Home WiFi Network Security Failings Exposed

An anonymous reader writes "The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

Default password security

[BadAnalogyGuy]

My wifi router required me to change the root name and password. Don't they have that technology over in the UK?

Re:Default password security

[indros]

Unfortunately that only changes the login for your router admin page. That has nothing to do with WEP/WPA/WPA2.

Re:Default password security

[coolsnowmen]

I have verizon DSL, and when I called for help/to complain (my connection was dropping), the tech on the phone couldn't fathom why I'd changed my administrative password. He slowly guided me through typing in a default name/pw (which I'd changed a year ago) and wouldn't deviate from the script when I told him mine was different and to hold on a second.

Though, as a linux user, I'm used to lying to technical support: "Yes, sir, I can click start->run->'cmd' "

Re:Default password security

[master0ne]

This points out a major issue, many non technical users often do not know the difference between security of the router and security of the wifi signal itself. Many people just change the router's password and think they are "safe".

"Life assistance" = identity theft protection

[Sockatume]

If you were in any doubt as to why they were sponsoring a study which discovered something scary about the intertrons.

Re:"Life assistance" = identity theft protection

[Frosty+Piss]

So? Your point? Are you saying that the findings are bunk? Or are you just pissing about enterprising people who make more money than you?

No password WiFi != unsecured

[Omnifarious]

My Wi-Fi has no password, and that's a purposeful choice. While evaluating the passwords on WiFi that does have a password is a reasonable analysis, it's not reasonable to call any WiFi without a password as unsecured.

Re:No password WiFi != unsecured

[Sockatume]

MAC filtering, right? A surprising number of generic routers from telecom companies do some MAC-based authentication, I've found. I was surprised to discover that my aunt's Orange router made you switch it into a pairing mode by holding a button on the side before it'd let an unfamiliar device actually use the network. So even though this amazing hacker could get through the WEP password in 5 seconds, he wasn't going anywhere.

Re:No password WiFi != unsecured

I've got some bad news for you... MAC spoofing is incredibly easy to do for anyone that wants to do it.

Re:No password WiFi != unsecured

...because there's no such thing as mac spoofing, right guys?

Security Through Obscurity at it's best

Re:No password WiFi != unsecured

[rotide]

Frankly, spoofing wireless MAC addresses are easier than cracking WEP. Hell, one of the first steps in using backtrack, etc, is to spoof your mac before associating with the AP.

Re:No password WiFi != unsecured

[MoonBuggy]

Exactly. Some of us are quite happy to provide a little bit of free access to those who need it. All the machines on my network are secured, the network itself is deliberately open.

Re:No password WiFi != unsecured

[BrokenHalo]

MAC spoofing is incredibly easy to do for anyone that wants to do it.

It is, but guessing the MAC address of a device that will be accepted by the router might be just a little bit harder.

Re:No password WiFi != unsecured

yes, except you have to know a MAC address that the AP is going to allow on the network.

Re:No password WiFi != unsecured

[kikito]

bum! headshot

Re:No password WiFi != unsecured

[gmack]

Do you filter outgoing mail and do you take any measures to prevent forum spamming?

Re:No password WiFi != unsecured

[JayJay.br]

Not if the communication is not encrypted and there is any traffic at the time.

Re:No password WiFi != unsecured

[sjames]

On the other hand, simple MAC based filtering is a perfectly effective way of making it clear that the Wifi is not intended for public use. It's not a half bad option if you don't really care much but want to let normal polite people know your intentions.

It will also keep MOST people looking for free Wifi out.

The ideal MAC filtering sends all un-approved devices to the MITM box to log their facebook credentials and post really awkward messages on their page.

Re:No password WiFi != unsecured

[TheRaven64]

Unless, of course, one such device is already connected, in which case it will be broadcasting its MAC address with every packet. If you use different port numbers, its TCP/IP stack will simply ignore any packets sent to it on connections that you are using.

Re:No password WiFi != unsecured

Some of us are quite happy to provide a little bit of free access to those who need it.

also, it helps to have a little bit of plausible deniability when ACS:Law come calling...

Re:No password WiFi != unsecured

MAC filtering is not an effective way of making it clear that the Wifi is not intended for public use, simply because it does not give any feedback to the user. "It just doesn't work" is the least polite way of letting people know your intentions, especially "normal people".

Interception of transmissions which are not intended for you is clearly illegal, btw., as is manipulating data without authorization. Even if you're in a place where accessing open wireless LANs is not per se legal: If you have the know-how to do what you describe, but still make your access point look like a public hot spot, this will certainly be held against you.

The right thing to do is to encrypt wireless LANs that are not meant to be public. No ifs and buts about it.

Re:No password WiFi != unsecured

Not his job.

Re:No password WiFi != unsecured

[sjames]

That was a joke son...

As for the MAC filtering, if it refuses to allow association, it makes it quite clear the network is closed and that there's no offer available to get it open (unlike a customers only hotspot where a password might be available if you buy something).

Re:No password WiFi != unsecured

MAC filtering results in an indescript error condition. It literally "just doesn't work". There's also no indication that there is no way to use the network. Just like you could get a password for a password protected network, you could have your MAC added to the whitelist. Most importantly, an unencrypted network transmits beacon frames which indicate an open network, indistinguishable from a public network. Captive portals are in the same bin as MAC filtering networks: They both send out misleading information. Captive portals should use WPA(2) encryption and indicate the shared key in the SSID. Closed networks should be encrypted. If you operate an unencrypted network and it's not meant to be accessed by the general public, then you're doing it wrong.

Re:No password WiFi != unsecured

[natehoy]

Sure, and once you crack the encryption (assuming there is any) you wait for the first machine to send the first packet of data to the WiFi access point, which (conveniently) has a recognized MAC address!

MAC address filtering isn't a bad idea, it's just not an effective one. It's a great extra layer of protection, but it's only the slightest bit effective if you also encrypt the control stream so a would-be hacker can't simply look for a known-good one.

Plus, and just as importantly, once the hacker can decrypt the data going over the wire, he or she may not give a shit about actually connecting to your access point. They can just record everything you send and receive, and even if you use SSL for all passwords on the Web and such they can still usually get URLs and often (because very few ISPs support encrypted email checking) your email address, password, and the contents of any email. Not to mention instant messages, the contents of any non-encrypted web pages, etc.

