Why You See 'Free Public WiFi' In So Many Places 260
An anonymous reader writes "Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.' Of course, since it's ad hoc (computer to computer) it's not actually access to the internet. So why is this in so many places? Turns out it's due to a bug in Windows XP. Apparently, the way XP works is that if it can't find a 'favorite' WiFi hotspot, it automatically sets up the computer to broadcast itself as an ad hoc network point, using the name of the last connection the computer attempted. So... people see 'Free Public WiFi' and they try to log on. Then their own computer starts broadcasting the same thing, because it can't find a network it knows. And, like a virus, the 'Free Public WiFi' that doesn't work lives on and on and on."
So... (Score:5, Funny)
Ah!
Re: (Score:2)
You forgot the "obligatory" title ;-)
Re: (Score:2, Interesting)
Re: (Score:2)
It's one of those design decisions that make you go "what were they thinking?!?!?!"
Re: (Score:3, Insightful)
You just described Windows in a nutshell ;-)
The next step. (Score:3, Insightful)
Now that this information is public, we're going to start seeing networks called "Free Public Wifi - eatatjoes.com". Good job. Should have just kept quiet about it.
Re:The next step. (Score:4, Funny)
Re: (Score:3, Funny)
Microsoft *tortles again.
*Doing something which is legal, but shouldn't be. Example he tortled with her affections.
Re: (Score:3, Funny)
Yup. It's tortles all the way down.
Re: (Score:2)
Re:So... (Score:5, Funny)
Windows really *is* a virus!
Ah!
No. Viruses are:
-Small
-Free
-Well-written
Heh! (Score:4, Funny)
Re: (Score:2)
Really? I named mine “virus”...
Re: (Score:3, Funny)
Keeps the riff-raff out...
Re: (Score:3, Funny)
Re:Heh! (Score:5, Funny)
That's the SSID for my home wi-fi :-D.
Funny, that's the combination to my luggage...
Re: (Score:2)
Possible attack vector (Score:5, Insightful)
Re: (Score:2)
I always assumed those SSIDs were people phishing. I guess I'm reassured to learn that the world is not that uniformly malicious.
Re:Possible attack vector (Score:5, Funny)
That's like using a scope when you're shooting ducks in a barrel.
Well, no, it's more like using bait.
Your average hipster walks sits down in an urban coffee shop and opens his laptop: the first thing he does is look for a signal from which he can leech access. Free? Public? Sounds like it's free, a virtue of which your average hipster whole-heartedly approves. Public sounds good too: it's like natural or organic or community (as an adjective) or recycled or [x]-friendly or tolerant or sustainable or any other epithet that reinforces his hipsterish sense of righteousness. Naturally, the hipster connects and begins surfing and checking e-mail. MITM gets to read his e-mail and his web reading habits (organic hipster porn).
Un-encrypted ?!? (Score:2)
Naturally, the hipster connects and begins surfing and checking e-mail. MITM gets to read his e-mail and his web reading habits (organic hipster porn).
If they are dumb enough to setup their account whithout encryption, they deserve whatever happens to them.
SSL protected connection is a damn strict minimum when you're on a public network.
End-2-end encryption is a must if you have any confidential information.
Non-encrypted data on a public wifi network, is like shouting with a megaphone in the middle of a busy town center.
Re: (Score:3, Insightful)
If they are dumb enough to setup their account whithout encryption, they deserve whatever happens to them.
No, they don't.
I don't believe that works for TLS. (Score:3, Interesting)
While most people use the term "SSL" to refer to "secure internet" most https connections today use TLS.
TLS uses pseudo random element in the handshake which prevents the MITM scenario you described.
Sadly Google Chrome doesn't support TLS (no friggin idea why) so server will negotitate down to the less secure SSL v2 or SSL v1 standard.
IE 8 or later, Firefox 2.0 or later. and Safari (no idea what version) all support TLS but obviously google thinks security is over-rated.
Re: (Score:3, Informative)
Sadly Google Chrome doesn't support TLS (no friggin idea why) so server will negotitate down to the less secure SSL v2 or SSL v1 standard.
IE 8 or later, Firefox 2.0 or later. and Safari (no idea what version) all support TLS but obviously google thinks security is over-rated.
You are wrong but I can see why you would think that by looking at the Options section in chrome
Per Google employee lan Ian Ian
We explicitly disable SSLv2 (along with MD2 and MD4 certificate signatures). SSL3/TLS1 are enabled by default. It is automatic and hidden. [google.co.nz]
Car analogies (Score:2)
And as not-metaphorical cars at all, Google cars accidentally picked up quite a lot of un-encrypted confidential data, if you remember the recent scandal, so your ass might be right.
