yourself around 360 degrees and you will most likely see a coffe shop, probably a Starbucks or Timothy's (not to be confused with Tim Horton's.)

    2. Re:Wireless nodes.. by Jucius+Maximus · · Score: 2
      "I got that beat.. On Robson St. in Vancouver, there is a corner with 3 coffee shops, and 2 of them are Starbucks."

      I can one-up you on that ... in the office tower where I used to work in Toronto, there were 3 coffee shops in the building and two of them were on the same floor.

    3. Re:Wireless nodes.. by rtaylor · · Score: 2

      Ok.. I did a 360 at York / Adelaide and saw both a StarBucks, Timothy's, and if you look hard you can see a Tim Hortons.

      --
      Rod Taylor
    4. Re:Wireless nodes.. by rtaylor · · Score: 2

      Lol.. I just realized there is another Starbucks and Tim Hortons underground, one story below street level.

      So that makes 5 shops within about 150 paces.

      --
      Rod Taylor
  11. Re:eh? by Jonny+Ringo · · Score: 2

    Well the submitter name is "PunWork". So maybe he just constantly tries to find puns that work. I'll I have to say is don't quit your day job PunWork, whatever that is!

  12. Yay, more drive-by spam. by EvilAlien · · Score: 4, Interesting
    All we need is more drive-by spam.

    Thats right, the scum of the network are taking advantage of open wireless networks, whether they are chalked or grabbed off online maps such as net stumbler dot com. The rise of drive-by hacking is a natural by-product of the wardriving/chalking community, and it would be naive to considering this a surprising development. Highjacking an open wireless network is only the smart thing to do for hackers whether they are after data or just a spamming platform.

    This puts the pressure on network administrators to secure their wireless networks. It is far easier to drive by a NAP and jack in, and the proliferation of wireless networks could obsolete physical intrusion techniques such as connecting a Dreamcast or iPAQ to an internal network. Tools for wardriving are readily available, such as THC-warDrive. A lazy or incompetant network administrator makes it easy for a kid with the parents car, a pringles can, and a laptop.

    --
    perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
    1. Re:Yay, more drive-by spam. by ntk · · Score: 2

      Actually, the scum of the network aren't taking advantage of wireless networks. There are, as we speak, no reports of drive-by spamming in the wild. The article you reference claims to have such evidence, but it was a ZDNet journalist distorting what he heard from an expert. I know, I asked the expert.

      I'm not saying drive-by spamming is not a theoretical possibility; I'd argue that there are a number of reasons why you won't see it in widespread use. Firstly, it's no harder to create a throwaway AOL account and spam from there. Secondly, one of the reasons why spamming is so prevalent is because it's entirely anonymous: sitting in front of someone's house hoping they don't spot you streaming through their network simply isn't. A lot of people really hate spammers; it's easy for spammers to laugh at their hatred from their own homes. It's a lot harder when they're sitting in a car, hoping you're not going to leap out with a baseball bat and explain a few things to them.

      I understand your concerns about this hypothetical behaviour. But as someone who runs an open network, regularly uses other's open networks, and realises that security is more than just throwing up some foo around the LAN perimeter and hoping no-one gets through, I think it's a distraction from the real problems we have now.

  13. *Yawn* by PureFiction · · Score: 2

    This is news? People have been
    scanning wireless
    networks
    for a long time now...

  14. You missed the other Naked Reference... by RobinH · · Score: 2

    Direct from Toronto: Naked News!!!

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  15. the map fails.... by Lumpy · · Score: 2

    What about properly secured public/community wireless portals that use nocatnet for user authentication? they dont use WEP as it's useless for this kind of community access point. while nocatauth does quite well at making open portals available for members.

    --
    Do not look at laser with remaining good eye.
  16. Unsecured networks at US Consulate? by td · · Score: 2

    There's a pair red pins (unsecured WAPs) on the west side of University Avenue between Dundas and Queen, right about where the US Consulate is.