Re:No password WiFi != unsecured

[Albanach]

Spoofing is misdescribing things a bit. It's not like spoofing an IP address where you present an address diffferent to that you're actually using and which can cause issues with a lack of return traffic (data being sent to the spoofed IP).

Usually your MAC address can be user set using ifconfig - something like

ifconfig eth0 hw ether 00:01:02:03:04:05

That then becomes your MAC address. It's not being spoofed, it's the address your card has and will present when connected to a network.

Re:No password WiFi != unsecured

[MoriT]

Right. By "hacking" they didn't mean, "got full access to the router", they meant, "could use the WiFi." I run an open router because I think blanketing as much of the country in open WiFi is important. I keep appropriate security for it, and I don't use that network, but there is no reason to equate the two unless you're a FUD company profiting off people thinking that just because someone can use their WiFi they are going to commit identity theft. By that point, wouldn't it be easier to find some of those credit card checks in the trash? How many of these people use shredders? Probably fewer than secure their wireless network.

Re:No password WiFi != unsecured

[ElectricTurtle]

So are hotels and libraries and coffee shops "on the hook" for terrorism and child pr0n too?

Re:No password WiFi != unsecured

Even if it is encrypted, you'll see the MAC in the clear.

Re:No password WiFi != unsecured

[tepples]

Ideally, hotels, libraries, and coffee shops should offer Wi-Fi credentials (the WPA key and a one-time-use activation code on the captive portal) only to customers who have paid or otherwise identified themselves.

Re:No password WiFi != unsecured

If someone leeches your internet to grab child porn or to communicate with terrorists then you are on the hook.

Maybe he's a part time pedophile terrorist and he wants to be able to blame his unsecured wifi in case he gets caught.

Re:No password WiFi != unsecured

Me too, I have an open wireless network with a +9db omni antenna in my attic. It reaches a couple of houses in any direction around my house. I also run a TOR exit node.

A couple of reasons for this.
1. Comcast charges me $80/month, by god I'm going to USE that !@)!$*#))@*&&# bandwidth.
2. It gives me interesting traffic to packet trace.

My personal internal network uses an ipsec policy to encrypt all traffic to the private gateway where it is decrypted for the interwebs.

It's good enough, for now.

Re:No password WiFi != unsecured

[norminator]

I'm sure most people here have already seen this, but just because it's relevant, I'll post itt again: http://www.ex-parrot.com/pete/upside-down-ternet.html

Re:No password WiFi != unsecured

[Elshar]

No. Technically it is spoofing. Every network adapter has a unique address assigned to it, typically stored in some firmware within the NIC itself. The whole purpose is to make that particular interface globally identifiable.

Now, if you change your NIC's MAC to someone ELSE'S MAC, you are spoofing their MAC. IE, you are pretending that your NIC is in fact someone else's, even though it's not. For the sole purpose of attempting to gain access while masquerading as the other device.

That's pretty much the definition of spoofing. Here's a summary definition or two:

In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Definition of Spoof:

Verb -
* to communicate electronically under a false identity
* to fool by a hoax; play a trick on, esp. one intended to deceive.

So, what you describe is not spoofing? I think so.

Re:No password WiFi != unsecured

[alex_guy_CA]

If I wanted to leave my wi-fi open and unsecured, what steps should I take to protect my computer? I have a mac, OS 10.6.

Thanks

Re:No password WiFi != unsecured

[Civil_Disobedient]

Interception of transmissions which are not intended for you is clearly illegal

And how do you know if it's intended for you until you intercept it?

Re:No password WiFi != unsecured

[mcgrew]

If someone leeches your internet to grab child porn or to communicate with terrorists then

When they confiscate and examine your computer they will find no evidence of child porn or terrorist emails. Plus, there's relatively damned little of that going on; your risk is zilch.

But beyond just that there are always 0-day hacks out there and letting someone freely roam your LAN is like begging to be compromised.

There's damned little of that as well. Your fear is unwarranted; you're more likely to lose your data from a hardware failure. You're just looking for an excuse to be selfish without feeling guilty about being selfish.

Re:No password WiFi != unsecured

[avm]

Or some of us have enough space between neighbors that it's not particularly critical. My nearest neighbor is separated from my wifi network by 10 acres of aspen and pine trees.

Re:No password WiFi != unsecured

An unsecure system could use vpn setups to secure itself, to further test their findings they would need to not only authenticate but also ping out from such network to see if it is "internet" connected.

Now as for half of home residents being able to be "hacked in 5 seconds" I am going to call that out as not "hacking" but the owners standard mundane day to day usage and doesn't involve anything besides the common laymans network access methods. Most likely the network does not have a dhcp server so you will need a manual ip address and your own dns settings something that most operating systems might setup automatically and some network usage doesn't require the use of dns names if the ip is already known.

Re:No password WiFi != unsecured

I've always wondered why they don't print temporary credentials on the receipt.

Re:No password WiFi != unsecured

[Omnifarious]

I do MAC filtering, yes, but I also do all of my communications over the wireless with an SSH tunnel. I'm only relying on the MAC filtering for a very limited and spoofable form of access control.

No, it's open because I want it open. One of these days I'll get some traffic prioritization set up and merely categorize by MAC address. Anybody can use my wireless connection, but I get first dibs on all the bandwidth to the outside world.

Re:No password WiFi != unsecured

[Omnifarious]

Well, my wifi is sitting on one zone of a multizone firewall I have set up using a Linux box. I also run web servers, mail servers, and some other stuff, so I've made an attempt to harden my network a bit against people trying to break in.

I treat the wifi zone the same way as I treat the external Internet zone, except they get to talk to my DHCP server and use my caching relay DNS server and the rest of the world doesn't.

Re:No password WiFi != unsecured

[Omnifarious]

Actually, most wifi routers have their own DNS servers these days and set up NAT automatically.

Re:No password WiFi != unsecured

[Albanach]

I'm not sure if you didn't read or didn't understand my post.

What I did was point out the fundamental difference between spoofing a MAC address and an IP address.

