Sydney Has 10,000 Unsecured Wi-Fi Points

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

Ah!

[crow_t_robot]

No wonder they implemented a filter!

On the other hand..

[cc1984_]

Maybe they all 10,000 residents read Bruce Schneier's blog:

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html [schneier.com]

Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night :)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Lumpy]

What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

Re:

[VolciMaster]

What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

Yeah, it is cool - if you're educated on what you are doing. But for those who are not, why is anyone surprised they are running wide open?

Re:

[quenda]

In other news, 100,000 Sydney homes have unlocked water taps (faucets to Yanks) on their unfenced front lawns.
Shops and offices have unsecured water outlets openly visible in the car-parks and verges.
Anyone passing by could help themselves to free water! Oh the horror.

Re:

[Lumpy]

That is intentional. NO you cant use HTTPS. if you need that then go elsewhere.

Most Certianly you aren't as good of a troll as you'd like to believe.

Re:

[belg4mit]

He's no more a troll than you are being helpful...
Let people post to random forums, but they cannot check their gmail,
Woohoo!

Re:

[PopeRatzo]

Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime.

The fantasy that secured Wi-Fi spots are somehow "secure" is more dangerous than the possibility that your neighbor is looking a child porn via your access point.

By accepting that all Wi-Fi routers should be secure so nobody can use our access points to look at child porn, we're accepting the responsibility to always be a step ahead of motivated hackers and motivated perverts.

Open up the W

Re:

[Jane Q. Public]

Mod parent up. These people are doing nothing more than trying to convince us to voluntarily give up our freedoms, by trying to make us live in fear. It won't work.

Re:

[GameboyRMH]

Excellent points. This XKCD is relevant:

http://xkcd.com/651/ [xkcd.com]

Re:

[steve_bryan]

If "His biggest risk is if someone uses his connection to look at child porn", then his (Schneier's) position is entirely correct. What is it about this hysterical obsession with "child porn"? Are they lurking everywhere like the commies? Do we really have to pass laws criminalizing people who have incorrect thoughts? I strongly support criminalizing adults who take advantage of minors but it is always wrong to have thought crimes. Allowing thought crimes as a category allows people who really have evil int

Re:

[Alex Belits]

Hey look, hairyfeet is spreading lies and paranoia.

Re:

[Jane Q. Public]

"His biggest risk... the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it."

Apparently you don't keep up with the news. More and more, the courts have been ruling that an IP address does not constitute probable cause to search an individual, or in a recent case a particular home. The judge ruled that it only pointed to a neighborhood, no more. He acknowledged that it could have been anybody, including someone simply driving past in their car.

Poliice departments have been chastised over this, and increasingly, not decreasingly, so.

My wifi is accessible to at least 20 different

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Jane Q. Public]

Didn't bother to actually READ *MY* post before responding huh?

In the US, courts have been increasingly ruling that an IP address is not probable cause.

So there will be no seizure in the first place, and therefore no backlog, and therefore no wait to get your computer back, because it will not have been taken in the first place!

There. Fixed that for you.

Re:

[phantomfive]

His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it.

Do you realize that by worrying about this, you are worse than the people who are worried about terrorist attacks in the US? That your odds of this happening are so extremely low, that by worrying about it and not worrying about getting killed by people throwing rocks on the freeway, you are being irrational? Because your chance of the latter is more likely.

Re:

[Joce640k]

Around there's a whole bunch of open routers that serve up adverts on every web page if you connect via them.

Re:

[Riceballsan]

It is a game of probability, lets say securing your wifi point decreases your odds of someone using your connection and bringing the police to your door by 90% (I'd say it's safe to assume 90% of potential trouble makers don't know how to nor have the time to break WPA). Now lets assume the police that show up have a 50% chance of listening to reason and doing a fair investigation before putting all the flags on your name that can ruin your life forever. Both cases are gambles, there is no 100% chance of ha

Re:

[Jane Q. Public]

"It is a game of probability..."

No, it isn't. It's a matter of law. Courts in the US have ruled that an IP address is not probable cause.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Jane Q. Public]

That's not the way it works in the US. No probable cause = no raiding of the home, no search, no seizure.