    --
    -Tom Duff
  17. United States Consulate - honeypot? by Malc · · Score: 2, Informative

    It looks like two of the pins are almost in the right spot for the US Consulate (although it might be the next building up the road). Honeypot or clueless government officials?

    1. Re:United States Consulate - honeypot? by Ctrl-Z · · Score: 2


      Yeah, and there are several in the Eaton Centre...maybe at Compucentre?

      --
      www.timcoleman.com is a total waste of your time. Never go there.
  18. Unencrypted != unsecured by Leto2 · · Score: 5, Insightful
    People, unencrypted by WEP doesn't mean unsecured. We all know 802.11 WEP has its shortcomings, so more and more administrators are relying on different techniques to secure their wireless LAN, IPsec and VPN to name a few.

    And after you've secured your network on a higher level than OSI 1, you can be less paranoid about WEP. So much less, that some claim that DISabling WEP is not a bad thing at all. Think about it, you already have encryption taken care of, so why not make your network more stable, robust and fast by disabling WEP?

    Those 'wardriving' pictures should make a distinction between "secured with WEP", "no WEP, but I cannot use the network because of IPsec/VPN/whatever" and "no WEP, and I can surf freely through it".

    -Leto2

    --
    <grub> Reading /. at -1 is like driving through Cracktown in a convertible that is stuck in 1st
    1. Re:Unencrypted != unsecured by MagicFab · · Score: 2, Insightful

      At the very least, change the legend so it reads:
      WEP Enabled (Worse, false sense of security) instead of:
      WEP Enabled (Good)

      --
      Notepad specialist & FAT administrator, group training available
  19. the image.... by _ph1ux_ · · Score: 2, Offtopic

    ...in my head was of naked warwalkers. but, isnt it cold in toronto? just think of the shrinkage.

    1. Re:the image.... by Ctrl-Z · · Score: 2


      According to weather.com, the current temperature in Toronto is 84F, or about 29C. I don't think that's cold enough for significant shrinkage.

      --
      www.timcoleman.com is a total waste of your time. Never go there.
  20. You don't need a map by wytcld · · Score: 3, Funny

    As the map shows, about anywhere you go in Toronto, there's open access. Since there is no crime in Canada, this is not a problem, it's a feature.

    --
    "with their freedom lost all virtue lose" - Milton
  21. Uh-oh. by Soko · · Score: 2

    Queens Park (look on north portion of the map) is the seat of the Ontario Provincial Legislature, not an open, green space. This means that there are (or were) 2 open, non WEP (like that mattered) access points within the government offices. I really, really hope these are isolated from the internal network via firewalls - I don't want all of the info that the Ontario Government has on it's citizens (like me and my family) being broadcast for anyone to see/save/use.

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
    1. Re:Uh-oh. by p3d0 · · Score: 2

      Actually, it's both. There is a small (5-minute-walk diameter) park north of the government buildings. Of the Queen's Park oval, probably 40% of it is buildings. (It's the gray part of the map.)

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    2. Re:Uh-oh. by Greedo · · Score: 2, Funny

      I don't want all of the info that the Ontario Government has on it's citizens (like me and my family) being broadcast for anyone to see/save/use.

      Don't worry Scott Kormick (SIN: 574-782-401). All of your personal information -- such as your annual salary of $45,490 as Assistant Manager of a Subway franchise, your 12 unpaid parking tickets, and your criminal record (shame on you for drinking in High Park) -- is secure within the governement's system.

      In order to assure you, I stopped by your house at 312 College St. to let you know in person. I guess you were at the hospital having that nasty rash looked at (I hear it's hereditary).

      Oh, and your cat Snickers is cute.

