Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured

avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

Networks on The Strip

[superj711]

I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.

Re:Only 1/3?

[anagama]

I'm not sure if you are making a joke, so just in case you aren't, I'll point out that MAC address filtering is no security at all. Your laptop is transmitting it's MAC as part of the regular wifi transmissions so sniffing it out of the air is trivial with Kismet or Kismac. Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.

Here's an overview:

http://www.irongeek.com/i.php?page=security/changemac

For Linux, if you just want a random MAC to make yourself even more anonymous:
http://www.alobbs.com/macchanger

Similar software exists for windows (google "windows macchanger")