Once you change the MAC address, it becomes the address of the card. Sure you could use that to spoof the identity of another device on the network, but that's a consequence of your intent, not of changing the MAC address.

When spoofing an IP address, that act itself fits your definition of spoofing.

You may wish to use one term for two very different changes. IMHO that only serves to confuse matters and does no one any favours.

um seconds... no...

[daveb1]

um seconds... no... it takes a few minutes max to crack wep ... If you were trying a dictionary attack against a network that may work faster :)

No password may be a feature not a bug

[kherr]

There is no way to know if the open wifi networks are open intentionally or not. Just ask Bruce Schneier. Saying they're "open to criminals" is biased, maybe "open to visitors" would be more appropriate. How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

Re:No password may be a feature not a bug

[houghi]

In the real life, the people will have no idea that the wireless from they got from their ISP is insecure. That is why they payed money for it in the first place, because they have no idea how to do it themselves.

And sure, the coffee place might have the modem to standard login and password, so I would take another coffee while I played with their system, but in reality I know better and you know as well.

Re:No password may be a feature not a bug

crumpet bribery is at epic levels in UK i'm sad to report.

Re:No password may be a feature not a bug

[hedwards]

If you want it to be open for visitors and whoever else wants in, there's solutions for that. Open mesh includes the possibility, although at this point, they don't seem to allow a proper way of securing it other than just putting in a long passphrase of gibberish and not telling people what it is.

Re:No password may be a feature not a bug

[tepples]

How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

As I understand it, solely because there hasn't yet been a widely publicized child porn conviction involving coffee shop Wi-Fi.

Re:No password may be a feature not a bug

[petes_PoV]

Maybe commercial premises don't require password access. However that doesn' t make them secure. Only a fool would use one of those locations without securing an HTTPS connection to (say) their bank. Because, guess what? Yes - the wifi is insecure.

Re:No password may be a feature not a bug

Many of those systems are walled garden setups that require some kind of registration, submission to logging, etc.

Re:No password may be a feature not a bug

[shentino]

All that matters is that the RIAA is going to come after YOU if someone ELSE uses YOUR network.

Re:No password may be a feature not a bug

[severn2j]

Exactly this.. A large webservices company I used to contract for has open Wifi throughout their building in Central London, so that visitors can get Internet access, you can only get on the corp network if you have the correct MAC + other layers behind VMPS, otherwise it just redirects you to the 'guest' network.. A feature. Not a bug. No doubt our 'ethical hacker' added this to the 'bad' list..

Re:No password may be a feature not a bug

[BitZtream]

The page that you get directed to when you first use it that requires you to agree to their ToS might have something to do with the difference.

I'm Shocked!

[AtomicDevice]

The men in their scary black vans will totally park outside my house and steal my wifi!

Oh wait, that's not scary at all because people don't do that. And in real life, I type all my passwords only into sites secured with ssl, which is way better than crappy wifi encryption anyways. So I guess that the neighbor kids might get some free wifi (don't care, not a big deal to block them, mac whitelist, upside-down-ternet etc). If there are people parked outside my house gathering my non-secret data (since my secret data is encrypted regardless of wifi), I either
a) Don't care (google, engineering students, etc
b) Have bigger things to worry about (the FBI, and since I don't have brown skin or read a Koran, I probably won't ever fall into their highly sophisticated detection network)

See also: http://xkcd.com/341/
and furthermore: http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110

Re:I'm Shocked!

[hedwards]

I disagree, the point is that they could do it, not that they are doing it. If you leave your connection open, then they could do it and you'd ultimately be the one that's getting investigated by the FBI.

Sure it's not common practice, but that's not to say that it doesn't or couldn't happen, it's still a risk and really a stupid one to take.

Re:I'm Shocked!

[Lumpy]

Dude, only rank amateurs would do they from in front of your house. I have a $29.95 antenna I bought that I can use your WiFi from 5 blocks away. You wont see them, you will not be able to detect them. Heck this thing was able to pull Wifi through trees and houses from a block away.

If you think they need to be near your house, then you know absolutely nothing about networking.

Re:I'm Shocked!

[natehoy]

Do you check your email over WiFi? Have you configured your email to check over a secured connection (hint: very, very few ISPs actually support this!)?

http://customer.comcast.com/Pages/FAQViewer.aspx?Guid=b454828c-37a6-459a-9191-2a1b0f2bb20e http://www22.verizon.com/ResidentialHelp/FiOSInternet/Email/Setup%20And%20Use/QuestionsOne/85515
http://www.dslreports.com/forum/r19960885-northeast-Verizon-FIOS-and-Outlook-2003-Setup -- note the quote "Server Requires Authentication should not be checked."

There are a surprising number of services that do not use SSL (POP/SMTP for email, Instant Messenger, plain old FTP, etc), and even those that do sometimes only protect the actual login process.

I don't mean to sound paranoid, but you may be revealing more of your "secret" data than you think. Security is not accomplished using a single layer of protection. Particularly not when the single layer is woefully incomplete.

Re:I'm Shocked!

[Hatta]

Oh wait, that's not scary at all because people don't do that.

What reason do you have to believe that people don't do that?

Re:I'm Shocked!

[plover]

It's a risk, but without a lot more data regarding the density of hackers per square km in his area, I'd hardly call it stupid.

Re:I'm Shocked!

How the FUCK is this a troll?
are only morons that know nothing about wifi modding on slashdot?

Lumpy is 100% correct.

Re:No password WiFi == unsecured

You seem to be confusing "unsecured" with "insecure". They do not mean the same thing.

Unsecured WIFI means you have no password..

Just because it's intentionally unsecured doesn't mean it's not unsecured.

Slow take up of WPA

[pellik]

Why is it so hard for industry (default configurations) to move from open or WEP to WPA? Sure, WPA isn't perfect, but it does represent a significant increase in difficulty for hackers.

Re:Slow take up of WPA

[hedwards]

Indeed, while WPA1 was cracked, it's not completely cracked and the utility is pretty minimal for those that want to abuse it. I think that getting things like WPS to work right and be supported across platforms would likely go along ways.