BTW: I do wear a helmet when biking.
Re: (Score:3, Funny)
Anyone dumb enough not to know how to do their own brain surgery deservers what they get!
The easy part's getting the brain out. The hard part's getting the brain out!
Re: (Score:3, Informative)
While that is certainly true, if you're trying to mimic a known network, you should probably name it appropriately.
After all, if you go to the trouble of setting up a fake walled garden page, you should name the network similar.
It's actually a very easy attack to run at places like hotels where travelers might be unwary and quite willing to fork over CC info for internet access.
Re: (Score:3, Interesting)
I've got my laptop set up so that anything important (EG: Email, file transfer) is set up with strong encryption. Websites, not so much, though I do have a squid proxy server so if it matters, it's a single command and three clicks to secure my web browsing. [calomel.org]
Poisoned DNS. . . (Score:2)
The GP is correct - the only real way to 'secure' a public internet connection like a WiFi hotspot is with a VPN that also secures your DNS traffic so that all name lookups are served from a 'trusted' DNS Server. (This doesn't apply so much to SSH/SFTP, where you have, presumably, already cached the fingerprint of the server's Public Key, so if you get back the wrong key, you know someone's trying to attack you, and the client will warn you).
It all depends on how paranoid you are - generally, SSL Certs are
Re: (Score:2)
I remember reading somewhere (might've been a story Slashdot covered), about someone successfully getting an SSL Cert signed by a registrar somewhere in the world, that they shouldn't have had, which allowed them to impersonate some site.
I think it was here [slashdot.org].
Re: (Score:3, Interesting)
It all depends on how much they want to invest in their attacks. I can see easy ways of doing it that wouldn't require breaking SSL traffic at all. First, look up a wifi pineapple [lmgtfy.com]. If you notice, they are using a regular wifi router with a hacked firmware stuffed into a se
Re: (Score:2)
Well, that's a sort-of VPN. My point is that you use encryption to a server that you connect via IP address instead of DNS, to secure your DNS lookups. With SSH+SOCKS, you should be able to encrypt most of your traffic (web, ftp, remote X-sessions, etc), so that's basically, kinda a VPN.
Re: (Score:2)
Why three clicks? Click 1 on the icon in my application bar that runs a bash script to create an ssh tunnel from 3128 on the proxy server to 8080 on localhost. Click 2 to toggle proxy switchy in chrome (or any of the several equivalents in firefox) from unproxied to localhost:8080. Done. Encrypted connection to your proxy server machine for all subsequent surfing.
The bash script, for the curious, is:
#!/bin/bash
PRPORT="8080:"
if [[ `ps axO command | grep $PRPORT | grep -v grep | awk '{print $1}'` ]]
then
Re: (Score:2)
You're worried about security, but you use Chrome? Do you know it sends every web address you type in to Google, as you type it?
Dupe (Score:2, Informative)
http://hardware.slashdot.org/article.pl?sid=07/01/26/1420202 [slashdot.org], among others.
Re: (Score:3, Interesting)
Slashdot is starting to become a news aggregator. I knew about this bug since 2003 and evey few years someone digs it out, either blaming it on a bad configuration or a virus attack. Hell its not even a bug if you have your WiFi properly set up to never connect to ad-hoc networks.
To be honest, this is the first time I have read the true reason and not try the whole "the internet is dangerous and full of viruses" reason. Its hard to even classify it as a bug as it would make it convenient to auto connect
Re: (Score:2, Offtopic)
Re: (Score:3, Informative)
Re: (Score:2)
Add to that the referenced article was posted in 2007. Anything older than a year is probably out of the collective consciousness and the new article while being a dupe would probably news all over again :)
Old news (Score:5, Informative)
Damnit.. (Score:3, Funny)
"They Still Use Windows XP?!" (Score:3, Funny)
Re:"They Still Use Windows XP?!" (Score:4, Funny)
Sure, why should today be any different than any other day in my life...
*sighs*
Re: (Score:3, Insightful)
+1 Depressing
Re: (Score:2)
Re:"They Still Use Windows XP?!" (Score:4, Funny)
7 did absolutely nothing I needed that XP didn't, and had plenty of quirks that drove me crazy.
Nothing?! They made the digital camera interface usable, and someone finally added a “crop” function to Paint...
Re: (Score:2)
My digital camera has a USB interface and appears like a USB disk, which works under just about any OS. The one that doesn't uses a CF card that can be mounted on just about any OS, including XP.
