Interesting People mailing list archives
IP: A hacker's dreamland: wireless networks
From: David Farber <dfarber () earthlink net>
Date: Wed, 27 Mar 2002 09:17:28 -0500
Use a secure tunnel! !! -----Original Message----- From: Hal DeVore <haldevore () acm org> Date: Wed, 27 Mar 2002 08:12:10 To: Dave Farber <dave () farber net> Subject: Dr. F., any interest in this topic for IP? --Hal http://zdnet.com.com/2102-1107-869370.html A hacker's dreamland: wireless networks By Robert Vamosi AnchorDesk March 27, 2002, 4:20 AM PT URL: http://zdnet.com.com/2100-1107-869370.html COMMENTARY-- Should you be concerned about wireless security? Yes, at least according to Chris O'Ferrell, chief technology officer of wireless technology company Netsec. He says you should ask any organization you see using a wireless network--including your bank, the airports you visit, and even your tax preparer--if it uses 802.11b and if it employs security measures. Why? Because it could be broadcasting your personal information to anyone equipped with an 802.11 device and sniffing software such as NetStumbler, both of which are becoming more common among malicious users. AROUND THIS TIME of year, the privacy of your tax information is particularly relevant. You may have noticed that from January through May, large tax-preparation companies hire extra accountants who set up temporary offices around town. Instead of going through the hassle of installing LAN lines, many companies equip their employees with the latest 802.11b devices. Then they throw up an access point at the server, and suddenly all their accountants can tap into the company network wirelessly. Unfortunately, the same strip malls where the temporary tax offices are found are also notorious for script kiddies. Next to the fast-food outlets, script kiddies hang out with their own 802.11b cards, looking for vulnerable networks to attack. O'Ferrell knows this firsthand. He also keeps an eye out for vulnerable 802.11 networks, and is amazed at how many he finds. Located in Herndon, Va., Netsec's offices are in the heart of Spook Valley, where the Pentagon, the CIA, and information-security companies such as Riptech are located. While driving through Washington's Dulles International Airport, O'Ferrell says he can often see baggage-operator networks on his computer. So much for increased airport security in our nation's capital. MOST NETWORKS O'Ferrell sees could be much more secure. He says most people don't create a unique Service Set Identifier (SSID)-- an identifier that designates a particular network--and that only about 25 percent use Wired Equivalent Privacy (WEP), the security protocol built into the 802.11b standard. "I see a lot of default SSIDs," says O'Ferrell, including Tsunami, the default SSID for Cisco's Aironet Access Point. "And if [tax-prep companies] are changing their SSIDs, they're changing them to something obvious like Tax Network 1, Tax Network 2," he adds. For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: A hacker's dreamland: wireless networks David Farber (Mar 27)