WPS in my experience tends to be hit or miss, I don't think that any of my hardware actually supports it, apart from one of the access points I had. Unfortunately, things like my Wii and PS3 don't seem to support it, which is a shame given that when done properly it's both more convenient and more secure that counting on the ability to type in a pass phrase with a controller.

Re:Slow take up of WPA

[VJ42]

Why is it so hard for industry (default configurations) to move from open or WEP to WPA? Sure, WPA isn't perfect, but it does represent a significant increase in difficulty for hackers.

I use WEP+MAC filtering because I have a really old WiFi card that doesn't handle WPA and no reason to replace it.And to be blunt, that's just fine; it deters the neighbors enough to stop them using my 'net connection. It won't stop a determined hacker, but exactly when is that going to be a problem?

Re:Slow take up of WPA

Congratulations. Your network security is approximately as effective as running a network cable out to a hub in the middle of your lawn. WEP can be cracked, just by listening to the signal, in a few minutes these days, and MAC filtering fails at the exact same moment, because you'll have a device with a MAC *on* the network that they can 'borrow'. That MAC is broadcast in the same signal they listened to for a few minutes to crack your WEP password.

Re:Slow take up of WPA

I know. WPA-TKIP was designed to run on older 802.11b hardware that only support RC4 with a firmware/software update, but of course not all devices were updated. BTW, a 802.11b adapter that supports WPA2-CCMP is the Intel 2100 wireless card used in the original Centrino.

Re:Slow take up of WPA

It doesn't take a determined hacker to crack WEP, it is easy to find out how if you can use Google, so all you need is for a bored script kiddie with a few minutes to spare to come past your house and they could be on your network in less than 5 minutes. If that doesn't bother you then leave it, but new wireless cards that'll do 802.11g and WPA2 are dirt cheap these days.

OT Question

[rotide]

Honest question here. Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house? Yes, I'm in the US. I know I can use the TOR network, but frankly, I'd rather not. Is there any legal way I can share my network connection to those that need it without setting myself up for a world of hurt?

Again, I realize this is OT, but it's an honest question.

Re:OT Question

[mellon]

Yes. Vote in the November election. Lobby your congresscritters to keep the common carrier defense applicable to the Internet.

Re:OT Question

[characterZer0]

Get a VPS in another country. Establish a VPN connection from your router to your VPS. Route all traffic from the open AP through the VPN.

Re:OT Question

Sounds like somebody wants plausible deniability. Kidding! :)

Re:OT Question

[garyok]

Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house?

If you're really worried that they're going to download CP or troll the POTUS, then you probably just shouldn't do it at all. Yeah, the internet is epoch defining communication tool and a great source of entertainment but I seriously doubt your neighbours' lives are going to grind to a halt if they can't browse Craiglist for the next single woman to keep in their chest freezer.

Re:OT Question

[bsDaemon]

Leaving your wireless AP open doesn't make you a common carrier. From Title II of the Communications Act of 1934:

(h) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this Act; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.

Running an AP basically makes you a person engaged in radio broadcasting, and as we see, that is explicitly not covered. Likewise, if you're not carrying traffic for hire and aren't under an FCC license, then you are also not covered.

But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

Re:OT Question

[Lumpy]

ipcop firewall with a red green and blue interface. run them on the blue interface and run dans guardian on it as well as limit the bandwidth and ports allowed.

20 minutes work. and less than $60.00 if you find a Nokia IP130 firewall used.

Re:OT Question

[IndustrialComplex]

But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

Your right, you don't know what you are talking about. An AP is NOT radio broadcasting in the scope of the regulation you posted.

Re:OT Question

[bsDaemon]

Not in the sense of a W or a K station, but its still broadcasting radio traffic. It still doesn't make you a common carrier due to other restrictions. Most things people think are common carriers aren't and never were. Likewise, "safe harbor" means that if the carrier meets the requirements for compliance with CALEA, that they can't be held liable for not being able to do anymore.

Either way, the end case is the same. Neither of these constructs have anything AT ALL to do with whether or not you're going to get boned if someone jumps on your AP and starts committing crimes.

Re:OT Question

[IndustrialComplex]

Thanks for responding in a civil manner even though I was a bit snarky.

When you get down to it, any 'radio' is broadcasting if you define the area of measurement narrowly enough.

Re:OT Question

[Hatta]

Not possible. If a letter threatening the President comes from your IP, you will be investigated by the Secret Service. Even if you segregate your public wifi from your private wifi, that does not clear you from suspicion. There's nothing stopping you from connecting to your own public wifi and pretending to be a neighbor.

Re:OT Question

[mellon]

Sorry, I didn't mean to imply that merely keeping the status quo on common carrier would work for this case. But turning around the general trend that we've been seeing of making everybody liable for everything would be a step in the right direction. It's a damned shame that the old days of open WiFi everywhere are largely gone.

Re:OT Question

The Acceptable Use Policy of most/all US-based ISPs will forbid this type of activity on personal accounts. They want each paid subscriber to keep access on their account limited to computers within their household and some will try to specify the number of PCs allowed on an individual account.

The reason for this is 1) of course, they want as many paid subscribers as possible but more importantly, 2) they want to prevent (or at least slow down) outside people from connecting to a subscriber's network and having a P2P program acting as a media server, or as a zombie PC, or as a spam-bot.

Re:OT Question

[BitZtream]

Yes, use a password and give it to your neighbors after they agree not to break the law using your connection.

Its not hard really.

And when the kiddy porn gets traced back to you, you can say I also let my neighbor use it. And the police can look on your neighbors computers for porn.

I'd be more concerned with the neighbors getting infected and it spreading to you as well if you didn't put them on a different network segment than kiddie porn.

In other words...

[rakuen]

...a large quantity of general users don't know how to properly configure a wireless network. Shock and awe!

Umm, no.

[schon]

My Wi-Fi has no password, and that's a purposeful choice.

Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

Supposed you have a bicycle. You chain it to a lamppost. It is now secured.
Supposed you take the same bicycle and decide purposely to not chain it to anything. Just because you decided not to chain it doesn't make it magically secured. It's still unsecured, you just made the decision not to secure it.

Re:Umm, no.

[sjames]

However, in the latter case, you can no longer be said to have failed somehow.