What is this "Paint" thing you refer to? Is it like The GIMP or ImageMagick, just less useful?
Windows 7 is bloatware that doesn't run a lot of the software I already own. I either have to buy updates t
New PCs come with Windows 7 (Score:2)
What is this "Paint" thing you refer to? Is it like The GIMP or ImageMagick, just less useful?
ED's article [encycloped...matica.com] claims that the program has become somewhat more useful in Windows 7.
Windows 7 is bloatware that doesn't run a lot of the software I already own. I either have to buy updates to everything I run now (if it is still available) or stay with XP. Hmmm...
If you buy a new PC with a new warranty, and it isn't from Apple, System76, or some other specialty vendor, it will come with Windows 7. To use non-game apps that require Windows XP and don't work with Program Compatibility Wizard [microsoft.com], you can Anytime Upgrade to Windows 7 Professional and then install XP Mode [microsoft.com].
Re: (Score:2)
Dell has plenty of models without Windows. All the -N varieties come with FreeDOS[*], and most of the workstation models can be bought with Red Hat Enterprise.
[*]: If I understand this correctly, Microsoft can't punish Dell for selling computers with competitors operating systems on them, but can punish them if they sell computers without an OS. So FreeDOS it is.
Re: (Score:2)
I think you've missed a step somewhere then. I've had success getting 16-bit software, scanners and USB to Ethernet adaptors (that didn't work on Windows 7) working in an XP Mode VM under Windows 7 x64. From what little I recall though, it was a pain in the ass and not straightforward at all. But it
Re: (Score:2)
Seth
Re: (Score:2)
the dos window still won't let you highlight-copy text without a visit to the top-left dropdown menu and over to the sub-menu two times.
I right clicked in a command prompt window in Windows 7 and got the context sensitive menu with Mark/Copy/Paste at the top of the list. It only doesn't appear when a DOS program is using the mouse itself. You can try this by running edit.com and see the context menu disappear.
NT 4.0 used to begin highlighting as soon as the left mouse button was pressed, and it was a real pain when you clicked on the window to give it focus.
Re: (Score:2)
You can also select the image (Ctrl-A), drag the upper-left corner into place to crop off the top/left, affix the floating selection (Esc), and then drag the lower-left corner to trim off the bottom/right.
Re:"They Still Use Windows XP?!" (Score:5, Insightful)
I actually downgraded from 7 last year after determining that 7 did absolutely nothing I needed that XP didn't,
Except, not having this bug....for one.
Re: (Score:2)
Re: (Score:2)
That's not the complaint put forth by people claiming it's annoying. Those people find having to enter in their administrator password even more annoying. Your average non-technical user isn't security conscious at all, they see any attempt to make a process requiring user interaction more secure through the addition of credential check barriers as mere annoyances, no matter the benefits. If Microsoft went with the password check it would have actually resulted in more bad press for them than what they got
Re: (Score:2)
Yep, noticed this long ago. (Score:3, Interesting)
I have no idea why, but someone must have tried to connect to it. Now, almost a year after leaving that school, people still tell me that the 'ghost' of my laptop broadcasting can still be seen.
There are 2 ad-hoc networks out there that are 'ghosts' now, the first is my nickname (yeah, bad choice for a perpetuating network, I know) and the second is named after the university network, which is accessible on clear days.
Sounds like something that could be exploited... (Score:2)
Sounds like something that could be exploited...
I don't see it very often... (Score:5, Informative)
Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.'
Doesn't match my experience. I have done a fair bit of flying lately - and always needing at least one connection each time because my closest airport sucks - and haven't seen it at the airports I've been to. I have checked for WiFi at coffee shops and restaurants and haven't seen that SSID there either. Lately I have been connecting through some of the busiest airports in the country (O'Hare and Newark Liberty in particular) and haven't seen this.
In fact, I can't think of the last time I did see it. I often use my blackberry to access open WiFi spots, and I don't have a record of a network that I have connected to called 'Free Public WiFi'.
Re: (Score:3, Insightful)
Yea I was like wtf. You really don't see a lot of these, maybe 1 or 2 at certain airports but it's hardly newsworthy.
Re:I don't see it very often... (Score:5, Insightful)
I can remember seeing it a few times... like 2 years ago. Sort of like this story...
Re: (Score:2)
LoB
Re: (Score:2)
I saw it just over a week ago in PHL on my iPod touch. There's also one hiding somewhere near the State Street T station in Boston.
