Slashdot Mirror

← Back to Stories (view on slashdot.org)

Queensland Police to Look For Unsecured WiFi Spots

Posted by samzenpus on from the going-down-under-cover dept.

OzPeter writes "As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: 'The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.' While some people may like having an open WiFi AP its interesting to see that the Police also feel that 'Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'"

10 of 255 comments (clear)

  1. Just incase you want to jump on board. by zippo01 · · Score: 3, Informative

    http://www.wardriving.com/code.php

  2. wifi security by Anonymous Coward · · Score: 0, Informative

    If you don't have a secure WiFi then you may as well turn off the firewall on your network.

  3. Broken security by NoobixCube · · Score: 1, Informative

    Wifi security, including WPA and WPA2, is already broken. It's the equivalent of locking your house up with a six pin tumbler lock. It keeps the honest and the curious out, but it's nothing to someone who really wants in.

    --
    Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
    1. Re:Broken security by SilentChasm · · Score: 4, Informative

      As far as I know WPA/WPA2 isn't broken, only WPS's PIN mode (enter an easy 8 digit number instead of a complicated alphanumeric passphrase). Granted you can still bruteforce the PSK itself instead of the PIN but then you've just got the same problem of weak passwords that many other things do.

    2. Re:Broken security by thegarbz · · Score: 4, Informative

      WPA and WPA2 isn't broken. There's only a configuration problem in WPS (a system designed to bypass having to enter a WPA key, who thought that was a good idea anyway?). Even that isn't broken as such. The effect is that the brute force attack has been simplified to the point where it is achievable to actually perform rather than having to brute force the entire array of usable keys. A simple configuration change that either fixes the problem or better yet limits the number of tries or the rate of tries for connecting using WPS would instantly make it secure again.

      The irony? Older access points which support WPA and WPA2 but don't support WPS are quite secure.
      The double irony? I have never had WPS actually work on my access point even when the PIN is known, so I'm amazed that this is a suitable attack vector in the first place.

  4. Re:what's next by Aryden · · Score: 3, Informative

    Then you're littering.

  5. Re:what's next by Aaron+B+Lingwood · · Score: 1, Informative

    and why is it illegal to leave your car unlocked ?

    It is illegal as it encourages opportunistic crime resulting in more paperwork for the old bill.
    It is quite difficult to type up reports when your fingers are all sticky from doughnut icing.

    --
    [Rent This Space]
  6. Re:It's Basic Infrastructure by hawkinspeter · · Score: 4, Informative

    Use HTTPS Everywhere https://www.eff.org/https-everywhere/> and make sure that any confidential data is over https and then it doesn't matter that the WIFI is un-encrypted.

    --
    You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
  7. Re:It's Basic Infrastructure by VortexCortex · · Score: 1, Informative

    I have an open Wifi setup

    I have a SSL Strip and other ARP Poisoning MITM Attacks. What's your home address?
    Do you ever buy anything online? Would you like any script-kiddie to see AND MANIPULATE everything you do online?

    Here's some advice for you ignorant folk who insist on leaving their WIFI insecure: Turn on WPA. This defeats ARP Poisoning via per client encryption keys. WAIT! Hold your uneducated retorts for just a second: Set the password to "Welcome" and the SSID to "Password is Welcome". You can stencil "Our WIFI password is 'Welcome'." on a sign in the yard if needed, but the SSID broadcast should be more than enough. Get the teenager down the street to configure your network if you don't know how to RTFM and configure the router.

    Take the time to share free WIFI the right way, or not at all.

  8. Re:It's Basic Infrastructure by Stalks · · Score: 4, Informative

    A linux box, iptables experience and a couple of WiFi cards/AP would be ideal, however there is an easier way..

    Your ADSL/Cable router plugged into your ISP offers unprotected WiFi.

    Buy another cable router and plug it into the above router offering protected WiFi behind its own NAT/Firewall.

    Internet <--> ROUTER <--> ROUTER <--> LAN