Slashdot Mirror
Warflying 2013 Access Points in Los Angeles
Kallahar writes "We went warflying over Los Angeles and Orange counties yesterday. Flying in a small plane at 1400 feet we detected 2013 802.11b APs in 75 minutes, 71% had no WEP encryption. A map and some pretty pictures are up at my writeup."
What I find pretty amazing is the 500+ people with the default SSID. It's like my apartment complex...if I'm not careful, I can get on one of three different networks and not know it!
[sig] 10 + 10 = 100 [/sig]
Wireless, schmireless -- I love the aerial photos!
"Believe me!" -- Donald Trump
"Hackerish SSID (h3lpm3) 15 (0.7%)"
/. readers' SSIDs are in that netstumbler log, and I wonder how many are afraid to reply and say so since their GPS coords are associatated to their SSID.
Hey thats my SSID!
All kidding aside, I wonder how many
Namaste
Another shocking thing is that many has no password or the default admin password.
(obvious)Orange County and LA County is not Santa Clara County I guess (/obvious)
I had a similar, but lower tech, experience just yesterday. On a bus ride through Seattle I flipped open a standard laptop with a Cisco wifi card, and found dozens of access points. Most of them where open. I wonder how long it will be until wireless companies start offering security out of the box? How hard would it be to have a wireless access point that shipped with a random password and instructions on how to use it? It's pretty obvious that the average person doesn't realize what the risks are. I know because as a desktop support tech I get asked about this all the time. As soon as I start talking about things like WEP and MAC addresses, I see eyes glazing over.
So, how long will it be before warflying is illegal or requires a permit. Here's a funny/sad/true story about a guy who recently got into a lot of trouble for hunting from an airplane.
Actually, it'd be an interesting exercise to set up a relay in a balloon, and "bounce" signals from an AP over obstacles, etc. Of course, you'd have to deal with the UFO factor - any lighter than air device capable of sustaining the weight of a pair of APs (or a bridge) and the motor/battery needed to power the setup would probably be VERY noticable, and likely to attract notice of homeland security types...
WEP is not secure, therefore, the fact that WEP is turned off doesn't make it insecure. The best thing to do with 802.11 is to turn off WEP and use secure application protocols, like Kerberos, OpenSSH, OpenAFS, SSL Imap, etc, etc... WEP only adds useless overhead.
And as far as the SSID goes, if you can snoop for the SSID what does it matter what the value is? Default or otherwise.
-- Thou hast strayed far from the path of the Avatar.
I'm not an aviator, so I dunno how scary this really is, but doesn't 1400 feet seem kinda low? I mean, wardriving is fun (I'll readily admit that), but some of those pictures look awfully close to those buildings. :O
*Shrug.* Someone with actual light aircraft experience, please correct me..
This statement is false.
can I get one of those car dealership balloons and just float a wire and an antenna up there?? I'm sure some neighbors would complain, but I believe FCC rules override community laws (ie. you have the right to put up DirecTV dish even if the neighborhood made it illegal)
There has to be some way of ensuring that people sort out the security on their boxes. How about not allowing the box to connect unless they change the default settings?
In several offices we used to set the first password for the user accounts as their user login, and then not allow the same password to be used again. We knew the temptation was too great for people to use their login as the network password (and too easy for someone to crack).
I don't use WEP or MAC control because some of my clients don't talk to the router with it on. For instance, the USB NIC I use for my Tivo won't work with encryption on.
'Round and 'round the mulberry bush...
Fine, corporate "enterprises" (beginning to hate that word) should have secured their wireless networks. But lets face it, most of the APs discovered are probably Linksys routers sitting in some dude's office. Exactly why do all of these need to be secured?
I'm a normal, conscientious Internet user. Most of the day, my Internet usage consists of email and (I admit) wasting time on Slashdot. I'm not looking at porn, and I'm not wasting significant amounts of bandwidth. Honestly, who should care if I happen to use their unprotected wireless network?
Furthermore, I personally wouldn't care if anyone used mine. I would love to feel confident that I could leave my wireless access point unprotected. Several points nag me, however:
- Every now and then, I'm going to want to download some Linux ISOs. (OK, I mean labels' entire catalogs of songs on MP3.) When I want to do that, *I* should have the bandwidth to do it. I pay for it, I get dibs. So far, I don't know of anything available to your average consumer that will let you throttle bandwidth for your "guests" at will (or, ideally, automatically -- my own MAC addresses get top priority).
- The kiddie porn issue is an issue. As is, I guess, MP3 downloading. I don't want to have to firewall out P2P ports (and play the game of "what port are they using this week") just to protect myself from people using my AP who are too dumb to cover their tracks. No, I do not believe "but my port was unprotected, open to the world" is going to hold up in court.
- People are, by and large, bastards. If I leave my AP unprotected, it's not going to be used occasionally by passers-by etc. It's going to be my next-door neighbor, using it to download massive AVIs all night long, all the time thinking "hee hee hee, this dumbass left his wireless AP unprotected." If I were to open my AP, I'd want the first thing to pop up on your browser to be a notice letting you know that, yes, I see you, yes, I'm logging you, and yes, if you were a decent person and you wanted to use this thing all the time, you might drop by, ring my doorbell, and offer to kick me a couple bucks every month.
Furthermore, I'd like to publicly thank the various people around town whose unprotected access points I've used without permission. You never knew I did it, but it probably saved me some hassle.And finally, I'd like to publicly ask owners of coffee shops, delis, diners, bars, and other lounge-around spots: Have you ever considered not charging for that miraculous wireless network you just "installed"? Face it, Internet access is a flat fee for you. You want to bring in customers to buy that cup of half-and-half (I once heard that milk-based froofy coffee drinks have such an exorbitant profit margin that Starbuck's is essentially in the milk business). So why not do it by offering them a place to sit around, relax, and use their laptops? Seems to me it's no skin off your nose. Coffee shops have been providing shelves of books for years -- why not Internet access?
I bring it up because the coffee shop down the street from my house recently switched from offering free wireless access to charging for it -- something like $15/month, fully a third of the cost of a DSL line that will give me full high-speed access around the clock. Lots of other places are starting to do the same here (San Francisco) -- the "trial period" is over, now you have to pay.
I ask you: Where's the sense in that? I had just gotten into the habit of spending my mornings in that coffee shop, eating bagels and coffee while I got some work done, when they pulled the rug out from under me. Now the main thing that keeps me going down there is the fact that a couple of the shop's neighbors have their own wireless APs -- unprotected, of course. So now I'm not going to the shop as often, I'm buying less coffee and bagels, and worse, you went ahead and paid for all that (evidently quite expensive) Internet hardware and now I'm not going to be part of that new profit-center either.
Make it free, man! Wired magazine said as much, months ago.
Breakfast served all day!