And pardon me for the tone of my other reply, if your laws are different so you simply did not understand that. But that is the way it is here.

Google

[Anonymous Coward]

This 'bunch of researchers' wasn't Google was it?

How many of those were buinesses.....

[robthebloke]

.. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

Re:How many of those were buinesses.....

[Cimexus]

That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

10,000 points in a city the size of Sydney is hardly that amazing though...

Re:How many of those were buinesses.....

[L4t3r4lu5]

There's a service called FON [wikipedia.org] which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

More common in residential areas where there are no companies to be tied in with other subscribers.

Re:

[Inda]

I tried to connect to one of these.

1. They wanted 3.00 GBP for 24hrs surfing
2. They wanted 10.00 GBP for a week.

3. And this is a big three: They wanted CC information. There was no HTTPS; I knew the router was sat in someone's living room; alarm bells rang loud.

Sounds like a good idea, but in practice, barge-poles and all that stuff.

Re:How many of those were buinesses.....

[tagno25]

I just checked my FON router, and the entire captive portal is via https.

Re:

[Cederic]

Sadly my landlord's router has FON and you can't turn it off - you have to ask BT to disable FON from your account.

Obviously* my landlord is computer illiterate and wont know how to even ask, so I'm stuck with this second network running on the same bloody channel and no way to switch it off. Stupid fuckwit BT router and firmware.

* it's obvious, because he actually signed up with BT for Internet access. I mean, of all the idiotic decisions in a man's life..

Re:

[chrb]

So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

You mean clueless people like Bruce Schneier [schneier.com]?

Re:

[SimonInOz]

Well, one of them might be mine. I run unencrypted WiFi - but try and actually connect, and you'll find I have a list of MAC addresses I accept, so you won't get a connection. And yes, I'm in Sydney.

Re:

[fnj]

Because of course they can't sniff the list and clone the MAC address.

Re:

[delinear]

I'm no security expert, but my understanding is any time one of your accepted devices attempts to connect to your network, it happily sends its MAC address over the air in plaintext and anyone with a free sniffer can grab the legitimate address, spoof it on their device and connect. Good for keeping out casual traffic, but anyone determined to get access won't see this as a barrier, I guess it depends what your aim is though (maybe you're happy to share with people who are techie enough to bypass the MAC au

Re:How many of those were buinesses.....

[Zouden]

Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

You'd be better off using WPA - more secure, more convenient.

Re:

[jones_supa]

And even though no one would clone your mac addresses, aren't you worried of someone eavesdropping your connection in general?

Re:

[Cimexus]

So, that's like a million US dollars by now right? ;)

Re:

[Bert64]

What about the traffic going over the network? That's now open to interception by anyone within range...
Also its not hard to spoof a MAC address.

Re:

[nedlohs]

Why?

It doesn't stop snooping on the traffic. It doesn't stop someone who knows what a MAC address is from connecting.

All it seems to do is make it more difficult to connect a new machine on the wifi when friends visit or you buy a new laptop.

Re:

[bberens]

It could be clueless people like me who have a separate secured and open wifi network. If you only scanned my house you'd see 50% of the world is unsecured wireless!

Re:

[Cimexus]

True - but people you you or I, or Slashdotters in general, aren't the norm. For each person who is intentionally running an open access point like yourself, I'd wager there's at least ten who have open access points unintentionally (or simply don't care).

Re:

[Cimexus]

Unlikely in Australia where the vast majority of residential connections have a monthly transfer cap. You can get unlimited plans (in some areas) but they are overkill for most people's requirements, and kinda expensive.

Re:How many of those were buinesses.....

[bemymonkey]

I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

Very unfortunate :(

Re:

[mjwx]

.. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

This, Every McD's has an unsecured wifi these days. Almost every Cafe too.

News Worthy?

[moniker127]

Honestly I don't think this will come as a shock to ANYONE who has a wifi enabled device. There are unsecured access points everywhere in any given metropolitan space. I can get wifi reception in most places of three forks montana, a town with a population of less than 2000!

