Announcement

Collapse
No announcement yet.

social/technology commentary RE: open access points

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • social/technology commentary RE: open access points

    some may recall a thread i started a little while back discussing the ethics of sniffing around an open corporate access point in the hopes of identifying the company in order to alert them of their error.

    just something i thought was interesting in that pathetic sort of way... the company for whom i was consulting on the day that i first discovered the horridly secured network... i'm back there today.

    and the totally open access point behind which sit various WinNT boxes with default IIS running... yeah, that's all still the same. i presented that office (anonymously) with a detailed description of their problem and an explanation of how vulnerably their balls were flapping in the wind. how in the it hasn't been addressed in the least is beyond me.

    still, i thought that mentioning it might be a wake-up reminder to those of us who get mired in the technical details of Wi-Fi and other types of security. the whole state of the industry and of how wireless is handled will depend both on our community's ability to pioneer better security and the public's ability to implement it. as a society, we're still badly lacking on the latter front. not that this is a huge surprise to anyone, but it's healthy to acknowledge once in a while.
    Last edited by Deviant Ollam; October 5, 2005, 18:27.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

  • #2
    Favorite line from 'Seven':

    "Tap a person on the shoulder and they'll ignore you. Hit them across the head with a sledge hammer and you'll find you have thier undivided attention".

    Some people will continue to establish a cranial-rectal interface and continue to ignore it until something bad happens, then they will be running around trying to establish who to blame.

    You can't protect people from thier own stupidity.

    Hopefully continued release of proof of concept tools and new attack systems will force people to wake up, ever so slowly.

    Hopefully in the next few months they'll wake up to the danger of the lack of integrity checking on which access points they connect to :)
    Never drink anything larger than your head!





    Comment


    • #3
      We may be lacking in security, but remember the security need only be strong enough to be effective. I think you are applying measures necessary for one area upon networks in another area.

      For example, go to Defcon and check your mail in the open and it's Wall of Sheep time for you. There is a need for heightened security. Now go to my house. Right now the doors are unlocked (never been locked in five years), the computer is on, and all my passwords and autocompleted. You can empty my bank accounts and max out my plastic in no time. Am I secure?

      I am secure enough for my location. Such security measures for "the big city" are not required. Now I could implement security measures but that does not mean they will ever be challenged, and if they are it does not mean I will not be hacked. Security is always a matter of playing the odds and weighing them against various costs, either financial or in time to gain valid access through various measures.

      No doubt every company would like to believe they will never be hacked because everyone around them is a nice guy. And for the most part this is true. As many password that get sniffed at Defcon, I have yet to hear about someone losing their bank account because of it. The Wall of Sheep does not even display full password.

      Where I see fault is in security measures that are not. Indeed a false sense of security is worse than no security at all. Just ask anyone who bought a PC with Norton Anti-Virus and never updated it. The company in question may have security holes like Swiss Cheese but if there is no hungry mouse around, is the hole relavant?

      The argument that Security through Obscurity is not security is true, but unsecured and inaccessable due to remoteness is simply another form of physical security. Just like once you are inside a bank vault and past all the security you can argue that there is no security. And many banks have oodles of bucks in teller drawers, outside the vault, relying on cameras and doors for its security.

      Since companies tend to carry confidential information which is a target such as credit card numbers, I believe they should take security more seriously. This is simply ignorance on their part. And since XP boxes like to happily connect to the nearest access point automatically, you can easly make your point by simply turning on a laptop in their presence.

      Comment


      • #4
        Originally posted by astcell
        The company in question may have security holes like Swiss Cheese but if there is no hungry mouse around, is the hole relavant?
        a wonderful way to put it. (there's a saying that i may appropriate and use in the future, methinks... due credit will be given, of course.)
        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
        - Trent Reznor

        Comment


        • #5
          Originally posted by Deviant Ollam
          a wonderful way to put it. (there's a saying that i may appropriate and use in the future, methinks... due credit will be given, of course.)
          But experience shows that if the cheese is easy to reach, the mice will come.

          Bloody oppourtunist s'kiddies
          Never drink anything larger than your head!





          Comment


          • #6
            I know of places like that.. I mentioned it to them and explained the problem with not having wireless secured. Its rather amazing.

            I wonder if these people also leave thier homes unlocked all the time?

            However I did go out to a customer today who called me specifically for the purpose of securing thier home access point. They became aware of the problem themselves after they notice windows showed thier neighbors networks, and all those AP's had a little lock next to them.

            Comment


            • #7
              Originally posted by [Syntax]
              I wonder if these people also leave thier homes unlocked all the time?
              I don't even know where my housekey is.

              Comment


              • #8
                Originally posted by astcell
                I don't even know where my housekey is.
                You better stop being so public with that. I bet there are more than a few raccoons that would love to get their paws on that information...

                Comment


                • #9
                  All my friends are welcome by anytime.

                  All my enemies don't even want to know where I live.

                  Comment


                  • #10
                    Originally posted by astcell
                    All my friends are welcome by anytime.

                    All my enemies don't even want to know where I live.

                    I think your enemies know how many high powered weapons your likely to have, so your a special case.
                    Never drink anything larger than your head!





                    Comment


                    • #11
                      Originally posted by renderman
                      I think your enemies know how many high powered weapons your likely to have, so your a special case.
                      They know I have one more than they think I have. :>

                      Comment


                      • #12
                        Originally posted by astcell
                        They know I have one more than they think I have. :>
                        Is that an infinite loop?

                        Comment


                        • #13
                          Originally posted by [Syntax]
                          Is that an infinite loop?
                          More like a finite mobius strip.

                          Comment

                          Working...
                          X