[TCWUG] Why secure your WLAN?

Thu Aug 14 15:26:59 CDT 2003

 

Hi all, I've been a steady lurker around this community for probably the past year or so. This one email grabbed my attention more than any other. I'm running a local network with a wireless access point and IMO security should be the number one priority. Basically, I see nothing wrong with bringing to people's attention WLAN security. You can provide this info to anyone whether they are running an AP or not. They can do with the info as they wish but I think it's a wise move to at least mention it and it may save TCWUG's ass in the future! And yes this is possible without scare tactics like: annoying/scaring/threatening/blackmailing 
Does anyone else see something wrong with this kind of "it'll never happen" attitude? No offense, but I do... &lt;/flame&gt;
Regards,
JJ
-----Original Message-----
From: Matthew S. Hallacy [mailto:poptix at techmonkeys.org] 
Sent: Thursday, August 14, 2003 1:32 PM
To: tcwug-list at tcwug.org
None of this makes any difference whatsoever. Spammers are not driving around to find open access points, they're creating worms that infect windows machines and turn them into proxies -- all from the comfort of home.
The same goes for kiddie porn, there are lists of hundreds of thousands of open proxies out there that have already been blacklisted in the spam RBL's that are perfectly fine for use as anonymizers to people who wish to participate in child pornography.
As for the startribune story, the guy was one of the following:
1) Actually viewing kiddie porn
2) Going to porn websites and randomly clicking 'Yes'
3) (Knowingly) running executables off the web, probably the ones that say FREE PORN JUST CLICK YES
4) Infected via the multitude of bugs in Windows, MSIE, or MSOE.
 
I still fail to see the reason why anyone is interested in running around annoying/scaring/threatening/blackmailing people by telling them their WLAN is insecure. Companies DO NOT WANT TO KNOW, they'll call it blackmail, call their lawyers, and force you to sign an NDA before they ever consider securing their WLAN. Joe Blow consumer is much the same, he doesn't care, he feels that he doesn't do anything on the internet worth spying on, and even if he does, the chance of anyone caring enough to sit outside his house and watch is nil.
If you really want to start securing WLAN's, you're going to have to start with securing the systems sitting on the WLAN and the LAN. This will never happen. You're wasting your time and opening a can of worms that will land you in a world of hurt (and possibly jail).
Please go back and see all the local TV and paper stories about evil war drivers and how to secure your WLAN, if those hyped up pieces of trash didn't scare people into securing their WLAN, you walking up to their front door isn't going to either.
&lt;/rant&gt;
On Thu, Aug 14, 2003 at 07:42:43AM -0500, Mike Ellsworth wrote:
&gt; One good way to get people interested in securing their WLANs is to 
&gt; tell them that random people could be using their Internet connection 
&gt; to download kiddie porn. Then they could face the same fate as the guy 
&gt; in England mentioned in a news story in the Strib this week:
&gt; 
&gt; http://www.startribune.com/stories/484/4034940.html
&gt; 
&gt; Or a spammer could use their connection to send a million spam emails, 
&gt; causing their ISP to cut them off.
&gt; 
&gt; These things could really happen, and I think constitute a valid 
&gt; concern for the group and anyone providing free WLAN access to the Internet.
&gt; 
&gt; As far as coming up with a way to find open WLANs and inform their 
&gt; owners about security without weirding them out, I'd love to figure 
&gt; that one out too.
&gt; 
&gt; Mike Ellsworth
-- 
Matthew S. Hallacy FUBAR, LART, BOFH Certified
http://www.poptix.net GPG public key 0x01938203
_______________________________________________
Twin Cities Wireless Users Group Mailing List - Minneapolis/St. Paul, Minnesota http://www.tcwug.org tcwug-list at tcwug.org https://mailman.real-time.com/mailman/listinfo/tcwug-list

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shadowknight.real-time.com/pipermail/tcwug-list/attachments/20030814/018b844d/attachment.html