Slashvertisement

[mjwx]

Newsworthy you ask?

This is a blatant slashvertisement for Australia's largest Wireless ISP, Linksys.

Hell we have a few thousand on campus

[Sycraft-fu]

We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

Re:

[TheLink]

. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests,

The problem is the WiFi standards are broken/braindead (even after so many years). You can't easily provide secured WiFi channels to guest users.

They could have copied "https" where the clients can be anonymous and still have secured channels. They could have worked with Microsoft, Apple, dlink etc to set up a standard where the WiFi clients will try "WPA2 Enterprise" and log on as "anonymous" with password = "anonymous" (prompting/warning the user before that if the AP's fingerprint is new/different).

In p

Some might be intentional

[the_other_chewey]

Some of those might be intentional: I run an unencrypted wifi AP which is
bandwidth limited and routed through Tor as a public service. It is used regularly.

Also not covered will be those with open APs but additional authentification/encryption
layers, e.g. using a VPN.

Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
ones I've encountered over the last two years or so seem to fall into the categories above) -
WEP "secured" APs are another story however, there is still a worrying number of those around.
And I'm certain most WEP users are entirely unaware of their de-facto openness.

Re:Some might be intentional

[chewedtoothpick]

What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

Are you infuriated by the manufacturers?

[Marrow]

They are shipping routers that have encryption turned off by default. And the routers have WEP as an option. The manufacturers could ship all their routers with WPA-2 and a randomized password that is shipped separately in the box. But they dont.

Re:Some might be intentional

[the_raptor]

It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

The recent surge in stories about this "issue" is imo a reaction to such developments.

Re:

[kwerle]

In California, public libraries and many coffee shops have open access. I'm curious what access those kinds of institutions provide down under (and in other states).

I also have an open access point. Thank you to those of you out there in /. land who do the same.

This is news?

[rebelwarlock]

Sorry, I'm just not seeing how this would be news to anyone technically adept enough to be interested in reading slashdot. Unsecured wifi is a problem in every part of the world, from third world countries just learning to use it to the most advanced countries. Ten thousand is a big number, but it shouldn't come as a surprise to anyone.

Who cares

[tsa]

So what? If you use an insecure connection you know you are vulnerable to people who like to read your email and see what websites you visit. And the owner of the connection risks getting all kinds of viruses for free, and people downloading pr0n and other stuff via her network. Who else but the two people I mentioned should care?

Monthly data quotas

[quantumphaze]

As an Australian I am quite surprised that the number is so high. Here it has been the norm for ISPs to tiered monthly data plans where you pay for how much you use. From cheap plans for $20/mo for a few GB aimed at old people who only forward on chain emails from 1997 right to 1TB plans for torrenting all that public domain and Creative Commons content. Once it's used up your connection is throttled to an unusable 64kb/s for the remainder of the month (though some ISPs sell data recharge things).

Unlike Americas "unlimited" one-size-fits-all these users are losing what they paid for. Why would people be so stupid as to let their neighbours use up their 25GB on their shitty Telstra plan? Is setting up WPA2 really that difficult? Can these people read an instruction manual?

I also find it depressing that WPS [wikipedia.org] even exists.

Re:

[delinear]

Over here (UK) you can't even get a modem from an ISP that isn't defaulted to have WPA2 on (if you follow their wizard to set it up - and I have to assume anyone savvy enough to set it up without the wizard probably understands the risks or at least is making a conscious choice to go sans security). I'm more surprised that AUS ISPs don't have the same policy - the cynical side of me wonders if it's linked to the fact that they have data limits and sell extra data bundles, you're less likely to care about b

Open WiFi does not equal Internet Access

[Anonymous Coward]

I run a open access Wireless AP, the SSID is "free wifi" and it redirects traffic to a local rickroll/nyancat video loop (randomizes each time)

Re:

[jones_supa]

Have people visited it?

This is very sad

[__aailob1448]

There was a time when most WiFi hotspots were password-free and we could connect to the internet for free in most urban areas when we were travelling, with latencies and speeds that put 3G to shame.

Now, those times are gone forever. No more free internet for the casual user. No more sharing and love.

