Security in using wireless connections

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Hi,

I just got a laptop with wireless and have found that there are a lot of
wireless routers out there. I often pick up 3 or 4 signals.

Often these don't ask for any key (WEP??), and I can use them..

I've been a bit coy about doing this, as I'm not confident that there is no
security risk for me.. (Its probably not considered polite either)

Any thoughts on this..

Cheers

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Sun, 8 Aug 2004 19:47:24 -0700, "less sexy" <less@sexy.com> wrote:

>I just got a laptop with wireless and have found that there are a lot of
>wireless routers out there. I often pick up 3 or 4 signals.
>
>Often these don't ask for any key (WEP??), and I can use them..
>
>I've been a bit coy about doing this, as I'm not confident that there is no
>security risk for me.. (Its probably not considered polite either)

About 3 weeks ago, one of my customers dragged in his laptop and asked
me to disinfect it from a variety of viruses, worms, spyware, and
trojans. It took most of 4 hours to clean it out completely. I found
this incident rather strange as he was running Norton AntiVirus 2004
which should have stopped at least some of these. Nope, this
"downloader" first disabled Norton, and then downloaded all its
friends.

I spent a while interrogating the customer trying to determine the
source of the infection. Eventually, I got him to confess that he'd
been out of town and decided to experiment with open access points
from his hotel window, rather than pay the hotel for the service. Of
course, he picked an unencrypted access point, that was apparently
setup to deploy viruses, worms, etc. I still don't know exactly how
it defeated NAV 2004, but at least the source was obvious.

Have fun but make sure your defenses are working.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

 

[Joe]

Archived from groups: alt.internet.wireless (More info?)

> I just got a laptop with wireless and have found that there are a lot of
> wireless routers out there. I often pick up 3 or 4 signals.
>
> Often these don't ask for any key (WEP??), and I can use them..
>
> I've been a bit coy about doing this, as I'm not confident that there is
no
> security risk for me.. (Its probably not considered polite either)
>

The security risk is as great for you as for them - just as you can see
their network, they can see your computer. Granted, folder permissions
should provide SOME degree of safety. Albeit, not to a hacker.

But in reality, MANY MANY folks (especially in urban areas - I'm in Seattle)
just let their home network stay 'open' and freely allow access to anyone
with a WiFi. I have often logged into many networks in Pioneer Square
in downtown Seattle and checked my email with my Dell PDA. I think
it's just a friendly thing in some cases, lack of knowledge in others, and
a number of folks who just don't worry much about security - who's going
to take the time to hack My Documents just to see my porn collection?
Even if they decrypt the packets, so what - they will have my junk mail
account on Hotmail. But NEVER do your banking on a 'free network'!!

Of course, the first time someone deletes Kernel.dll or some such and
wipes out the host, they'll likely not be so freely giving of their network.

In summary - if you can get an IP address, go ahead and surf. If they're
concerned about such use, they'd have set up WEP or at least disabled
the server name from outside WiFi users.

JOE

 

[gary]

Archived from groups: alt.internet.wireless (More info?)

Many, if not most, of those open nets are not open by choice, but because
the owner simply doesn't know any better. Yes, there are also people who
intentionally leave their home nets open. But you have no way to tell the
difference, so every time you use such a net you should know that there's a
good chance the owner doesn't know you're there.

Just to clarify things further. Home ISP services typically do not allow the
subscriber to make the service available to the world. Some ISP usage
agreements even require the subscriber to take reasonable precautions to
secure the net. Bottom line is, even those people who intentionally leave
their nets open don't have the right to make their ISP service available to
the world, and you may be involved in theft of service if you use these
nets.

You will almost certainly not be caught, so ethics (not politeness, ethics)
is really the only reason to leave these nets be.

"less sexy" <less@sexy.com> wrote in message
news:Rp6dnQCVebHGJIvcRVn-qg@comcast.com...
>
> Hi,
>
> I just got a laptop with wireless and have found that there are a lot of
> wireless routers out there. I often pick up 3 or 4 signals.
>
> Often these don't ask for any key (WEP??), and I can use them..
>
> I've been a bit coy about doing this, as I'm not confident that there is
no
> security risk for me.. (Its probably not considered polite either)
>
> Any thoughts on this..
>
> Cheers
>
>

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

less sexy wrote:

>
> Hi,
>
> I just got a laptop with wireless and have found that there are a lot of
> wireless routers out there. I often pick up 3 or 4 signals.
>
> Often these don't ask for any key (WEP??), and I can use them..
>
> I've been a bit coy about doing this, as I'm not confident that there is
> no
> security risk for me.. (Its probably not considered polite either)
>
> Any thoughts on this..

You have every right to be cautious regarding open WiFi networks - I
discovered one close enough that my adapter picked it up and I didn't think
I'd be able to - nevertheless, it's a good idea to lock down your machine -
install a firewall that won't allow other machines on the same LAN segment
to infiltrate yours. I use Linux and take care of my machines, but you
really should be careful - if the network is open, it's the owner's fault -
if your machine is open, it's your fault.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBGFs8IoX3lp1hLWgRApPgAJ9r0o490TuDhCOIQzS1S8aTlm50GwCdFiWf
wo0eT/UIk4Z4rcWTakY4rv8=
=A04V
-----END PGP SIGNATURE-----