Slashdot Mirror
Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured
avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"
Don't assume people's motives for having an open AP. Rather than security ignorance, altruism is a perfectly good reason to turn off WEP and WPA.
Let's also remember to mention that:
A. These people were not committing crimes.
B. The cop most likely wouldn't have the foggiest idea what they were doing.
C. Police on the street aren't the ones that track down cyber criminals, that's handled by other organizations.
If people weren't overspecialized by the public stupefaction system police actually would be able to deal correctly with a larger number of situations. However, this is not in the interests of those who want a stupid, brutal police state.
Only his tendency toward a dazed stupor prevented him from screaming aloud.
Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.
So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.
Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.
Comment removed based on user account deletion
Quoted for truth. Several of my teachers told my class that if we wanted to, we could just wander around the school instead of going to classes, as long as we looked like we were on an errand. I'm not sure whether I should think that it's cool that I could get past authority figures by simply acting like I know that I belong, or whether I should be scared that someone who knows how to act like they belong somewhere can generally get access to that place.
The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal.
Anywhere else in the world it could look like a school science experiment. In Vegas, especially during Defcon, it should be assumed to be a novel approach to gaming a casino.
My other car is a 1984 Nark Avenger.
Asking for perfection isn't a bad thing, expecting it is.
In this case, however, I don't see how the officer did anything wrong. A bunch of kids (effectively, you know how geeks get when they're doing something marginally legal with technology) hanging out in a field with a balloon...what are you going to do? I'd say they responded properly, driving in to check it out (probably called in), realizing it wasn't anything important, and making the people aware that they were there before leaving.
There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.
My thing is i don't understand why people don't just make unsecured wifi routers that firewall one user from another. That way, you can get on the internet from it, but it's much harder to hack others on the same segment.
Free Conference Call -- No Spam, High Quality
The summary only mentioned the police drive by, not the hotel's assertion that police concern was a primary factor in disallowing the balloon launch, which is what makes the complete lack of concern at the end ironic, and therefore worth mentioning. Nobody's talking about unwarranted strip searches.
-Restil
Play with my webcams and lights here