People like to talk about security but it's bullshit. We are not the winners in this ordeal. ISPs are. The security issues have an easy technical solution: The same one used by french ISPs to let its customers connect to other customer's WiFi.

They have a password-free Hotspot that sends you to web login and a separated, bandwidth-shaped VLAN for guests so they can't access network shares or do anything else.

R.I.P free WiFi. You will be missed.

Re:

[jones_supa]

The Finnish ISP Saunalahti had a "Wippies" project where you would get a free router and some cloud storage. The catch was that you complied to run a public wifi along your private network from the box.

Re:

[ScentCone]

Now, those times are gone forever.

And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight, knowing that the only people who might drive it off without talking to you would be your neighbors, who you know will return it with more gas in the tank than they found. Not only that, the days of leaving your home unlocked seem to be fading, too. It's almost like there actually are people out there who are untrustworthy, willing to rip things off, and not at all worried about what the consequence

Re:

[misexistentialist]

It's more the result of increasingly tyrannical government that prosecutes thought-crimes. Looking at information has victim and therefore no provable perpetrator. Of course for a long time in most places the pre-crime of leaving the keys in your car has been punishable, so maybe it's nothing new.

Re:

[kwerle]

And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight...

Really? Which places are those?

Do those same places have libraries? And do those libraries secure their wireless (they don't in California). What about the coffeeshops in those places?

Re:

[ScentCone]

Really? Which places are those?

Sorry, I meant that it's not rational to leave your keys in your car in places where car theft is a common problem.

I haven't personally encountered (in the last few years) a business or government entity running freely available WiFi that doesn't pass users through a terms-based and protocol-limited proxy.

I leave my WiFi unsecured because I'm a nice guy

[jampola]

I had a spare AP, so I decided to leave it open for the public to make use of my internet during the day. The AP is on a manual time switch (you know, the one that plugs into the wall) so it switches the AP on at 8am, switches off at 5. Real technical stuff I know but seriously, what's the deal with all the press surrounding unsecured wifi nextworks? Is it still 2005? Even if people have encryption or mac address filtering, it's not going to make the world of difference? If someone wants something other tha

Re:

[bloodhawk]

It isn't about not wanting to be nice, nowadays when police kick the door down first and ask questions later you don't want to be in a position where the local pervert has an easy route to browse his kiddie porn through YOUR network. Even if you can later prove it wasn't you the hassle and trouble involved is just not worth the risk. Even when most use crap security there generally is no point to breaking it as there is nearly always some other moron that leaves theres open. Even from my living room where I

Two words...

[pipedwho]

Plausible deniability.

Re:

[Jeff DeMaagd]

Unfortunately, the pendulum of "justice" is that you're liable for wrongdoing on your connection. So if someone accessed child porn on your unsecured network, you're going to go through a big headache defending yourself.

Which is somewhat karmic given that a lot of geeks defend hacking, that anyone with their door unlocked deserve to be robbed, i.e. the liability for poor or non existent security should be on the owner, not the hacker. Now we're seeing exactly that, the tables have now turned to what geeks

Your decision what world we live in

[jabberw0k]

I refuse to live in a world where Americans need "your papers please" or where our police are thugs. I refuse to be bullied by the TSA. It is our choice what world we wish to live in. If you give in, you give up; That way lies fear, depression, and death. I live in the same bright world that Ronald Reagan spoke of, a city on a hill....

Sky Is Not Falling

[retroworks]

So, evidently, Sydney has too many secured wifi points, right? 2.6% unsecured is less than the percentage of people with no financial information or anything interesting enough to steal... grandparents who don't do banking online are buying wireless laptops. Possibly, 2.6% of Sydney wifi administrators are confident of their ability to monitor access to their networks. If the ISPs take over the anti-virus implementation, as they are starting to do in the USA, the only problem would be lost business to

3... 2... 1...

[_0rm_]

LAWSUIT!!!

So what?

[magloca]

I'm all for security and strong passwords and all that, but so far, no one has been able to give me a good enough reason for me to bother with "securing" my wireless network.