      --
      Tuus crepidae innexilis sunt.
  22. I work in IT... by wo1verin3 · · Score: 3, Funny

    With IT people in the Toronto area... here is how serious they took this map.... Several of them wanted to know if we could find the blinking red dot over their house. :(

    1. Re:I work in IT... by CokeBear · · Score: 2
      The first thing I did was check to see the one that I administer (at the corner of Bay & Elm Streets). I work in a little Mac Store here, and one of the services we provide to our customers (and everyone else) is free wireless access. I should probably WEP my network, and at least have them ask for the password to log in... but I'm just too lazy. We're open 'till midnight on weekdays, so I might get around to it tonight. If you're in the area, drop by and ask for Daniel... If you tell me you saw my posting on /. um... I'll give you a free Ambrosia SW CD. Otherwise... free AirPort access until I secure it.

      Cheers

      --
      Reality has a liberal bias
  23. This is a problem everywhere! by Newer+Guy · · Score: 2

    This is a problem in just about every city. I live on a tree lined residential street in Santa Monica, CA. There's no real offices or businesses within about a half mile because I live between two public parks. I was planning on putting in a wireless network in my house so I bought a card and put it in my laptop. I was AMAZED to find that it locked right up to someone else's network immediately! I was able to browse the web, and even look at their shared files. This was true on channel after channel on the card. I can only imagine how it must be even worse in an industrial area. Now I know why my 2 Ghz spread spectrum phone has such poor range.

  24. Wireless in trouble? by Anonym1ty · · Score: 3, Interesting

    With all this on war driving and hacking into networks for fun or foul, we better start being careful of what we say and how we act. (be nice)

    We should realize that right now we have a great oppertunity to use wireless.

    If admins continue to leave networks that need to be secure open to the public they are going to get hacked -in one form or another, maybe just harmlessly syphoning bandwidth, maybe stealing private information - but something is going to happen regardless.

    What I fear hear is government regulation. Right now it is the resposibility of the admin who sets up this network to make sure it is reasonably secure. If wireless hacking becomes enough of a problem, governments will be compelled to regulate wireless networks. Sure some regulation may even be good, but from my perspective what is more likely to happen is it will be regulated to death.

    Whenever we are forced to regulate we get these types of results: People who want to use wireless won't be able to comply with impossible for the little guy to comply with standards - experimentation dies, soon so does innovation.

    Why should admins secure their network when they can rely on a government wireless police force to go around picking up the kiddies breaking into their network? Sounds stupid? that's right it sure is, but crap like this could very well happen. -We're allowed to remail lazy.

    I have a wireless lan and it's reasonably secure... It isn't hack proof - nothing is. but it is encrypted and secured and stuff and also it is on it's own network, not directly tied into my wired lan... plus there isn't information on the wireless that could be considered "secret" or personal. I want the thing to work around the house for getting that there interweb. The access point is in the basement -- a simple thing, limits the coverage of the unit a lot - just the house and parts of the yard.

    I'm still looking at other ways to secure it. I found a good one the other day SHUT IT OFF WHEN NOT IN USE. (who'd a thunk it?) Why can't businesses figure this one out?? put the power cord to the thing on a timer!! not business hours? no wireless!

    --
    See the Pictures of the Flood of '08
  25. Naked College by mr.+phantastik · · Score: 2

    Apparently my college (George Brown) has a naked network. I never thought in a million years I would be reading something like that on Slashdot.

    I love it. Time to h4x0r my grades.

  26. U of T. by Christopher+Thomas · · Score: 2

    I notice one of the big red "abuse me" circles right in the middle of the U of Toronto engineering buildings, where they should know better.

    I'd make snarky comments about the prof who I suspect might be running the open network, but in this case I have no strong reason to suspect it's him.

    1. Re:U of T. by Christopher+Thomas · · Score: 2

      U of T has had an open network for over a year now. It was done as such for the benefit of the students. I don't know what the details are for access control, but with hundreds or thousands of wireless users, I doubt they even care much.

      Ok, then it isn't the nameless prof.

      It just disturbs me that, in addition to having basically insecure workstations with their arses hanging out on the 'net with little or no filtering, that we are doing the equivalent of giving anyone who walks by an ethernet cable and saying "here! don't bother attacking us remotely, we'll give you a direct link!".

      To their credit, the administrators do a fine job of keeping the system up and running. I just find security around here a little worrisome.