Re:I don't see it very often... (Score:5, Informative)
Re: (Score:2)
YMMV ...
I see it every time I go through Kansas City (MCI) and Denver which is twice a month right now.
Re: (Score:2)
Re: (Score:2)
>I have done a fair bit of flying lately - and always needing at least one connection each time because my closest airport sucks - and haven't seen it at the airports I've been to.
If we're comparing anecdotes, I once saw it on a plane during the flight. I pretty much see it anytime I use my laptop or phone in a business setting too. Assuming Vista/7 doesn't do this, then I'm sure its going to become increasingly rare.
Re: (Score:2)
I see it all over New York City, FWIW. I even see it on the Subway sometimes, but certainly, just walking around, especially office areas, I see it all the time.
Re: (Score:2)
The last three offices I worked in all had non-working "Free public WiFi". I guess I was perpetuating it as well since I tried to connect to it with my work laptop :)
Re: (Score:2)
I see it at LAX every time I go there - about 4 or 5 times in the last 12 months. And on Amtrak between LA and San Diego pretty much every week. Maybe it's a Southern California Stupid thing?
Re: (Score:2)
I often use my blackberry to access open WiFi spots, and I don't have a record of a network that I have connected to called 'Free Public WiFi'.
Err, OS 5 certainly doesn't support ad hoc connections (I doubt OS 6 does either) so possibly your observation is being colored by your blackberry helpfully filtering those SSID's out.
Depending on the configuration of the tool you're using on your laptop, it very likely is doing the same thing to protect a less experienced user from connecting to a useless ad hoc network themselves.
I still see it reasonably often at the airport (OAK or SFO), sometimes in other fairly random locations, though it seems less n
Re:I don't see it very often... (Score:4, Informative)
Well, and this is from my logs, I've seen 'Free Public Wifi' in ad-hoc mode:
2009-03-29 LHR
2009-03-29 LAX
2009-04-03 LAX
2009-04-05 DTW
2009-04-06 LHR
2009-04-06 LGW
2009-04-12 LGW
2009-04-18 LHR
2009-04-18 LAX
2009-04-29 DFW
And that's just over the course of one month.
Looking at another random month:
2010-01-04 LGW
2010-01-04 LHR
2010-01-06 BKK
2010-01-06 SYD
2010-01-06 BNE
2010-01-14 BNE
2010-01-14 LHR
2010-01-18 LHR
2010-01-18 LAX
I'd pretty much say this exactly confirms what the article spells out. (For the record, I was a Consultant, getting drunk in airplanes was my job).
Re: (Score:2)
Re: (Score:2)
Not an airport, but I see it right now at a downtown San Francisco Starbucks. I probably see it around 50% of the time that I'm in a downtown coffee shop.
Your machine would have to be years out of date (Score:5, Informative)
to be affected. This was fixed in XP SP3. Love lines like "When a computer running an older version of XP ...." without further explanation. Haters gonna hate!
Nothing to see here. (Score:2)
This is a really bad case of FUD. And it's just as bad when someone other than MS does it.
Slashdot reading Hack A Day? (Score:2, Offtopic)
It 'seems lately that lots of HAD articles are popping up automatically on slashdot. If you watch the RSS feeds out there of the tech sites you can watch the wave of stories copy from site to site.. It used to be that slashdot had them first or did not cover what was already copied all over the place...
Has slashdot ran out of good submissions and is not simply posting what pops up out of other sites RSS feeds?
Re:Slashdot reading Hack A Day? (Score:5, Funny)
Seen at a University (Score:2)
IPVFore! (Score:4, Funny)
I was once called out for an emergency network repair at a local country club. A company had hired out the banquet room for a large business meeting, and could not get the wireless to work. When I arrived on site, I found that everyone in the room was connected to Free Public Wifi, being broadcast by one of the company owners' laptops. Turned out, the golf course did not have a wireless access point at all.
Hidden Message in the SSID. (Score:2, Informative)
Well ... why not make ad-hoc happen? (Score:2)
With all the overlapping WiFi routers, computers, phones, etc. out there, why not set all up for a mundane ad-hoc network? In time, could overtake wired networks; the consequences could be useful, fascinating, and perhaps staggering...
Re:I see this alot (Score:4, Funny)
Oh wow! Is it a big alot? Or a furry one? Is it friendly? I hear alots can be dangerous.
http://hyperboleandahalf.blogspot.com/2010/04/alot-is-better-than-you-at-everything.html
Re:I see this alot (Score:4, Funny)
Re: (Score:2)
Huh? Wouldn't an alot be larger than an aswell?