People can sniff your passwords! -- I don't send them in the clear; I use SSH and SSL for everything.

You'll get viruses! -- I don't trust my network; I treat it as part of the public Internet and use sensible firewall settings.

People will use your bandwidth! -- I don't care. My bandwidth isn't capped.

People will use your connection for

Re:

[phantomfive]

Some (most) websites only use HTTPS for the initial logon, and then they switch to HTTP for the rest of the transactions. This makes it possible, for example, for someone to hijack your Facebook account by stealing the logon cookie. It's mainly an issue with poorly coded sites.

9 unsecured networks?

[flimflammer]

FTA: "In total, 382 networks were detected with 2.6 per cent operating without password protection."

So, out of all the networks they tested, only 9 networks we unsecured? I don't think this small a pool is very significant statistically. There could be a number of reasons for those 9 people to be operating a wifi without a password. It isn't necessarily just being "uninformed"

My Wireless Is Open, feel free to (ab)use it.

[xiando]

I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard. 5) Postcard is now sent through the postal service. Now, the postcard transport to the post office IS secure, it's in a safe, nobody can read it, it's all good and super secure. The security breaks somewhat when the postcard is delivered to the post office, just like your "secure" wireless data connection is somewhat broken when it reaches the Internet, but.. people seem to like this kind of security. If you really want security then you need end-to-end encryption like SSL and https. My view is that thinking wireless "security" gives you much real security is just dump. It does prevent people from using your wireless, and that's about it. I don't mind, fetching a web page used close to zero percent of my bandwidth anyway.

Re:

[Ksevio]

But it's a lot easier for someone to sniff your wifi network to grab your data than to intercept a backbone router. Plus they have the advantage of being close by.

You're doing it wrong.

[mjwx]

I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard.

I got this far before I realised your view of security is horribly broken.

The point of WiFi security is to prevent others from using your wifi when you dont want them to. There are a few reasons for this,
1) control what gets put through your network.
2) prevent others from using your bandwidth, slowing your connection down.
3) Prevent others from consuming large chunks of your download cap (very prevalent in Oz).

Now how WPA works is.
1) put your postcard (packet) in a safe (encryption).
2) send that s

Er...

[ledow]

Just because they were "open" doesn't mean you could actually do anything with them.

I used to have a wireless network where all the clients were software-firewalled and the only traffic accepted over the wireless interfaces was VPN traffic to a server also on the wireless network (and that interface similarly firewalled). Hell, you didn't even have DHCP service on that interface.

So a million people could "join" my wireless network but:

1) None of them could talk to each other.
2) None of them could talk to t

probably the same

[FudRucker]

in any big city, try NYC or LA, or Detroit or Chicago, or any of the other big US Cities = full of inept people that bought PCs & laptops all connected via unsecured wifi because it is easier than running Ethernet cable all over the house

In other news

[hellop2]

Computer Hackers Running Rampant Ruse of Running Runtimes

On online newspaper has broken the story that the majority of computer terrorism happens because of downloading executables and running them. "This results in the innocent user being asked why they were running TransvestiteIslamicHookers.avi.exe."

An internet security expert from PMITA University in Melbourne, Greg Markovy, said downloading executables could attract attacks on any devices on the same network, leading to the loss of personal da

Free Public WiFi

[rainmayun]

I wonder how many of them are Free Public WiFi [lifehacker.com].

Re:

[rainmayun]

I should add that I ask this tongue-in-cheek

With everything we know....

[wjousts]

What Slashdot users know != what the general public knows.

Really? That many?

[jidar]

So what you're telling me is, over 97% of users secure their wifi networks?
Honestly I never would have thought we could get the percentage that high. That's good news.

No WEP/WPA != "unsecure"

[jon3k]

Broadcasting a specific SSID from an AP that uses a captive portal and is routed out to the Internet and firewalled from other networks is not "insecure". Article is absolutely meaningless.

Re:

[account_deleted]

Comment removed based on user account deletion

open != unsecured

[SCHecklerX]

My open AP sits on a segregated subnet. It is also running a captive portal. If you need to get into my private network, you must use a VPN client. If you want to browse freely on the Internet, you must authenticate to the captive portal.