  27. Technological darwinism. by MongooseCN · · Score: 2

    I say abuse the ignorant and we can bring back darwinism in a technological point of view. Survival of the fittest.

    --


    Outdoor digital photography, mostly in New Engl
  28. Not necessarily a problem by Arker · · Score: 3, Interesting

    Remember, WEP is not the be all and end all of wireless security. Just because those networks don't have WEP doesn't mean they aren't secured in another, quite possibly better, way.

    Of course, they could also be totally open. No way to know without taking your laptop on a walk I suppose... let us know what you find out if you do.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
    1. Re:Not necessarily a problem by Soko · · Score: 2

      Ummmm...that was the point of my post. WEP is more or less just a padlock - it only really keeps out the curious. Someone looking for access won't have much trouble getting past that. In order to dead-bolt the access, the wireless access points should be on the untrusted side of a firewall, with VPN access for authorised machines.

      I wish I _could_ find out if it's still wide open - I'm a ways away in Hamilton right now. And one does not just "go to Toronto" on a whim - the gridlock is viscious, so I'll rely on others to find out and post what they saw. :)

      Soko

      --
      "Depression is merely anger without enthusiasm." - Anonymous
  29. Come, spammers! To my unsecured tr^H^Hap! by tunabomber · · Score: 2

    Spamming from unsecured wireless networks will be a fun form of shameless profit until people start setting up "sting" nodes that will be specially rigged so that upon detecting that they are being used by a spammer, they will photograph their license plates, call the cops, and maybe spray some hot tar and feathers for good measure.

    --

    pi = 3.141592653589793helpimtrappedinauniversefactory71 ...
  30. Aluminum siding better than WEP by elliotj · · Score: 4, Insightful

    I setup a WIFI net at home recently and have found that the coverage I get inside the house is amazing. Outside it's a different story. I'm pretty sure that the aluminum siding is blocking the signal from leaving the building because I do get limited reception if I'm lined up with a window.

    Basically this stops any war drivers from seeing my network unless they get really lucky and creep up to the bushes outside one of the few windows that faces the street. If they do that I'm more at risk that they see ME naked than my network!

    Anybody else notice specific physical obstacles that clobber reception?

    1. Re:Aluminum siding better than WEP by mekkab · · Score: 2

      For this exact reason I have stopped the time honored practice of "checking the wifi atennae in the buff."

      I haven't tried this yet, but I'll check what my outside reception is like. I'm still trying to figure out how to set things up inside. I get AWESOME reception two floors below in the "dungeon", but who wants to compute in the dungeon? (INSERT BDSM PRON JOKE HERE)

      I'm not sure if the heating ducts running up and through the house are helping it or not...

      And my "spot" at the dining room table gets BALLS. Its quite close to the open stairwell (at the top of which is the room with the WAP diagonally opposite the door) but the waves will not travel.*

      * Actually, I haven't checked since I re-positioned the wap on top of a 100 blank cd-r tower and tried to tilt the antennae in the right direction.

      --
      In the future, I would want to not be isolated from my friends in the Space Station.
  31. Naked != unprotected or insecure by mouthbeef · · Score: 5, Insightful

    I just spoke with the COO of the IPEverywhere about this study, and confirmed that the methodology only established whether a node was running WEP (a "security measure" of dubious value).

    That means that many of the "unsecured" nodes in this report may have had other means of securing themselves, from switch- or AP-based MAC filtering to captive portals such as NoCat. Moreover, the protocol for this study did not establish whether the open APs in question were handing out DHCP leases (or, indeed, whether they were connected to the Internet at all).

    Finally, this study did not investigate in any depth whether the open APs were deliberately or accidentally left open. Many of us run open "community" networks around the world (I operate one in Toronto at King and Niagara, and three in San Francisco, two at 19th and Shotwell, and one on Sycamore near 17th and Mission). These networks are deliberately "unsecured" and are provided out of public-spiritedness, or even out of a political commitment to providing tools for anonymous speech on the Internet -- anonymous speech being fundamental to democratic discourse.

