I used to leave mine unencrypted, and change the name occasionally, calling it "BankOfAmerica", "FirstBankOf[mycity]", "FBI", "NSA", "CovertOps4", etc. I was very disappointed that I didn't have people trying to do nefarious things.

    Now I just call it "unreachable", and encrypted, which seems to have the same result. Ok, that's a lie, but I'm not going to post my real SSID here. :)

    I really appreciate all the folks with the Verizon DSL/FiOS routers with the 5 character SSID's, since those are easily crackable. They're nicer than the unencrypted ones, since I'm not competing with other users for the line. :)

    My last drive got over 2,000 in about 20 miles. Most were totally boring, and like 25% were unencrypted.

Huh? There's nothing illegal about logging the names of Wifi networks. Or at least there shouldn't be, as that would be completely crazy.

It's aking to noting the names people display publicly next to their doorbells, just easier to do. He didn't connect to any of the networks, just log their names. Nothing wrong with that.

The IP address of the server belongs to Spin Internet Services, an Australian ISP, and the reverse lookup has a ".dyn." name component, suggesting a dynamic assignment. Professional web hosting, even shared hosting, should not go down that fast. He's probably hosting his web page at home.

My FIOS wireless router came w/ 64 bit WEP enabled and a little brochure that claimed that cracking wireless networks was "just in theory" and that 64 bit WEP was in "as secure as a wired network".

Besides the fact that assuming someone such as yourself uses WPA/WPA2 PSK, the SSID is seeded with the hash and by using the default one, you leave yourself open to the likes of rainbow table attacks - http://www.renderlab.net/projects/WPA-tables/

Hiding the SSID decreases your security. When the access point broadcasts the SSID, the clients passively listen for it when they're not in range. When the SSID is hidden, clients broadcast the SSID in search of the wireless LAN wherever they are. This tells attackers about your laptop. There's even a ready-made attack tool for this: the "JaSager" (an implementation of "Karma") will listen for the probe requests and pretend to be your access point. If your WLAN is encrypted, you won't fall into that trap, but anyone who uses MAC address filters and hidden SSID as the only access control mechanisms is instantly MITMd. Even if you can avoid fake access points, your laptop still leaks your SSID and any information that may give (your name? your address? an obscenity?). Don't turn off SSID broadcasts.

This is the tram! It doesn't take a different route every day. Just repeat the scan for a few weeks, you'll slowly fill in the gaps.

"as secure as a wired network"

Considering that you can tap wired network just by cutting a cable and connecting it through a hub - your brochure was quite correct.

Why do people post their own stuff here, knowing that their site will crash and burn within seconds? Both of the links are dead. Both!

Free load testing. Seriously you would pay someone to do that ;)

That would be ( =(O)= )

It's like yelling.

<-o-> TIE Interceptor
<-oo-> TIE Bomber
[-o-] Darth Vader's Prototype TIE Fighter (TIE Advanced)

http://artifacts.glitch.tl.nyud.net/access_points.txt [nyud.net]

Except picking up the SSID that is being openly broadcast is not even remotely similar to pinging that same router.

I can't believe it. I extracted the text file from mercurial and put it on disk as a plain text file. I submitted this article before I went out to my son's birthday party. When I got back I wondered why nothing was working.

Once the smoke clears from my office I will go through the logs and try to work out whether it was the single, short plain text file or the link to the source code which did the damage.

Not everywhere. In many European jurisdictions at least it is not at all obvious that publishing a list made of publicly available information is legal. In particular, if it is considered "personal information" about people, creating a new compilation of it falls under various personal data protection laws - even if every individual piece of information in there is publicly available somewhere.

I don't know of any place that'd considered AP SIDs to be personal information in that sense, though - but it wouldn't surprise me either.

Getting the use of their TLD must have been part of the deal for the army going in to rescue them from Indonesia. Along with the oil of course.

The .tl domain names are cheap and convenient for me.

I live in Clarence street in East Brunswick and I get on at Blythe street. Because its at the end of the line I always get a seat. Going the other way I get on at the WTC in Clarendon street and even if the tram is full at that point it half empties at southern cross station. Going to work I normally sit at the northern end of the tram with an eeepc 701 on my lap. Feel free to say hello if you recognise me. I usually get on at 0730 and ~1745 or so.

How about evil people sitting at airports with laptops, setting up ad-hoc networks and trying to steal credit card numbers from unsuspecting travellers? Wasn't that actually on Slashdot a few months back?

Rule of thumb: Don't log onto ad hoc networks unless you know who's running them...

Ok, that's a lie, but I'm not going to post my real SSID here. :)

Why not? Knowing your SSID doesn't help anybody guess your paraphrase.

BTW, who's your favorite porn star?

When the SSID is hidden, clients broadcast the SSID in search of the wireless LAN wherever they are. This tells attackers about your laptop.

Many people's laptops do this regardless of the setting on the access point. This is the default in XP. You have to make sure the "Connect even if the network is not broadcasting" box is unchecked to turn off client broadcasting. In Vista and I believe W7 this is off by default.