Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured

Posted by Soulskill on from the floating-point-operation dept.

avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

5 of 209 comments (clear)

  1. Open by choice? by ishmalius · · Score: 5, Interesting

    Don't assume people's motives for having an open AP. Rather than security ignorance, altruism is a perfectly good reason to turn off WEP and WPA.

    1. Re:Open by choice? by dwater · · Score: 4, Interesting

      I do.

      There's even an organisation around where I live/work that promotes it. It's called wippies :

      http://www.wippies.com/www.phtml

      For a free year long commitment, they will send you a free wifi router that will run a second wifi network 'on the side' for other subscribers to use when they're away from home. There's a google map of coverage somewhere on their site, but I can't find it right away...

      --
      Max.
  2. geeks are bringing us the police state by speedtux · · Score: 5, Interesting

    Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.

    So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.

    Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.

  3. Re:So let's get this straight by Drakonik · · Score: 5, Interesting

    A standard social engineering technique used time immemorial has been to look as though you should be somewhere.

    Quoted for truth. Several of my teachers told my class that if we wanted to, we could just wander around the school instead of going to classes, as long as we looked like we were on an errand. I'm not sure whether I should think that it's cool that I could get past authority figures by simply acting like I know that I belong, or whether I should be scared that someone who knows how to act like they belong somewhere can generally get access to that place.

  4. Re:i hate you all by Anonymous Coward · · Score: 5, Interesting

    Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.