Slashdot Mirror

← Back to Stories (view on slashdot.org)

Growth of Wi-Fi Opens New Path for Thieves

Posted by CowboyNeal on from the high-tech-breakins dept.

E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."

14 of 171 comments (clear)

  1. Registration free link by jonathan3003 · · Score: 5, Informative

    http://www.nytimes.com/2005/03/19/technology/19wif i.html?ex=1268888400&en=51d90e7518bba5d6&ei=5090&p artner=rssuserland/

  2. Re:Simple! by mattyrobinson69 · · Score: 3, Informative

    MAC addresses are not unspoofable.

    Hooray for double negatives!

  3. An unfortunate case. by tscrum · · Score: 1, Informative

    From my experience, there is simply no way around having interlopers on your network unless you tunnel an ipsec'ed connection over the air. Granted many ap's use default settings, but even those that do not can usually be sniffed for legitimate mac addresses and subverted. To see if your ap is susceptible, you can test it against this month's article in 2600.

  4. Re:Simple! by pegr · · Score: 4, Informative

    Everybody is forgetting each and every ethernet adapter has a unique serial number/address, called the MAC address. It would be very easy to prove/disprove you were the one or not by that address.

    Google "etherchange" and see what you get... Here is the first hit... MAC addresses don't prove diddley...

  5. Re:Simple! by bigtallmofo · · Score: 2, Informative

    Mister Transistor, yours is a common misconception. Your workstation's address is never transmitted outside your local network.

    To the world outside your local network, every MAC address coming from your local network appears to be the same one - the one of your router. Any such WiFi Boogeyman would appear to have the same exact MAC address as you.

    As for the "more sophisticated tracking"... There are some things that can be done but to be honest they're not very sophisticated. Suffice it to say that you could very easily get away with doing just about anything you want if the law enforcement-types are in any way ready to believe that someone other than you might have done it through your network.

    --
    I'm a big tall mofo.
  6. Re:and the problem is? by stretch0611 · · Score: 2, Informative
    Someone tell the Secret Service to stop monitoring IRC connections and go after lazy banks instead, or something...

    Banks already have tons of lawyers and financial resources to fight back lawsuits. They also have lobbyists on capitol hill. It is easier to go after and blame individuals. (Just ask Martha Stewart; she took all the press's attention away from Enron and MCI)

    --
    Looking for a job?
    Want your resume written professionally?
    DON'T USE TUNAREZ!!!
  7. Article Link [No Need to Register] by tonsofpcs · · Score: 2, Informative

    http://www.nytimes.com/2005/03/19/technology/19wif i.html?ex=1268888400&en=51d90e7518bba5d6&ei=5090&p artner=rssuserland

    --
    Video Production Support
  8. this article NEVER questions their motives by Cryofan · · Score: 2, Informative

    Notice that the NY Times NEVER questions whether there could be an ulterior motive to associating wifi with theft, child porn, and terrorism. This TImes articles is a propaganda piece aimed to associating wifi with Bad Things. This propaganda piece is likely bought and paid for by the telcos and cable lobbies who are using propaganda like this to shut dowm possible competition.

    --
    eat shiat and bark at the moon
  9. Re:Everyone should keep their WiFi gateway open. by DavidTC · · Score: 3, Informative
    What the hell does the FCC have to do with any of this? The FCC lets anyone do anything they want in the wifi bands.

    There's no tax, there aren't even rules like in CB. I could set up a radio station on the wifi bands and broadcast 24/7. I wouldn't, as no one has a radio that can tune it in, but I could.

    It's law enforcement that's complaining here, and the FCC does not investigate crimes.

    --
    If corporations are people, aren't stockholders guilty of slavery?
  10. Re:What's with the pathetic default settings? by HermanAB · · Score: 2, Informative

    Actually, there is no good reason why the manufacturers cannot ship the devices with preprogrammed random passwords. Every device they ship can easily be unique. Any self respecting EPROM programmer can do that and then print it on a label stuck to the bottom of the device. Back in the day when we manufactured access points, we did that.

    --
    Oh well, what the hell...
  11. article error by wk633 · · Score: 2, Informative

    recent data thefts from ChoicePoint

    Nothing was stolen from ChoicePoint. They sold data to person or persons they should not have. There was no 'break in' as has been reported elsewhere. The only 'hacking' involved was social.

  12. Re:oops, forgot by Abalamahalamatandra · · Score: 2, Informative
    You can disable them easily and permanently with a simple registry setting - it's the first thing I do on every Winblows machine I'm forced to use.

    Link here, among other places.

  13. Re:Simple! by SCHecklerX · · Score: 2, Informative
    um. Even the WINDOZE driver for my orinoco card lets me change the ethernet address using the GUI, fer chrissakes! In linux, it's this simple, buddy:
    ifconfig [interface name] hw ether [new MAC address]
    But...how does one find the address to spoof? Fire up kismet. Valid Ethernet addresses galore, my friend. Mac filtering is USELESS.
  14. Re:I'm Not a Network Administrator... by KarmaMB84 · · Score: 2, Informative

    It's certainly not alarmist propaganda. The first thing that will happen when law enforcement tracks kiddy porn to you is you'll have your name in the paper for trading kiddy porn. They then take your equipment and any tiny bit of erotic material or encrypted data will be treated as "evidence". They will then tear your home, business and work place apart looking for the disks you were downloading the kiddy porn to. After you beat the rap at trial, people will still look at you like a monster because they "know" you must've got off on some technicality or something and they absolutely can't believe the incompetent police didn't nail your ass to the wall. Heaven forbid the police find the parents of any of the kiddies in the pictures they know were downloaded through your connection because the parents don't even need real proof to take everything you have in a civil suit for either a) downloading the material yourself and "harming" their child or b) aiding the real offender and "harming" their child. Even if they can't win, there's probably dozens of organizations that will fight for them for nothing and drain you luck a stuck pig through litigation.