Sydney Has 10,000 Unsecured Wi-Fi Points

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

How many of those were buinesses.....

[robthebloke]

.. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

Re:How many of those were buinesses.....

[Cimexus]

That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

10,000 points in a city the size of Sydney is hardly that amazing though...

Hell we have a few thousand on campus

[Sycraft-fu]

We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

Re:On the other hand..

[hairyfeet]

With all due respect to Mr Schneier', whom I respect greatly for his knowledge on security, I'd argue he is making a common mistake that could cost him dearly.....he is thinking rationally like a geek and assuming the world will think like him which sadly it rarely if ever does. His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it.

You see he thinks he can simply speak rationally to the cops and they will see their mistake and with a tip of their hat kindly go away. Bullshit. I have a friend in the state crime lab and even in a small state like mine you are looking at as much as a year and a half of backlog sometimes. Guess where you'll be while you wait for your confiscated machines to be scanned? Judges don't like handing out bail for anything like that for fear they'll be seen as soft on perverts.

So while I wish the world truly worked like Mr Schneier thinks it would, and hell maybe he is famous enough it might work that way, for most of us and probably himself as well betting the next couple of years of your life on it is foolish IMHO. This isn't rational times, there is a witchhunt going on where even the mention of that word can have you arrested. Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime. The same with the guy busted for writing his fantasies in his diary which his therapist had suggested. Hell depending where you are a crudely drawn Lisa Simpson cartoon could have you thrown in PMITA prison!

I would argue in such a hysterical climate that simply leaving your door open like that is inviting disaster. Mr Schneier talks about "people parking in front of his house but depending on where his AP is a cantenna could nail it from quite a distance away and he would be none the wiser. That is until he is face down with a gun in his back being held by the nice man with the riot gear on.