Re:Umm, no.

[Reilaos]

But suppose he didn't use a chain, but instead some other form of protection? It's still secured, just not with a chain.

If he secures his network with something other than a traditional password, it's still secured. Just not password protected, which is what I think the parent did.

Re:Umm, no.

[MozeeToby]

But there are other ways to secure a bicycle like... ok, the metaphor is breaking down so I'm going back to reality. MAC filtering, guest SSIDs, or firewalls are all valid ways to secure your network while not encrypting the signal.

Re:Umm, no.

[tdyer]

ummm, no. seperate unencrypted vlan's are == to seperate network. allowing a seperate network for others to use has nothing to do with your security and is irrelevant to this discussion. MAC filtering is just plain stupid, and not worth the time it will take to setup. Firewall's are great as long as you aren't transmitting anything sensitive.

Re:Umm, no.

[Abcd1234]

Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.

Re:Umm, no.

[natehoy]

Not to be pedantic, but... oh, hell, I'll be pedantic.

Your open-and-isolated WAP is not secured. It's isolated.

Your LAN is secured from your WAP. Your WAP is not secured.

Re:Umm, no.

[discojohnson]

Sorry, but use a car analogy so the rest of us can understand.

Re:Umm, no.

[Blakey+Rat]

Supposed you have a bicycle. You chain it to a lamppost. It is now secured.
Supposed you take the same bicycle and decide purposely to not chain it to anything. Just because you decided not to chain it doesn't make it magically secured. It's still unsecured, you just made the decision not to secure it.

Yes, but in the second case, it's not a "shocking revelation" (or whatever hyperbole the article says.)

This guy is trying to say our networks are WRONG, BAD for being unencrypted. He's doing more than just giving numbers, he's making judgments. That's why the distinction is being pointed out here.

Unless he knocked on the door of all of those houses, and asked, "did you intent your wifi to be secured with a password?" he's drawing conclusions based on incomplete data.

Re:Umm, no.

Poor analogy. I believe his point was that running encryption on the wap isnt the olny way to secure it. Lets say you chain your bike to the lamp post, while i choose not to and just lean it against the same post. I choose instead to install motion detectors, cameras, and a private security gaurd to watch it (analagous to user access controls, Restricted ports, IPS, IDS, etc). Is my bike still "unsecured" because i dont have a chain like you?

Re:Umm, no.

[treeves]

Hmm...let's see...OK, you have a Club(TM) but you somehow attach it to one of the wheels instead of attaching it to the steering wheel. Not sure about that...

Re:Umm, no.

[xenoterracide]

bad analogy. I just moved into an apartment complex that has gates, so that in theory people without keys can't (won't try?) to get in. None of my previous complexes were fenced and gated. Not having gates did not make those complexes unsecure, having gates doesn't really make this one secure. Actually I take it back... it's not a bad analogy... It's ALMOST as good as mine.. All things like chains and gates do is keep the honest people honest. Dishonest people may just take bolt cutters to your chain and hop my fence. However, there's one thing your missing... here with my gates if anyone wants to visit me I have to give them the gate code, same as with wifi, where if I didn't have gates... people could just come without being hassled. I doubt you'd want to let other people use your bike as they please.

Not sure I like the fearmongering

...but on the other hand I'm all for securing access points which aren't meant to be publicly accessible. It is good that these people do what's necessary to gain actual security. The alternative is that some of them get burnt and complain, which will lead to the criminalization of accessing public wireless networks. That in turn will lead to a false sense of security as people still broadcast their data in the clear. So, yes, please encrypt your wireless network if it's not meant to be provide public internet access.

Lets face it...

[Darkness404]

Lets face it, yeah, wi-fi routers can be hacked, yeah, a lot of people don't have secure wi-fi, but in all honesty does it matter to most people? Credit card information already should be encrypted with HTTPS so that wouldn't be sniffed, most sites let you use security to log in, etc.

Re:Lets face it...

[ledow]

Because on MOST home setups, access to the network is raw access to the machines. Access to the router setup (compromise and redirect EVERYTHING, bypass IE security zones, etc.), access to the local printers, access to the filesharing ports on the computers, etc. It's a bit more serious than just "could theoretically read all incoming/outgoing unencrypted data".

There is rarely a firewall for a wirelessly connected user (because it's seen as a trusted network once you're on it), thus a simple "net use \\ip address\share" will join you to their hard drive if they've ever enabled file sharing (local user passwords aside - if they didn't bother to set a WPA key, chances are they don't use passwords more complicated than "dad"). That's complete, utter, 100% compromise of the machine because it's trivially easy to then just replace critical system files and thus instant key-logger compromises even secure websites.

Beside that, the amount of stuff that flows over an unencrypted HTTP connection is actually quite scary - most UK ISP's use the same login for ADSL and thus do for email, and use plaintext SMTP or POP3 authentication. Even PPTP is inherently insecure if you can record a single conversation over it. If you ever see someone log into their POP3 account, then you have access to their ISP billing, all their email accounts, their home router and again you've hit total compromise.

I never understand the apathy towards this, or towards malware in general. Yes, these people are idiots and get what they deserve but why just say "Oh, it's only a virus, don't worry" or "Oh, someone just got into your wireless". If someone said those things about your body or your home, you'd be extremely nervous and scared about what could have been. If you NEVER use your devices for anything that you wouldn't do on national television, then sure, it's fine. Most people however would be shit-scared to even have their photographs deleted, let alone posted online for all to see, not counting that "passwords.doc" file, or the letters they wrote to their boss complaining about their inept co-workers, etc.etc.etc. If you can happily say that you would just upload the contents of your computers to a public FTP site, then sure, don't worry. Most people, if not all, can't afford such luxuries.

Yes, in practice, most of these compromised users will never know and never have anything bad done to them. However, even a small percentage of such a large number of people is an awful lot of people to be taken to the cleaners, have their bank accounts compromised, have rogue people installing things on their computer etc. Hell, even a teenager deleting your hard drive for a laugh has brought grown people to tears before now because they've lost something they needed for work / some family photos / etc. Yes, backup, backup, backup but that doesn't help after the event.

