Slashdot Mirror
Why You See 'Free Public WiFi' In So Many Places
An anonymous reader writes "Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.' Of course, since it's ad hoc (computer to computer) it's not actually access to the internet. So why is this in so many places? Turns out it's due to a bug in Windows XP. Apparently, the way XP works is that if it can't find a 'favorite' WiFi hotspot, it automatically sets up the computer to broadcast itself as an ad hoc network point, using the name of the last connection the computer attempted. So... people see 'Free Public WiFi' and they try to log on. Then their own computer starts broadcasting the same thing, because it can't find a network it knows. And, like a virus, the 'Free Public WiFi' that doesn't work lives on and on and on."
Windows really *is* a virus!
Ah!
Have you heard about SoylentNews?
That's the SSID for my home wi-fi :-D.
I guess I am not the only one that is thinking that "Free Internet" SSID is a perfect vector for a MIM attack. Has anyone heard of any cases where it has already been exploited?
Steve Gibson covered this over 3 years ago. https://www.grc.com/sn/sn-082.htm
Oh wow! Is it a big alot? Or a furry one? Is it friendly? I hear alots can be dangerous.
http://hyperboleandahalf.blogspot.com/2010/04/alot-is-better-than-you-at-everything.html
At my old school which I left earlier this year, I remember setting up my laptop as an ad-hoc access point to test some music streaming with VLC.
I have no idea why, but someone must have tried to connect to it. Now, almost a year after leaving that school, people still tell me that the 'ghost' of my laptop broadcasting can still be seen.
There are 2 ad-hoc networks out there that are 'ghosts' now, the first is my nickname (yeah, bad choice for a perpetuating network, I know) and the second is named after the university network, which is accessible on clear days.
Sure, why should today be any different than any other day in my life...
*sighs*
The "hpsetup" ESSID is from HP bloatware. It is used to connect the computer to wireless peripherals, namely HP wifi-enable printers.
I researched this myself, and it ended up that there were a bunch of better ways to implement it, but HP flat out didn't care.
Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.'
Doesn't match my experience. I have done a fair bit of flying lately - and always needing at least one connection each time because my closest airport sucks - and haven't seen it at the airports I've been to. I have checked for WiFi at coffee shops and restaurants and haven't seen that SSID there either. Lately I have been connecting through some of the busiest airports in the country (O'Hare and Newark Liberty in particular) and haven't seen this.
In fact, I can't think of the last time I did see it. I often use my blackberry to access open WiFi spots, and I don't have a record of a network that I have connected to called 'Free Public WiFi'.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
7 did absolutely nothing I needed that XP didn't, and had plenty of quirks that drove me crazy.
Nothing?! They made the digital camera interface usable, and someone finally added a “crop” function to Paint...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
to be affected. This was fixed in XP SP3. Love lines like "When a computer running an older version of XP ...." without further explanation. Haters gonna hate!
I actually downgraded from 7 last year after determining that 7 did absolutely nothing I needed that XP didn't,
Except, not having this bug....for one.
actually it looks just like an aswell, only smaller
Mod parent up and GP down. The "duped" is about a scam, while this is about a big in XP. Bigg diff.
Almost anywhere you go these days (particularly on slashdot), if you check for new stories, you have a pretty good chance of seeing a a duped story from another site. Of course, since it's a duped story (news site to news site) it's not actually news. So why is this in so many places? Turns out it's due to a bug in site moderators. Apparently, the way they work is that if they can't find a 'new' story, they automatically sets up their site to broadcast a duped story, using the title of the last story that was popular. So... people see this and they try to read it. Then their own favorite sites start broadcasting the same thing, because it can't find a good story on its own. And, like a virus, the 'Duped Story' that doesn't work lives on and on and on."
So 'the user buying something' is a better solution than the printer software supporting ad-hoc networks?
We disagree.
Nerd rage is the funniest rage.
Al Qaeda web -at this airport- is another good one.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I was once called out for an emergency network repair at a local country club. A company had hired out the banquet room for a large business meeting, and could not get the wireless to work. When I arrived on site, I found that everyone in the room was connected to Free Public Wifi, being broadcast by one of the company owners' laptops. Turned out, the golf course did not have a wireless access point at all.
Actually, it is pretty easy to hijack about any wireless network using WPA. WPA2 is only a tad bit more harder and both are easier then wep until you get into some business class security. Basically, all you need to do is flood the connection to force a reconnect between the devices then run a script or program on those packets.
It's actually a little more difficult then that, but once you find the right programs and the right hardware to work with them, it's not much more difficult then that. And the most difficult parts are already taken care of and reusable for the most part.
I have a laptop set up specifically to do this. Whenever I have a customer claim their rocket scientist nephew, or son, or the neibor's- dog's- sister's- aunt's cousin, or the time warner cable guy swears that wireless is safe and I don't know what I'm talking about, I simply tell them to go ahead and install it, then show up to ask how it's going with the wireless and show them that I'm already on the network. Sometimes I have to wait outside for about a half hour before I get it cracked, but I haven't ran into one wireless network yet that took longer then 2 hours to crack into. And yes, all the software needed is pretty much free and available on the interweb waiting to be downloaded and used. There is a pretty steep learning curve though but it's not that hard and there are a lot if tutorials out there. This is especially easy when the time warner guy and most outside techs try to use a phone number for the key phrase. Often, if you have a list of phone numbers to a building with wireless, going through those will get you a working key without needing all the monitoring and cracking software. Start with the Fax numbers as they are often tied to the DSL or the Cable Internet Phone which makes it easy for the technicians to find if they have to service it again.
Anyways, once you are on the network, it's pretty trivial to send command to any windows box to do things that give you more control. Especially if they have the power shell installed. Most firewalls don't screen addresses on the network as it seems to be universally trusted in most environments.
Microsoft *tortles again.
*Doing something which is legal, but shouldn't be. Example he tortled with her affections.