Slashdot Mirror
CNN Notices that WiFi is Insecure
josh3736 writes "From CNN comes an article that makes painstakingly obvious to the public what we already knew: 802.11 security is horrible. The article points out that nearly 40% of wireless network APs haven't even been changed from defaults and as many as 80% of home APs have encryption disabled. The article goes on to say that '[t]o make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.' It also accuses WiFi manufacturers of disabling security measures by default to make wireless easy to the lowest common denominator. My favorite quote? 'Experts say that while Wi-Fi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy.' Which is to say that they at one point were?"
When WiFi was just getting started only tech savvy users used it, meaning that the average WiFi user was tech savvy. Now, everyone and their mother (or at least my mother) is using WiFi, and the tech ability of the average user has gone down.
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
It used to take a lot of tech knowledge to even operate a personal computer so the people that used them were, by definition, tech savy.
But in order to sell more computers the hardware and software manufactureres have perpetuated the myth that "computers are easy." The truth: operating computers is very easy, but maintaining them is still very difficult. Now the average user is not tech savy, but they have a machine that only tech savy people can maintain.
TW
Amen...
I do a lot of side work for friends, family and other strangers who beg me for help when they find out that I have The Knack.
In the end, I leave all security off by default because they will inevitably:
1) get a new PC
2) play with the settings on the PC
3) require a "hard reset" on the router
If Microsoft and the hardware vendors could make this stuff easier, it wouldn't be so much of a problem. I suggest the following:
The router redirects unsecured wireless users to a webpage that requires log-on prior to accessing ANYTHING ELSE. Problem solved. At this point, I could simply set a password (or passwords, for families / surf monitoring / etc) and the user would have to use it every time (no forgetting). Just make a label and stick it on the freakin' router for those times that the idiots do forget.
Life is the leading cause of death in America.
If cheap-o consumer routers getting 0wned thanks to pathetic Wi-Fi security seems bad, consider this: at least one vendor of e-voting systems depends on WEP as the only security measure between their voting machines and the ballot-counting system.
Yes, that's right -- ballots are passed wirelessly, and only protected via standard 802.11 WEP. How long until someone tries to 0wn a polling place? Or, worse, just sniffs the ballots out of the air and dumps them to a log file (so much for the secret ballot), say?
I wrote the article linked to above when the systems were being evaluated in Fairfax County, Virginia -- a wealthy and populous suburb of Washington, DC -- but they've since been approved by the county board of elections and used in two elections to date. Who knows how many other local governments have bought into similar systems?
Read my blog.
If you trust every router between you and your destination with a plaintext password, you are crazy. The IETF is moving towards encryption for everything, and people are following. Most universities now don't allow passwords to ever be sent plaintext over the wire.
Quit blaming wireless, the same security issues exist with wired connections.
I have been using the beta of SP2 for a while, and the good news is that WEP has gotten a bit more user-friendly using just the XP interface.
WEP can be cracked... but it requires an effort.
The key in protecting something is to make the time needed to get in as long as possible.
Without wep most cards will join a network within seconds, with wep you are already save for most wardrivers (they are usually not warparkers).
MAC filtering as you mentioned is an even bigger security hole than wep. Look up the 'hwaddr' option in the ifconfig man page.
The combination of no beacons, mac filtering and wep will make your network such a hard target that it will take a considerable effort for someone to use it.
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
I saw an ad the other day for it. I suspect this and other such deals will greatly increase the number of clueless people using wireless routers in my area.
:)
My brother and I are looking forward to future war driving expeditions in my area.
On the other hand, maybe the technicians will set them up securely?
Assume a woman walking down the street shouting she's looking for men to have sex with. Would it be illegal to walk up to her and introduce yourself to the lady, take her into your home and if she still consents have sex with her?
What about this access point that shouts ten times a second:
"Hello strangers! I'm an IEEE802.11 station operating in AP mode! If you want to associate with me, my BSSID is 00:30:40:50:52 and use the ESSID 'default'. I can do 1Mb/s, 2Mb/s, 5.5Mb/s 11Mb/s. I don't do ODFM and I wont accept a short preamble and my owner doesn't want me to use WEP."
What would be illegal about courteously introducing yourself to that access point with:
"Hello 00:30:40:50:52, I'm 02:00:2b:18:fd:03 I want to associate with you with ESSID 'default'"
And what would be wrong with that courtesy being returned with a cheery:
"Welcome aboard, 02:00:2b:18:fd:03. Have fun!"
And once you have been invited inside wouldn't it be proper to ask:
"Is there a DHCP server that would like to give me an ip address?"
And could a polite DHCP server do any wrong by saying:
"Hi I'm the DHCP server serving this subnet. By the power vested in me you're 192.168.1.18, your subnet mask is 255.255.255.0, my friend the DNS server is called 204.18.21.17, in case you might want to talk to machines outside my network there is a router called 192.168.1.254 who would be delighted to assist you".
And I wonder would it be wrong to continue the conversation with the following Gentleserver that cheerfully announces his presence every couple of minutes:
"Hi everybody on this subnet! I'm a NT5.1 LANMAN Server at 192.168.1.10 and I'm the Master Browser on this network serving the domain REDMOND!!"