Re:I see this alot (Score:5, Informative)
I researched this myself, and it ended up that there were a bunch of better ways to implement it, but HP flat out didn't care.
Re: (Score:2, Insightful)
What better way is there to implement a wireless connection when the user doesn't have any wireless networking equipment other than their computer?
Re: (Score:2)
Re: (Score:3, Insightful)
So 'the user buying something' is a better solution than the printer software supporting ad-hoc networks?
We disagree.
Re: (Score:2)
Yes, because that ad-hoc network is pretty damned easy to hijack.
Physical security or GTFO.
Re:I see this alot (Score:5, Interesting)
Actually, it is pretty easy to hijack about any wireless network using WPA. WPA2 is only a tad bit more harder and both are easier then wep until you get into some business class security. Basically, all you need to do is flood the connection to force a reconnect between the devices then run a script or program on those packets.
It's actually a little more difficult then that, but once you find the right programs and the right hardware to work with them, it's not much more difficult then that. And the most difficult parts are already taken care of and reusable for the most part.
I have a laptop set up specifically to do this. Whenever I have a customer claim their rocket scientist nephew, or son, or the neibor's- dog's- sister's- aunt's cousin, or the time warner cable guy swears that wireless is safe and I don't know what I'm talking about, I simply tell them to go ahead and install it, then show up to ask how it's going with the wireless and show them that I'm already on the network. Sometimes I have to wait outside for about a half hour before I get it cracked, but I haven't ran into one wireless network yet that took longer then 2 hours to crack into. And yes, all the software needed is pretty much free and available on the interweb waiting to be downloaded and used. There is a pretty steep learning curve though but it's not that hard and there are a lot if tutorials out there. This is especially easy when the time warner guy and most outside techs try to use a phone number for the key phrase. Often, if you have a list of phone numbers to a building with wireless, going through those will get you a working key without needing all the monitoring and cracking software. Start with the Fax numbers as they are often tied to the DSL or the Cable Internet Phone which makes it easy for the technicians to find if they have to service it again.
Anyways, once you are on the network, it's pretty trivial to send command to any windows box to do things that give you more control. Especially if they have the power shell installed. Most firewalls don't screen addresses on the network as it seems to be universally trusted in most environments.
Re: (Score:3, Insightful)
First, I'm not really an authority on this as all I have done is used other people's tools and scripts and read their how-to's and so on. You can call me a script kiddie if you want. You will find a lot of reviews, including videos of people cracking WPA2=AES on the internet. Some of their methods work, some do not- don't get bogged down by the hirer ranked ones as I typically can't get them to work. My understanding is that AES is built into the WPA2 standards by default and your using it regardless. Howe
Re: (Score:2)
How about the printer software becomes it's own router that can be programmed into an ad-hoc network with all of it being turned off until it's actually turned on because it's needed or wanted? All you would have to do is install a program that listens for a key when you press a button on the printer. This software can either load that key into the wireless card or broadcast the correct key to the printer if a network is already set up.
You know, do it similar to how the linksys and netgear and dlink auto co
Re: (Score:2)
It doesn't need to be a complete or powerful router. And as far as I know, the only difference between a router and ad-hoc network support would be the software.
But alas, you are probably right, the costs would increase as they would view it as a feature or something even though there would probably only be another 200 lines of code or something.
Re: (Score:2)
So 'the user buying something' is a better solution than the printer software supporting ad-hoc networks?
Well, you're obviously not a businessman. ;-)
If you were, it would be obvious to you that "the user buying something" is always better than "the user just using their equipment and not buying any tie-in products".
Once you understand this, you understand a lot of how marketing works. But a lot of people never understand it. In the business world, they're known as "failures".
Re: (Score:2, Interesting)
Nah, good businessmen realize that people want cars that work with all the gas, not just the fucking branded gas, and that people will buy more of the cars if they don't have to track down the branded gas.
The assholes that think selling branded gas is awesome are just assholes who like branded gas.
We are the knights who say ni (Score:2)
Ni!
Re: (Score:3, Informative)
zeroconf and those "Quick Connect" buttons that routers and Windows have these days, for two.
Re: (Score:2)
One node MIGHT have access to the internet and MIGHT actually be willing to forward traffic, but it need not be the case. The point of an ad-hoc network is that no AP is needed.
Of course, though a managed network GENERALLY has access to the net through the AP, that is not 100% the case. It could have it's wan port unplugged, it could be firewalled off, or it could be someone's laptop that the user forgot to disable the AP functionality when they disconnected from the net.