I work in schools as an IT manager. My first job when I joined my current workplace was to educate people. If you bring me a laptop that "might have a virus or something" and I see a SHRED of evidence of malware, it gets disconnected (even in the middle of a class) and wiped back to factory settings. There is no compromise, or negotiation, because just a few network hops away is the program that pays the entire staff wages from the school's bank account automatically each month. If I see a single piece of software that doesn't belong on any computer, it gets wiped (and all your "unofficial" programs with it, and your music if it's iTunes). When a computer is under my domain, it WILL be clean and that means absolutely STERILE. Every time you take it home and bring it back in, if I spot something, I will just keep wiping it until you learn. So far, 2+ years and nothing more than a fake antivirus banner ad in Firefox across 150 machines because of that policy - but an awful lot of people have learned that they should always back up everything twice (well, I *DID* backup their stuff before I wiped any potentially infected laptop but I only told the

This just in!

[Drakkenmensch]

Hello, Day Old News? Slashdot would like to cancel their subscription. They're taking all their business to Behind the Times.

5 seconds?

[cfc-12]

He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

I'm impressed. I can't connect to my own wireless network in less than 5 seconds.

Re:5 seconds?

I'm impressed. I can't connect to my own wireless network in less than 5 seconds.

Just compare it to movies. If I try to play my legally obtained blu-ray or DVD, it takes forever to start. If I obtain a rip from Pirate Bay, it plays instantly.

Re:5 seconds?

[stephanruby]

I'm not. I don't think his set up requires him to click three buttons and wait for internet explorer to load. He's most likely just establishing the connection through some kind of scripted command-line utility, and then just issuing a ping to a well-known fast-loading web site.

Not Shocking

[timeOday]

I hate the alarming tone of these passe "war driving" articles. A car or home can be broken into in 5 seconds by breaking a window. Most mailboxes where I live (including mine) are just boxes with a little non-locking door on the front that anybody can open.

And yet, the world keeps on turning.

Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

Re:Not Shocking

[rakuen]

Well, you might be able to if it was on a network share, but that brings up an entirely different set of security issues. The foremost of which is probably, "Why on earth are you keeping important information on a public network share?"

Bet it happens too.

Re:Not Shocking

[Nidi62]

Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.

Re:Not Shocking

[betterunixthanunix]

Now if only judges and juries could be convinced that is a likely scenario, maybe we could finally move past all the nonsense.

Re:Not Shocking

[Lumpy]

But we need more people AFRAID.. the world is better with rampant fear....

LOOK OUT! ther's terrorists hiding in the bushes behind you!

Re:Not Shocking

[tophermeyer]

The scary part though is that a determined thief could be monitoring your traffic and you would never know. If someone smashes a window and breaks into your house you will know about it. If someone is monitoring my traffic while I'm trying to file my tax returns, for example, they might have all sorts of valuable information about me and I would never know. Especially if I am the sort of under-experienced user that leaves my wi-fi open.

Re:Not Shocking

Most mailboxes where I live (including mine) are just boxes with a little non-locking door on the front that anybody can open.

That would never work in the UK. Post is generally delivered through a letterbox in the front door. Just not always to the front door of the correct house.

Re:Not Shocking

Where you live do you have robots going from mailbox to mailbox? I suspect not.

Re:Not Shocking

[Arimus]

Or even delivered at all... http://news.bbc.co.uk/1/hi/england/manchester/8141241.stm

Re:Not Shocking

[cdrguru]

When they seize the computer in the house and find the downloaded music on it the argument becomes rather difficult.

Nobody has gotten any fines or judgements without having their computer seized and examined.

Re:Not Shocking

[david_thornley]

I'm not sure judges and juries can't be convinced it's a likely scenario. I don't offhand know of any conviction simply from net traffic, without supporting evidence, such as what's on the computer. On the other hand, I don't like the idea that somebody uses my connection for something bad, and the police haul off the family computers for an undefined period of time.

Re:Not Shocking

[amorsen]

This HAS been used successfully in a file sharing defence.

Re:Not Shocking

Now if only judges and juries could be convinced that is a likely scenario, maybe we could finally move past all the nonsense.

I see what you're proposing. Interesting.

Re:Not Shocking

[rtechie]

But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.

This is actually less likely than people seem to think. Courts (and more importantly, police) have tended to allow for the unsecured/cracked wifi defense because hackers/bad people tend to use them. For example, Downloading child porn. Botnets. etc. The innocent bystander defense usually works.

If someone has vacant rental home and meth heads break in and set up a secret lab to "cook" meth, the homeowner is not responsible for their actions. He's as much a victim as anyone else.

Re:Not Shocking

I think the key difference is that you have to present a clear physical presence to break into tangible things like cars and houses. The perceived risk is higher, and you know people are going to be serious about locking you up. Breaking into wireless networks can be done by cowards, which increases the number of potential "attackers" greatly, whether or not the stakes are very high. Granted, your traffic *should* be secured by other means, but if you didn't properly secure your AP, you might not really notice if your bank page comes up http://bank.com/ instead of redirecting to https://bank.com/ like it usually does.

You've got a legitimate point; this is not exactly a shocking breakthrough, but I just wanted to play devil's advocate.

Ethical Hacker?

[jermo]

Does that qualify every 12yr old- capable of cracking a WEP key, to then do security assessments in the name of CPP? If so, they should promptly upgrade their lolcats and share those with us, so at least their contribution to the information security community will have some usefulness and originality.

Rubbish.

[Curmudgeonlyoldbloke]

"* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals."

So that's not just home networks then, that includes businesses deliberatly running open wifi as a service to visitors, and all sorts of commercial access points that are "open" in that they get you to a login provider for the service, which you then have to log in to? How many these "private wireless networks" are adhoc wireless on one PC connected to nothing in particular?

The first link is just an advert selling snake-oil, the second contains no information to speak of. No link to any "report" at all.

Here comes WarPrinting

[rokkaku]

I can just imagine the birth of WarPrinting -- folks driving around the neighborhood, looking for an open printer to spew out Tubgirl or Goatse. Somehow, WiFi-equipped printers don't seem like the perfect idea, after all.

Re:Here comes WarPrinting

[Lumpy]

my favorite is war faxing...

dial a fax number and have two pieces of black paper ready, tape them together and start it feeding, then tape it into a loop.

