Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Use of WiFi Not Secure

Posted by samzenpus on from the be-more-secure dept.

Terremoto writes "A Congressional report indicates that the use of WiFi by government agencies is being done with little regard for security. The article says, "Government Accountability Office investigators were able to pick up Wi-Fi signals from outside all of the six agencies they tested, and they were able to find examples of unauthorized activity at all six as well.""

10 of 220 comments (clear)

  1. Unauthorized Activity by flood6 · · Score: 4, Interesting
    ...they were able to find examples of unauthorized activity at all six as well.

    It wasn't clear in TFA either, but do they mean a little pr0n surfing/p2p going on or active hack attempts were found?

    --
    SEO Firefox Extension
  2. If this were 2003..... by Anonymous Coward · · Score: 5, Interesting
    then there would be no huge issue. But with tools like - Airsnort for Unix, NetStumbler for Windows and MacStumbler for Mac, there is no excuse for this.

    I would consider it to be criminally negligent.

    It is a shame that they allow these agencies to recieve funding or for their IS / IT departments to still have jobs.

    Lets stop talking about Filibusters and start talking National Security

  3. Really? by tengwar · · Score: 3, Interesting

    I'm always a bit doubtful of these surveys. Some companies run an open network, but to reach any network resources you need to set up a VPN. This avoids possible problems with air-side encryption (yes, I know there are many other solutions) and allows visitors to use the network.

    1. Re:Really? by petecarlson · · Score: 4, Interesting

      Doubtfull? I have done consultations for comapnies that were having problems accessing their mail server because their computers were connecting to the company next door's APs. It seemed that both companies were using linksys access points... SSID "linksys". The whole time they had been using each others connections and neither had a clue.

      CP

  4. Are there any safe (hardware) protocols? by Phoenixhunter · · Score: 3, Interesting
    It seems that just about every form of current encryption has a proof of concept on cracking it. WEP, WPA, LEAP, IPSec, etc.

    About the only solution I've seen is the airFortress product that utilizes a client that encrypts all data and decrypts it through a hardware device that interfaces with the access points. Military has been using it for a bit.

    1. Re:Are there any safe (hardware) protocols? by Hi_2k · · Score: 3, Interesting

      There's a distinction between a theoretical crack and a real one. Theoretically, I could try every 1024 bit key against my GAIM-Encryption messages, and I would eventually find the proper key to decrypt them. It's even possible that there are simpler ways to do it. However, what matters is that it will take sufficently long that the data is no-longer so sensitive. Knowing about next months troop deployments in Iraq is of little use to terrorists in the year 2010.

      --
      When life gives you crap, Make Crapade.
      Sluggy Freelance.
    2. Re:Are there any safe (hardware) protocols? by tildebeast · · Score: 5, Interesting

      In the Army we use cisco aironets and Air fortress products. Mostly we use it for ptp access to remote locations. However there is software that can be installed on laptops that allows the client to connect, while out and about in the motorpool. we have tried several times to crack our own system, Each time resulting in failure. We can use a linux box and kissmet, and other nameless tools to crack into the multiple wep keys, but the Air Fortress encryption eludes us. We have not had, any unallowed access to our system in the 7 months we have been in Iraq.

  5. Open WIFI == Good by xiando · · Score: 3, Interesting

    I know many disagree with me on this, but personally I think that open WIFI networks is a very good thing. And I encourage all Wifi administrators to Open up their networks for all! This is quite safe if you secure the private services on the networks so random people only have access to the Internet. Think of it like this: You allow a few people to use the Internet from your home in exchange of being able to use the Internet when you are other places. If everybody with a Wifi does this then we will eventually have a global free Internet available everywhere for all. Again, having a Open Wifi is no threat to you IF you simply secure the services running on the Wifi! And this is, in fact, a much better approach than having a firewall and relying on that for security...

    --
    9/11: Never forget it was a false-flag operation
  6. Re:Unauthorized access? by JWSmythe · · Score: 3, Interesting

    My girlfriend's cablemodem took a dump while I was trying to do something, so I fired up Kismet, and found 6 access points within listening range.

    4 were encrypted, named "2wire###", where ### is a 3 digit number. I've been informed that those are SBC DSL routers, which *ALL* have the wireless enabled but encrypted by default.

    1 was a very weak signal

    1 was a moderately strong signal (60% to 70%), unencrypted, named "DEFAULT". Kismet said it was a DLink (if I remember right).

    I asked for an IP by DHCP, and I was on. I didn't do anything but started up ethereal, and logged everything for a few minutes.. I was trying to show my girlfriend the problems with unencrypted traffic on the Internet, and how important network security is.

    There are two machines on their network, which were both sending SMB traffic with their machine names (or descriptions). I got their Yahoo! Messenger username. I know they have weatherbug running, and saw he specific zip code. They didn't browse the net, but in one of the rare instances that my girlfriend's own cablemodem was working, I sent a message by Yahoo! Messenger, and she saw it go by in clear text. Based on the information I gathered, I knew exactly which apartment it was.

    At an unnamed casino in Vegas, I saw everything about their display boards. It would have been trivial for me to pretend to be their host, and change all the boards (winners, potential winnings, etc). I didn't though. I just emailed them when I got home, with the logs. They thanked me for pointing out the oversight. They were very good about it, so I won't say the name.

    Once in a while, I'll fire up Kismet, and go driving. Not really wardriving, just to get an idea of what the area looks like. I can see about 200 AP's from my house with a high gain antenna (24db). I can pick up about 300 driving about 10 miles with a low gain antenna (4db) stuck to the back of my laptop screen. In both cases, more than half of the AP's found are unencrypted. Random samplings showed I could get online with no problems.

    --
    Serious? Seriousness is well above my pay grade.
  7. Not at NASA by alispguru · · Score: 3, Interesting

    At least, not at Goddard where I work. NASA used to be an easy target for crackers, but we've tightened up a lot since those days. Network security around here wardrives the grounds, and people with guns (!) will show up if they detect an unauthorized access point.

    --

    To a Lisp hacker, XML is S-expressions in drag.