IP: A hacker's dreamland: wireless networks

[David Farber <dfarber () earthlink net>]

Use a secure tunnel! !!
-----Original Message-----
From: Hal DeVore <haldevore () acm org>
Date: Wed, 27 Mar 2002 08:12:10 
To: Dave Farber <dave () farber net>
Subject:


Dr. F.,  any interest in this topic for IP?  


--Hal

http://zdnet.com.com/2102-1107-869370.html

A hacker's dreamland: wireless networks
By Robert Vamosi
       
AnchorDesk
March 27, 2002, 4:20 AM PT
URL: http://zdnet.com.com/2100-1107-869370.html
            
 COMMENTARY-- Should you be concerned about wireless
 security? Yes, at least according to Chris O'Ferrell, chief
 technology officer of wireless technology company Netsec.

He says you should ask any organization you see using a wireless
network--including your bank, the airports you visit, and even
your tax preparer--if it uses 802.11b and if it employs security
measures.  Why? Because it could be broadcasting your personal
information to anyone equipped with an 802.11 device and sniffing
software such as NetStumbler, both of which are becoming more
common among malicious users.

AROUND THIS TIME of year, the privacy of your tax information
is particularly relevant. You may have noticed that from
January through May, large tax-preparation companies hire extra
accountants who set up temporary offices around town.

Instead of going through the hassle of installing LAN lines,
many companies equip their employees with the latest 802.11b
devices. Then they throw up an access point at the server, and
suddenly all their accountants can tap into the company network
wirelessly.

Unfortunately, the same strip malls where the temporary tax
offices are found are also notorious for script kiddies.  Next
to the fast-food outlets, script kiddies hang out with their own
802.11b cards, looking for vulnerable networks to attack.

O'Ferrell knows this firsthand. He also keeps an eye out
for vulnerable 802.11 networks, and is amazed at how many
he finds. Located in Herndon, Va., Netsec's offices are in
the heart of Spook Valley, where the Pentagon, the CIA, and
information-security companies such as Riptech are located.
While driving through Washington's Dulles International Airport,
O'Ferrell says he can often see baggage-operator networks on his
computer.  So much for increased airport security in our nation's
capital.

MOST NETWORKS O'Ferrell sees could be much more secure. He says
most people don't create a unique Service Set Identifier (SSID)--
an identifier that designates a particular network--and that
only about 25 percent use Wired Equivalent Privacy (WEP), the
security protocol built into the 802.11b standard.  "I see a
lot of default SSIDs," says O'Ferrell, including Tsunami, the
default SSID for Cisco's Aironet Access Point. "And if [tax-prep
companies] are changing their SSIDs, they're changing them to
something obvious like Tax Network 1, Tax Network 2," he adds.



For archives see:
http://www.interesting-people.org/archives/interesting-people/