When the offending company comes to the office they will be out of fax paper and toner.

for bonus points, program their head office's main fax number into your fax machine as the reporting number...

Umm, no... again

[Charliemopps]

You don't need to password protect your wifi to secure your network. If you have it properly firewalled after the AP there's no need to secure the connection at all. Since Wifi security is pretty much worthless anyway, why bother? If someone connects to my AP they will get a big fat nothing. No internet connection, no access to the internal lan, nothing.

Here's what I think of all those unsecured WAPs

[hdon]

Good.

Re:Here's what I think of all those unsecured WAPs

There needs to be more of them. It is the only way I connect to the Internet. I have never paid a monthly Internet bill (or cable) for the past 9 years. ($40/month * 12 months * 9 years = $4,320 after tax dollars saved)

Re:Here's what I think of all those unsecured WAPs

[hdon]

It's okay, I make decent money now, and I know what it's like to not have *any* money.

So cute...

[twebb72]

Its so cute how kids today think 'hacking' is obtaining access to an unprotected WAP.

Re:So cute...

[jank1887]

unprotected WAP? sure, I hacked my old cell phone to get WAP without paying verizon. but I think the good folks up above were talking about WiFi.

Re:So cute...

http://en.wikipedia.org/wiki/WAP

In this context, WAP would mean "Wireless Access Point".

Most three-letter acronyms mean more than one thing, you know.

Re:So cute...

[cbiltcliffe]

WTF? RLY?

LOL!

Comment removed

[account_deleted]

Comment removed based on user account deletion

If it only takes 5 seconds to 'break in'

[jenningsthecat]

... then it's not called 'hacking', it's called 'connecting to an open access point'. Next thing you know, sticking a DVD in your computer's drive and installing software will be called 'hacking'. Have we fallen so far?

Re:If it only takes 5 seconds to 'break in'

[rnelsonee]

RTFA, it's even in bold:

According to CPP a typical password can be breached by hackers in a matter of seconds

So this isn't open access points - it's networks that are locked down (with WEP)

Re:If it only takes 5 seconds to 'break in'

[Fusen]

In that case then the 5 second claim is basically rubbish. Even with injecting your own packets to speed up the total IVs collected, it's going to take about 20-30 seconds and that is also with legitimate users on the network actually transferring packets so you get an even larger pool. 5 seconds would explain connecting to an open network, not WEP cracking. Even setting up the most common method of cracking wep which is using some variant of aircrack takes at least half a minute.

Shocking?

How is this shocking to anyone that uses the technology? Every person that uses WiFi knows that there's open AP's all over the place.

Where's the break-in kit?

[BenEnglishAtHome]

Where's the software suite that lets me set up P2P software, a giant list of usenet down- or uploads, or any task for later execution, then constantly searches for open wi-fi, connects, and does the task(s)? Surely someone has written something simple to set up that works automatically.

It sure would be nice if EvilMe (tm) had a VM on my laptop that was constantly doing all my EvilDeeds (tm) in the background.

Mine doesn't

[fishbowl]

I have an open wi-fi access point. The SSID is named "FBI Surveillance". I've waited a long, long time for someone else to actually connect to it. If they did, it's not as if they'd be able to access any of my hosts - my security doesn't rely on a closed network segment at all.

Re:Mine doesn't

[MillionthMonkey]

I was passing the time on the bus the other day with a smartphone watching people's networks fade in and out of range. Most are called "2WIRE_565" or something dull like that, but the bus passes by some dickhead who calls his network "MineAndNotYours" and other people broadcasting "CowboysFan" etc. Someone on my street is broadcasting an SSID of "hornygirl", so I have to bring my smartphone trick-or-treating this Halloween.

Re:Mine doesn't

Looked at some offices once- one of the networks in range was 'FreeMidgetPorn"

Re:Mine doesn't

[Shotgun]

Someone on my street is broadcasting an SSID of "hornygirl", so I have to bring my smartphone trick-or-treating this Halloween.

Careful with that. It could be the 45yr old, overweight male divorcee that is always looking strange at the little boys in the neighborhood. You'll be sick for days after you find that out.

Much better to stick to the mental illusions you construct yourself.

They're not thinking ahead

[hyades1]

I wish that "ethical hacker" clown had kept his head down and his mouth shut. Given how far down the road the UK has already gone toward a society like Big Brother's wet dream, relatively easy access to Wi-Fi without some government snoop leaning over your shoulder might be one of the few remaining freedoms.

scale difference

[DrYak]

there's a subbtle diference :

- a burglar can only be physically in one home at a time
So your possesions are at risk only if he broke specifically in *your* house. If the burglar is in neigbours' - your possessions are safe (for now)

- whereas, a war-driver can usually see a smal city block while sitting comfortably in his/her car (even farther using special antenas)
So your local network (if WiFi isnt'correctly segregated) is at risk,as soon as an evil-hackerdrives in the neighbourhood. Both your local network and anyone else's on the same small block is at risk.

- a script kiddie can see the whole internet at the same time. The whole internet is just "one big village".
So if you don't have a correctly configured firewall an up-to-date antivirus and/or patched OS, your computer is pretty much toasted. It's only a matter of minute before it gets hosed, once a range scaning comes up with your IP. Luckily, most modern modem come with a firewall preconfigured. The bad thing is, some people are going to (badly) open it for applications which need incoming ports. Worst thing, people are going to connect laptops on networks that are somewhat big (work,university) and there's bound to be an infected machine on the local network.

and that's not counting that burglars will have to carry a physical loot and are thus weight limited, whereas evil hackers are more interested in data and are mostly band-width limited (and not even CPU limited. Thanks to CPU technology advancements, now there are enough cores to run all the crapware and still have free processing power for work).

Re:No password WiFi == unsecured

[Klync]

Yes, but if we're going to parse the words that closely, I'll jump in on the side of the OP. Perhaps it's true to say, strictly speaking, that the WAP itself is "unsecured". But if the WAP is unsecured by design (i.e. the design of the *network*), than I'd say it's inaccurate to say that "the network is unsecured".