    Since WEP is such a poor "security" measure, the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy (either remote or on your own network). In fact, if you're a promiscuous user of any network -- conference centers, airport lounges, hotel rooms, schools, etc -- you should assume that unless your messages are encrypted, they will be sniffed on the wire.

    The primary "security" concern about open wireless seems to be that a "rogue" AP will be installed behind a firewall. The firewall, of course, is hardly sufficient in and of itself for securing a network. It's based on the presumption that everyone on one side of the firewall is trustworthy, and everyone on the other side is untrustworthy. We know, though, that this is a fallacy. Getting inside the firewall -- either through physical intrusion (think of visitors to your office plugging into the the network to check mail) or virtually, by 0wning a box on the network with a trojan -- is not difficult for a determined intruder. Meanwhile, the legitimate users of your network resources are often outside your firewall (mobile execs at a client site, for example) and thus not only walled off from the rest of the network, but also vulnerable to attack, since their machines' first line of defense is the firewall, which they are suddenly out of.

    Security is hard. The proper place to draw your network perimiter isn't around your office, but around each machine. Personal firewalls, regular applications of security patches, good passwords and user education provide genuine security. Firewalls (and FUD about open APs) doesn't.

    1. Re:Naked != unprotected or insecure by PureFiction · · Score: 2

      the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy

      This can be abused, however, if someone sets up a rogue access point with the same ESSID (perhaps even spoofing a good AP's MAC) and then executes various known and implemented man-in-the-middle attacks against SSH/SSL sessions.

      In fact, many, many applications fail silently in the presence of a MITM attack. If you are lucky you will see a warning from SSH. If you are UNlucky, you will think you are secure while someone with a rogue AP captures all your traffic, and perhaps even hijacks a session.

      You can do this with commodity amplifiers (to ensure that your AP signal is higher than all the legitimate AP's) and easy to come by antennas.

  32. Direct URL to the map by ShieldWolf · · Score: 2

    The actual URL is http://www.nakedwireless.ca/winudcol.htm

    I work for a computer company at the corner of Bay and Dundas on the map, which has tons of red push pins. Luckily there are no nudist colonies here ;D

    -Shieldwolf

    --
    just = (My)Opinion.toCents();
  33. Hey! by eaddict · · Score: 2

    Did Ashcroft help design thier logo?

    --
    "If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
  34. Re:While Bush Fucks America, Canada Just Looks Bet by iplayfast · · Score: 2

    I think you would find most Torontians and Ontarians, feel differently. As for the rest of Canada's opinion about Toronto, I wouldn't know, and wonder why you would presume to. Do you always put your foot into other peoples mouths?

  35. Is locking down the MAC addresses sufficient? by emil · · Score: 2

    My friend has a Linksys wireless base station and laptop; I gave him some minimal help in setting it up in "infrastructure" (unrestricted?) mode.

    Unless there is some sort of "wireless sniffer" which can detect in-use MAC addresses, and also unless the wireless NIC can modify its own MAC, restricting the Linksys base station to a specific set of MACs should be sufficient for small-system security, correct?

    It would be even better if I could take a MAC from an old NE2000 10Base2 ethernet card and use that MAC, since anyone trying to guess a MAC would probably use the ranges that have been assigned to the WAN manufacturers. It would be best if this could be done under Windows (in spite of my distaste for MS).

    I'm just looking for a "hosts.deny" sort of security; I don't really need encryption (and I understand that wireless encryption has been broken anyway).

    Pardon me for any technical errors; I'm clueless about wireless.

    1. Re:Is locking down the MAC addresses sufficient? by Bishop · · Score: 2

      Pardon me for any technical errors; I'm clueless about wireless.

      Er. Yes. :-)

      Anyone can sniff the valid MACs out of the air and spoof a valid MAC. Useing a old MAC buys you nothing. There are 2^48 MACs so it is unlikely that anyone will randomly try MACs. They will sniff.

