Favorite line from 'Seven':

"Tap a person on the shoulder and they'll ignore you. Hit them across the head with a sledge hammer and you'll find you have thier undivided attention".

Some people will continue to establish a cranial-rectal interface and continue to ignore it until something bad happens, then they will be running around trying to establish who to blame.

You can't protect people from thier own stupidity.

Hopefully continued release of proof of concept tools and new attack systems will force people to wake up, ever so slowly.

Hopefully in the next few months they'll wake up to the danger of the lack of integrity checking on which access points they connect to :)

We may be lacking in security, but remember the security need only be strong enough to be effective. I think you are applying measures necessary for one area upon networks in another area.

For example, go to Defcon and check your mail in the open and it's Wall of Sheep time for you. There is a need for heightened security. Now go to my house. Right now the doors are unlocked (never been locked in five years), the computer is on, and all my passwords and autocompleted. You can empty my bank accounts and max out my plastic in no time. Am I secure?

I am secure enough for my location. Such security measures for "the big city" are not required. Now I could implement security measures but that does not mean they will ever be challenged, and if they are it does not mean I will not be hacked. Security is always a matter of playing the odds and weighing them against various costs, either financial or in time to gain valid access through various measures.

No doubt every company would like to believe they will never be hacked because everyone around them is a nice guy. And for the most part this is true. As many password that get sniffed at Defcon, I have yet to hear about someone losing their bank account because of it. The Wall of Sheep does not even display full password.

Where I see fault is in security measures that are not. Indeed a false sense of security is worse than no security at all. Just ask anyone who bought a PC with Norton Anti-Virus and never updated it. The company in question may have security holes like Swiss Cheese but if there is no hungry mouse around, is the hole relavant?

The argument that Security through Obscurity is not security is true, but unsecured and inaccessable due to remoteness is simply another form of physical security. Just like once you are inside a bank vault and past all the security you can argue that there is no security. And many banks have oodles of bucks in teller drawers, outside the vault, relying on cameras and doors for its security.

Since companies tend to carry confidential information which is a target such as credit card numbers, I believe they should take security more seriously. This is simply ignorance on their part. And since XP boxes like to happily connect to the nearest access point automatically, you can easly make your point by simply turning on a laptop in their presence.

a wonderful way to put it. (there's a saying that i may appropriate and use in the future, methinks... due credit will be given, of course.)

But experience shows that if the cheese is easy to reach, the mice will come.

Bloody oppourtunist s'kiddies

I know of places like that.. I mentioned it to them and explained the problem with not having wireless secured. Its rather amazing.

I wonder if these people also leave thier homes unlocked all the time?

However I did go out to a customer today who called me specifically for the purpose of securing thier home access point. They became aware of the problem themselves after they notice windows showed thier neighbors networks, and all those AP's had a little lock next to them.

I don't even know where my housekey is.

You better stop being so public with that. I bet there are more than a few raccoons that would love to get their paws on that information...

All my friends are welcome by anytime.

All my enemies don't even want to know where I live.

I think your enemies know how many high powered weapons your likely to have, so your a special case.

They know I have one more than they think I have. :>

Is that an infinite loop?

More like a finite mobius strip.