Would it be improper to strike up a conversation along the lines of "Pleased to meet you, 192.168.1.10, Can I connect to a share of yours called C$ with anonymous authentication?"
Yes, use a WEP key, yes use MAC filtering. No they're not 100% secure but they'll slow most attackers down. Next thing is to secure your local network so even if he gets in there's not much he can get into.
:-)
Nothing is 100% secure, a determined attacker is going to get in eventually. Just don't make yourself an easy target.
Despite my best efforts to teach him otherwise, my next door neighbour still allows the entire world to get onto his wireless network and do whatever they please. Which makes my network much less desirable to attack
"It actually disconnects from and reconnects to the AP every minute or two, with predictable results (stutter, even disconnection from the server.)"
You may want to check your hardware. Mine (on 4 different machines, home and work) does not act like this.
"To make things even more fun, it prevents third party configuration tools from working (like linksys' for example, though I believe Intel's will work properly.) There aren't even any usable workarounds."
You can simply uncheck 'Use Windows to configure my Wireless Settings', and third party tools work perfectly fine. As a matter of fact, Im typing this on an 802.11g network, on WinXP, using a Netgear with the Netgear utility, and not XP configuring my settings.
I get the feeling you either have bad hardware, or don't know what you are doing.
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
WEP is not secure, but in 99% of cases, it's secure *enough*.
That within the 1% of cases where it isn't secure enough, the results can be scary. The issue being, you don't know what your WiFi is being jacked for. Sure, it could just be the script kiddy logging in as "god" to play a joke... it could also be a spammer. Or it could could be somebody pulling a credit-card scam. Or it could be somebody that guy that was caught driving around leeching of local WiFi's with his laptop to download kiddie pr0n.
Point is... you not only have to weigh the risks of being cracked, but the risks of what happens when you are cracked.
If you have WEP, then anybody capable of cracking into the WEP is going to be capable of sniffing your MAC and duplicating it using their card. It's not particularly difficult to do or anything.
Now, if you're just trying to keep out the neighbors from accidently connecting to your network, MAC filtering is fine. But it should not be considered a real security measure by any means.
I also see a lot of people thinking that turning off the SSID broadcast actually does something useful. It doesn't, really. The SSID is contained within every single packet that goes over the network, and anybody with a sniffer can find your SSID in seconds, regardless of broadcast being on or not. If you turn off broadcast, what you're really doing is making it harder for people to connect to you accidentally, much like with the MAC filtering. Broadcast SSID's are what things like the Windows XP wireless config screen use to show the "available networks". Turn that off and you won't appear there, but anybody using a sniffer or AirSnort or what have you isn't looking at that screen anyway.
Using 112/128 bit WEP? Leave SSID broadcast on and MAC filtering off, because it makes no real difference. It also makes it easier for other people to connect to your network after you have given them the WEP key and want them to connect. And if somebody is capable of cracking your WEP, then having MAC filtering on and SSID broadcast off won't even slow them down.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I went with option (1), and it's a nifty little device (it runs Linux BTW). But its default wireless setup is wide open. It can be configured to cloak the SSID, restrict MAC addresses, and use WEP encryption, but a user who can't figure out how to type a set of four random sixteen-digit hex keys isn't going to be able to set it up securely. (Fortunately, the manual gives some "example" keys; I can't wait to wardrive with those...)
I think what they're saying is that popularity has grown to the point that the average users of 802.11 are no longer geeks, as Mom and Pop are using it now as well.
It was just badly worded.
"But the cars are all flashing me, bright lights are passing me, I feel life passing me by" - Stiff Little Fingers
If have SSID broadcast turned off on your AP the standard XP wireless configeration module will drop the connection randomly and look for any SSID's broadcasting. I've seen this problem on multiple computers with different NIC's.
Ananova had a blurb about this, I don't have time to look for the link.
Cheap storage VM.
Yeah. Believe it or not, for quite some time, the only people who really used computers on a daily basis were tech-savvy people who knew a lot about them. The level of understanding that the average user has of how the computer really works and what technologies are involved will necessarily fall as computers find themselves on the desktops of less and less qualified users (qualified as in, "tech-savvy"). It's the natural evolution of technology. How many people had DVD players 10 years ago? Few. I never even heard of DVD players until 1995, and I never got one until '97. But most of the people who used them back then understand what region codes were, and what kind of technologies were involved, and why the screen image froze as the reader changed layers.
Nobody who has one now has any clue about this stuff.
and only have Macs. Why should I care about securing my access point?
I assume you're joking. Mac OSX is famous for having a huge wireless security hole. Any attacker who is on your LAN (airport wireless or ethernet cables, doesn't matter) and has an attack script running when you boot up can OWN your computer.
OS X, by default, looks for a "network configuration distributor" or something when it starts... and then it downloads and installs any patches that computer is providing. The implications are obvious.
Apple has probably patched this one hole by now, but it shows that Macs have no fundamental advantage.