      To be secure you need WEP. It is not perfect, but if you change your secret atleast once a month you will be far better off then doing nothing. WEP will provide both date security, but also the access controls that you want.

      If you really want to be secure you would setup airsnort to try and crack your secret. Once you have half the number of weak packets required to crack, set a new secret. Other options include: use Cisco cards only and Leap; Use Orinoco cards with the new (beta) drivers that don't use weak WEP IVs; Use a proper VPN for all traffic going over the wireless link.

      But you in particular have a linksys and don't want to buy new gear. So use WEP and change the key.

  36. Flash? by b1t+r0t · · Score: 3, Informative

    I don't see any map. All I get is a couple of pictures and two plug-in boxes. Either the site is slashdotted, or it requires you to run "Naked Flash". I refuse to leave Flash enabled because of all the annoying web ads that now (ab)use it.

    --

    --
    "Open source is good." - Steve Jobs
    "Open source is evil." - Microsoft
  37. You are ignorant by dnoyeb · · Score: 2

    Appearantly the ignorant one is you considering that the encryption is faulty anyway, why bother fooling yourself...

  38. Re:While Bush Fucks America, Canada Just Looks Bet by iplayfast · · Score: 2
    OK all time record since I've been alive. Hows that?

    What really bothers me, is that I drive to work and even though the "drive clean" program has been in effect for years, I'm still seeing black exhaust comming out of trucks and cars. Or about Canadian companies like Eco Logic that have working systems to clean up hazardeous waste, yet receive no support from the government, that still incinerates garbage and pcbs. (kirkland lake area residents what out!).

    Not to mention the pollutants from the coal burning electrical plants in Ontario. Let's invest a couple of million and put scrubbers on the stacks so that tons of carbon isn't spewed into the air. And oh, yes, Ohio thanks for your contributions to our haze. You're one of the dirtest states there is, but you don't notice because it blows over here.

    I've considered moving just for my health's sake, at a great financial loss. Thanks to the government for giving me this option. (Die of lung cancer, or other respertory disease, or move).

  39. This is the wrong approach by dazdaz · · Score: 2, Insightful

    I think this is a childish approach and very dangerous because of the legality of doing this, however I do understand their need to highlight this serious issue, this is clearly the wrong way.

    In fact I would go so far as to say this is an unauthorised pen-test, in that part of a pen-test is in finding hosts/networks in the same way the physical location has been found, but not only found, also published.

    I dont know where liability and juristiction come into play here, i'm surprised these guys/gals are prepared to go this extreme and risk finding out.

    Surely a CNN interview would do their careers good and promote the issue far wider than a website could?

  40. False sense of security by shepd · · Score: 2

    Sorry, I can't find the link, but with the right equipment (all consumer available) you can easy link up to any wireless network up to 40 km away.

    With your sheilding they might have to be just 1 or 2 km away, which still leaves them completely hidden, and your network totally open.

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  41. Re:Easy to build such a map in Toronto by Jetson · · Score: 2

    That would tell you there are lots of nodes, but not where they are located at street level. Your "map" would show hundreds of nodes *AT* the CN Tower since that's where you were standing when you connected to them.

  42. False conclusions by Jetson · · Score: 2
    The map and site determine "secure" and "insecure" solely by whether or not the node uses WEP. That's wrong for two reasons:

    1) WEP all by itself is simply not secure.

    2) If you are using another form of encryption (such as IPSEC) then WEP would slow down your network without any security benefits because the data stream would be encrypted twice.

    By way of example, I run a Linux server and Linux laptop. The server has a second ethernet interface that is dedicated to the wireless device. Both the laptop and the server are configured to drop all packets arriving or departing via the wireless device except for IPSEC (esp protocol and udp port 500). Forwarding in the server is only permitted from the ipsec (post-decode) interface. If someone wants to use my broadband connection then they have to break IPSEC.

    And yet these guys would flag me on their map as an insecure station because I don't use WEP. Maybe they should re-make the map based on whether or not their roaming node can do more than just handshake. Like, try connecting to Slashdot or something....