Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured

Posted by Soulskill on from the floating-point-operation dept.

avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

10 of 209 comments (clear)

  1. i hate you all by blhack · · Score: 5, Funny

    Will everybody please STFU about securing your wifi..

    Cracking their wep when I'm on the road and without my gear is a pain in the ass!

    --
    NewslilySocial News. No lolcats allowed.
    1. Re:i hate you all by Anonymous Coward · · Score: 5, Interesting

      Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.

    2. Re:i hate you all by MrNaz · · Score: 5, Insightful

      More to the point about finding unsuspecting piggybackers, I don't see how it should be expected that the law should get involved to quickly unless a serious crime has been committed. I find this particularly alarming:

      In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'

      So they'd prefer if the police stopped and strip search everyone doing something they considered suspicious? What kind of hackers are they if they think authority needs to always get up close and personal with anyone doing anything remotely out of the ordinary.

      It's a good thing that the police had a look, could see that a crime wasn't being committed, and decided to continue looking for something worthy of their time, not a bad thing as the absurd summary seems to suggest.

      --
      I hate printers.
  2. Networks on The Strip by superj711 · · Score: 5, Informative

    I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.

  3. So let's get this straight by yourpusher · · Score: 5, Insightful

    If the police flip out over something we do, they're overreacting idiots that don't understand technology.

    But if the police don't flip out over something we do, they're underreacting idiots who aren't keeping us safe.

    Mmkay.

    1. Re:So let's get this straight by Drakonik · · Score: 5, Interesting

      A standard social engineering technique used time immemorial has been to look as though you should be somewhere.

      Quoted for truth. Several of my teachers told my class that if we wanted to, we could just wander around the school instead of going to classes, as long as we looked like we were on an errand. I'm not sure whether I should think that it's cool that I could get past authority figures by simply acting like I know that I belong, or whether I should be scared that someone who knows how to act like they belong somewhere can generally get access to that place.

  4. Open by choice? by ishmalius · · Score: 5, Interesting

    Don't assume people's motives for having an open AP. Rather than security ignorance, altruism is a perfectly good reason to turn off WEP and WPA.

  5. Re:The Police just waved? by hoofinasia · · Score: 5, Funny

    I don't care how big the parking lot, crowd, or equipment...
    Geeks with balloons are not scary.

  6. geeks are bringing us the police state by speedtux · · Score: 5, Interesting

    Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.

    So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.

    Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.

  7. And the only question remaining... by ladybugfi · · Score: 5, Funny

    ...was Cory Doctorow in the balloon blogging? http://xkcd.com/239/