Thinking about getting a wireless router

[Marrow]

What is one that allows you to segregate the wired from the wireless so they cannot talk to one another. I would like a wireless router that: The wireless can only access the wan. Do any of them do that? Extra points for a router that can only be administered via the wire.

Re:

[Dynedain]

You can do this with DD-WRT.

I miss the good o' days...

[CohibaVancouver]

I miss the good ol' days where you could fire up your device in a park or apartment complex or wherever and find an AP to connect to. Not any more.... You see a dozen APs, all locked down. End of an era...

Re:

[account_deleted]

Comment removed based on user account deletion

Maybe they are login required

[Old Wolf]

In my area, if you drive around town then a lot of places show up as "Unsecured wireless network" but if you try to access the Internet through it, it redirects all traffic to one particular location that wants you to put in a username/password (which you have to have paid for via some other channel previously).

Re:

[sqrt(2)]

WPA has no structural flaws. It's as strong as the passcode you use. If I use a random 64 character passcode with a full alphabet (upper and lower case alpha, numerals, special characters) then I would comfortably give you until the heat death of the universe to crack it, that same password. It's not going to happen. You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

Re:

[wjousts]

You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

Or possibly not. I don't know about you, but I don't remember the 64 random characters in my passcode, and no amount of beating is going to make me remember. Of course, if you ask me where I wrote it down, that you could beat out of me, but it's on my desktop computer, and once you have access to that, all bets are off anyway.

I'm just being pedantic, Ignore :)

[malsbert]

WPA has no structural flaws.

Not quite correct, there is this little thing called; "Hole196" [airtightnetworks.com], It is not a big flaw, In terms of practical impact, But it is there :)

Re:

[the_other_chewey]

Wireless networks are not secure even with WPA/WPA2, unless you feel like changing the password every other day. Even my grandma is sharp enough to follow the instructions on various youtube-clips for cracking WPA/WPA2..

Oh? Beyond brute-forcing with dictionary passwords? Mind providing a link to one of those videos?
I think I would've heard of WPA2 being broken, it being AES-based and all...

Re:

[Chrisq]

But how many of those 2.6% have MAC address filtering? No password, but if you try to connect it won't work. You're not encrypted, so your packets can still be sniffed. But if you just want to stop casual users logging on and stealing your bandwidth it's a perfectly acceptable solution.

because it's impossible to to spoof a MAC address isn't it.

Re:No password =/= unsecured

[Lumpy]

I do it easier.. I have a spare 54GL sitting at the peak of my attic without any internet on it broadcasting about 60 AP's that say... Linksys, netgear, dlink, etc all open and unsecured. The cool part is the AP sits on a metal plate SHIELDING it's signal from my home. you cant see the AP's it's broadcasting from inside the house. (Knowing how RF works is a good thing)

It had two effects.

1 - it chased all the neighbors away from the channel I have them all broadcasting on.
2 - it forced all the neighbors to actually configure their routers to not have the name "linksys, dlink, netgear....." and they added encryption as they all show locks now.

Works great, and I am sure I give the wardriving kiddies as well as leaches fits when they try to connect to them. the one real AP up there called "FreeWifi" is my throttled and filtered free wifi AP I provide. works great and last time I checked it was getting used at least 5 times a week. It times out and drops you to a capture page every 50 minutes to annoy the cheap neighbors trying to leach. And no it does not mess up my WiFi as I use the channel it's on. it's the quietest channel for 4 blocks around because of my broadcaster.

Re:

[Chrisq]

Sure, I guess a psychic could divine a working MAC address.

Or a non-psychic could simply look for one that is currently used and being accepted. Ideally you would monitor for a while and find one that is switched off, but it seems to work (with a high error rate) if you spoof an existing MAC address even when its active.

Re:

[Bert64]

Spoofing a MAC that is already in use works just fine, but you should assign an IP manually as DHCP will think you are the same user and give you the same IP..

If you spoof their MAC address and manually take their IP too, it will usually knock the other user offline and they probably wont have the skills or tools to work out what's happening.