Slashdot Mirror
Toronto, The Naked City
PunWork writes "In an effort to promote wireless network security, Toronto consulting firm IpEverywhere (pun intended) has published a map of downtown Toronto, showing the location of both encrypted and unencrypted ('naked') wireless networks. Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant? The Toronto Star has a story about the map and the consulting firm here."
both will happen.
1. the idiots will try and hack and abuse.
2. the companies will slowly gain awareness, try to figure out how to secure themsleves, secure funding, initiate sucurity protocols, fix holes, etc.
gee, i wonder who will get going first. the company or the idiots.
There's nothing Intelligent about Intelligent Design.
Follow up: Wardrive map of the North Pole:
http://www.securitytribe.com/
Navigate it to the wardriving section.
Santa seems pretty lax on security, you'll notice.
Finally, math books without any of that base 6 crap in them.
The map on the site doesn't cover Toronto's nude beach at Hanlan's point.
I wonder how long it will take spammers to clue in on this? It is a wonderful deal for spammers; as they are untraceable via this method. There are steps that people running these networks could do to prevent spammers, but still allow legit users. But, you all know how well some admins look after security...
Michael Loves Me!
People get viruses delivered the their computers via email, the net, etc...
What is to stop viruses now becoming "airborne" and people who use an open wireless network unwittingly picking them up or (knowingly or unknowingly) transmitting them into open wireless networks?
Surely most people who wardrive would be smart enough to avoid them through various means... but most people who use computers are fairly clueless about security and virus protection.
Any known cases of wifi virus infection?
42 - So long and thanks for all the fish.
Cool, now when I go to Toronto, I have a map of all of the Starbucks downtown...
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!
oh man that is really funny!
Most IT people dont know squat. and very very few of them know much about, let alone even understand security.
If your statement were true then corperate break ins and virus's would be a much smaller problem.. 99% of all virus attacks I get are from INSIDE corperate coming from the T1 ties to the NOC not from any of my users or the internet gateway I have. Whenever there's a discussion about Virus scanners and basic virii security.. over 1/2 the IT professionals on the conference call have no idea how to ensure that all the machines are up to date or protect their networks.
Also, I have had to resort to firewalling the corperate side to protect my network... Yes, the TRUSTED corperate network T1 tie is firewalled by me to keep out attackers and virii.
I am one of about 700 IT professionals in my corperation... and I have to spend valuable time securing my network from the bungling boobs that this company hired.
Thats right, the scum of the network are taking advantage of open wireless networks, whether they are chalked or grabbed off online maps such as net stumbler dot com. The rise of drive-by hacking is a natural by-product of the wardriving/chalking community, and it would be naive to considering this a surprising development. Highjacking an open wireless network is only the smart thing to do for hackers whether they are after data or just a spamming platform.
This puts the pressure on network administrators to secure their wireless networks. It is far easier to drive by a NAP and jack in, and the proliferation of wireless networks could obsolete physical intrusion techniques such as connecting a Dreamcast or iPAQ to an internal network. Tools for wardriving are readily available, such as THC-warDrive. A lazy or incompetant network administrator makes it easy for a kid with the parents car, a pringles can, and a laptop.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
And after you've secured your network on a higher level than OSI 1, you can be less paranoid about WEP. So much less, that some claim that DISabling WEP is not a bad thing at all. Think about it, you already have encryption taken care of, so why not make your network more stable, robust and fast by disabling WEP?
Those 'wardriving' pictures should make a distinction between "secured with WEP", "no WEP, but I cannot use the network because of IPsec/VPN/whatever" and "no WEP, and I can surf freely through it".
-Leto2
<grub> Reading
As the map shows, about anywhere you go in Toronto, there's open access. Since there is no crime in Canada, this is not a problem, it's a feature.
"with their freedom lost all virtue lose" - Milton
With IT people in the Toronto area... here is how serious they took this map.... Several of them wanted to know if we could find the blinking red dot over their house. :(
With all this on war driving and hacking into networks for fun or foul, we better start being careful of what we say and how we act. (be nice)
We should realize that right now we have a great oppertunity to use wireless.
If admins continue to leave networks that need to be secure open to the public they are going to get hacked -in one form or another, maybe just harmlessly syphoning bandwidth, maybe stealing private information - but something is going to happen regardless.