I leave my AP open to the public on purpose. I have no less fear of an attack on one of the machines hosted on that network through the wireless interface on the router than I do through the WAN interface. The only part of the network that would be "unsecured" due to the AP being open would be a box (ahem, windows) that was connected to it without my knowledge and is listening for connections.

Oh, what? MitM attacks? Puh-lease. Again, the network is no less secure through the open WAP than it is through the WAN interface.

Republicrats

[tepples]

Vote in the November election.

For one Republicrat or the other Republicrat? As I understand it, child pornography and terrorism are not issues whose policies vary between the respective platforms of the two major U.S. parties.

Lobby your congresscritters

How do you propose to outlobby the "for the children" crowd and the Motion Picture Association of America?

Re:Republicrats

How do you propose to outlobby the "for the children" crowd and the Motion Picture Association of America?

One well placed 50 caliber bullet at a time. Draw enough publicity and you won't need to out lobby anybody.

New WAP Default, Please?

[bill_mcgonigle]

Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.

Which is just how all WAP's should come out of the box:

    MyNetwork SSID w/ WPA2 for LAN connectivity - include a couple keychain tags with the default 'AOL-style' password on it
    GuestAccess SSID w/ no 'wire' encryption or local access controls. But with the traffic QoS'ed down to never take any bandwidth from the secure side or any LAN traffic. No outbound port 25, probably. There should be a physical slide switch, clearly marked, to turn this on and off. Perhaps even a captive portal for a ToS valid in the local jurisdiction.
    Secure mechanism for auto-update for security holes as they're discovered.
    Hijack HTTP requests on the secure side with a non-chinglish setup wizard to tell people to add a bookmark for changing their configuration later (mDNS service discovery, where art thou?)

I imagine somebody has already made a DD-WRT or Tomato build like this but that I've just been unable to find it.

The manufacturers have already started to get the color-coded RJ45 ports right.

WiFi? Secure??

[cdrguru]

I thought the present state of the art was that WiFi "security" was impossible - any system, including WPA2, could be hacked in less than an hour. WEP goes down in seconds. WPA in minutes. MAC address filtering is just a DOS - when the hacker uses your MAC address you are blocked because of a duplicate MAC address on the same network.

So why is anyone concerned about security on a WiFi network? How could there possibly be any security at all?

Re:No password WiFi == unsecured

[KingMotley]

You are confusing the network with the machines on the network. A unsecured network simply means you are able to send and receive packets on the network that other devices (if any) on the network can (if they chose to) accept, and/or respond to.

If the WAP in unsecured by design, the network is unsecured (assuming normal things like the WAP actually routes packets to and from the wired network OR to and from other wireless devices OR both).

why open wifi is good

Who dislikes open wifi? When you are travelling, do you curse when you find a connection? No. It is the ISP's (phone, wireless, cable) companies who don't like this. They are losing the potential moneys by allowing multiple customers to use a single connection rather then taxing every individual. So the solution is to scare the wifi owner into shutting off their wireless.

This is not the solution. Instead these owners should be encouraged to properly route the public traffic to the Internet and isolate it from any local network within the home/business.

The government supports business, as taxation is all the rave with them for pulling us out of this econo-slump. If you are worried about: "...risk of being wrongly disconnected from the Internet" because some external user of your network viewed questionable content... then support the tor network. We should all be using the tor/onion network (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29) in order to dissociate the potential consequences of our browsing from the network provider. It is a ridiculous law to reduce your network capabilities because someone MAY transmit questionable material over it.

You don't need to stand for this. Open your network to the world. Encourage your neighbors to do the same. Feel the love when you walk down the street and easily connect from house to house to apartment as they are all open.

We (society) should be looking for ways to efficiently improve the network and reduce barrier to access for all. Why aren't we reprogramming old cell phones to work as network repeaters instead of throwing out potential networking devices? I'm sure there is a good business reason for that too.

Re:WiFi? Secure??

[mikechant]

any system, including WPA2, could be hacked in less than an hour.

Have you got any evidence that WPA2/AES is 'broken'? My understanding is that *as long as you use a sufficiently long passphrase which is not vulnerable to dictionary attack*, WPA2 is literally uncrackable (by brute force or implementation/algorithm weakness) at present.

Security is bad

[h00manist]

Wikileaks are good

What is legal

A new Finnish law protects those who tap into an unsecured WiFi network (as it could easily happen inadvertently). However, it is not clear if offering an unsecured WiFi network (even inadvertently) is legally safe.

What?

[Kludge]

Do you really think someone is going to sit outside his home with a laptop for an extended period of time just to post crap on some forums? Why would a spammer do that if he can just use the botnet from the comfort of his home?
You are paranoid.
I leave my wireless open. No, people who connect cannot access the rest of the machines on my network except through ssh. All my friends and visitors find it convenient, and probably some strangers too, just as I find other peoples' open networks convenient.

Re:What?

[gmack]

War driving is a common technique and I've had at least one customer's WIFI hijacked by a spammer.

And of course there are worse things they can do with your internet connection.

Perfect fix for wireless security failings

[zmaragdus]

Turn the wireless off and plug in some Cat 5. Problem solved.

Upside-down internet

http://www.ex-parrot.com/pete/upside-down-ternet.html

Red Robin (yum)

[tepples]

I've always wondered why they don't print temporary credentials on the receipt.

Sit-down restaurants don't present a receipt until after the meal is over. The person serving you would have to bring out the credentials with the drinks.

Not sure about that.

[jotaeleemeese]

Putting aside the fact that MAC spoofing is childs play (check the man page for ifconfig) all manufacturers of networking equipment have their own blocks of MAC addresses.

So you can try MAC addresses similar to well knwon routers and I suppose you would be in in no time.

Re:Not sure about that.

How many people connect a second router to their router? That each device manufacturer has their own block of MAC addresses and that only certain MAC addresses are valid significantly cuts down the address space to search. But I'd really like to know how hard it would be to brute-force guess a valid MAC address when no devices are connected.

You give them accounts and passwords..

[jotaeleemeese]

Is the leasst you should do ...

WiFi Security Checklist

WiFi Security Checklist http://blog.jdpfu.com/pages/wifi-security has a checklist of 15+ items to secure your WiFi