What I fear hear is government regulation. Right now it is the resposibility of the admin who sets up this network to make sure it is reasonably secure. If wireless hacking becomes enough of a problem, governments will be compelled to regulate wireless networks. Sure some regulation may even be good, but from my perspective what is more likely to happen is it will be regulated to death.
Whenever we are forced to regulate we get these types of results: People who want to use wireless won't be able to comply with impossible for the little guy to comply with standards - experimentation dies, soon so does innovation.
Why should admins secure their network when they can rely on a government wireless police force to go around picking up the kiddies breaking into their network? Sounds stupid? that's right it sure is, but crap like this could very well happen. -We're allowed to remail lazy.
I have a wireless lan and it's reasonably secure... It isn't hack proof - nothing is. but it is encrypted and secured and stuff and also it is on it's own network, not directly tied into my wired lan... plus there isn't information on the wireless that could be considered "secret" or personal. I want the thing to work around the house for getting that there interweb. The access point is in the basement -- a simple thing, limits the coverage of the unit a lot - just the house and parts of the yard.
I'm still looking at other ways to secure it. I found a good one the other day SHUT IT OFF WHEN NOT IN USE. (who'd a thunk it?) Why can't businesses figure this one out?? put the power cord to the thing on a timer!! not business hours? no wireless!
See the Pictures of the Flood of '08
Remember, WEP is not the be all and end all of wireless security. Just because those networks don't have WEP doesn't mean they aren't secured in another, quite possibly better, way.
Of course, they could also be totally open. No way to know without taking your laptop on a walk I suppose... let us know what you find out if you do.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
I setup a WIFI net at home recently and have found that the coverage I get inside the house is amazing. Outside it's a different story. I'm pretty sure that the aluminum siding is blocking the signal from leaving the building because I do get limited reception if I'm lined up with a window.
Basically this stops any war drivers from seeing my network unless they get really lucky and creep up to the bushes outside one of the few windows that faces the street. If they do that I'm more at risk that they see ME naked than my network!
Anybody else notice specific physical obstacles that clobber reception?
I just spoke with the COO of the IPEverywhere about this study, and confirmed that the methodology only established whether a node was running WEP (a "security measure" of dubious value).
That means that many of the "unsecured" nodes in this report may have had other means of securing themselves, from switch- or AP-based MAC filtering to captive portals such as NoCat. Moreover, the protocol for this study did not establish whether the open APs in question were handing out DHCP leases (or, indeed, whether they were connected to the Internet at all).
Finally, this study did not investigate in any depth whether the open APs were deliberately or accidentally left open. Many of us run open "community" networks around the world (I operate one in Toronto at King and Niagara, and three in San Francisco, two at 19th and Shotwell, and one on Sycamore near 17th and Mission). These networks are deliberately "unsecured" and are provided out of public-spiritedness, or even out of a political commitment to providing tools for anonymous speech on the Internet -- anonymous speech being fundamental to democratic discourse.
Since WEP is such a poor "security" measure, the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy (either remote or on your own network). In fact, if you're a promiscuous user of any network -- conference centers, airport lounges, hotel rooms, schools, etc -- you should assume that unless your messages are encrypted, they will be sniffed on the wire.
The primary "security" concern about open wireless seems to be that a "rogue" AP will be installed behind a firewall. The firewall, of course, is hardly sufficient in and of itself for securing a network. It's based on the presumption that everyone on one side of the firewall is trustworthy, and everyone on the other side is untrustworthy. We know, though, that this is a fallacy. Getting inside the firewall -- either through physical intrusion (think of visitors to your office plugging into the the network to check mail) or virtually, by 0wning a box on the network with a trojan -- is not difficult for a determined intruder. Meanwhile, the legitimate users of your network resources are often outside your firewall (mobile execs at a client site, for example) and thus not only walled off from the rest of the network, but also vulnerable to attack, since their machines' first line of defense is the firewall, which they are suddenly out of.
Security is hard. The proper place to draw your network perimiter isn't around your office, but around each machine. Personal firewalls, regular applications of security patches, good passwords and user education provide genuine security. Firewalls (and FUD about open APs) doesn't.
I don't see any map. All I get is a couple of pictures and two plug-in boxes. Either the site is slashdotted, or it requires you to run "Naked Flash". I refuse to leave Flash enabled because of all the annoying web ads that now (ab)use it.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft