http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1026145015373&call_page=TS_Business&call_pageid=968350072197&call_pagepath=Business/News&col=969048863851 By Tyler Hamilton Technology Reporter Sept. 10, 2002 A local consulting firm launched a controversial Web site yesterday that shows gaping security holes in hundreds of wireless networks throughout the downtown core, including many in the financial district and some government and university areas. The consulting firm, irreverently called IpEverywhere, says about 75 per cent of the more than 1,000 downtown wireless networks it has detected so far have no evidence of security and leave organizations wide open to information theft, data destruction, networking spamming and other cyber attacks. The company plotted its findings on a map found at http://www.nakedwireless.ca, which went live on the Internet yesterday afternoon. The map marks vulnerable networks with red pins, while black triangles indicate networks protected with WEP - "wireless equivalent privacy" - encryption. "We never anticipated finding so many (open networks)," said J.P. Tanguay, chief executive officer of IpEverywhere. "The initial map only took one day to do. The first night we picked up more than 500 access points in under an hour." He plans to release similar maps for Oakville, Mississauga, Markham, Scarborough and other areas in and around the GTA, with a longer-term goal of mapping cities across the country. "It's a neat tactic," said Lawrence Surtees, telecommunications analyst with IDC Canada Ltd. "Anything groups or experts can do to promote awareness is a great idea." Despite media reports about the lack of security in wireless networks based on the 802.11b standard - dubbed "Wi-Fi" - Tanguay said companies using these networks continue to ignore the risks and falsely believe the products they use are secure by default, when the opposite is often true. Wireless networks are typically connected to internal corporate networks. Unprotected wireless networks can provide a back door to an organization's larger network, offering intruders free Internet access and a way to impersonate employees, tamper with sensitive company data or send in destructive computer viruses. Tanguay said the Web site was launched to draw more attention to the issue, which he considers a "growing national crisis." "If the site is controversial, that's great," Pat Mason, chief operating officer of IpEverywhere, said. "We want to have more discussion about this problem. Knowledge and awareness is good. The enemy in this issue is complacency and ignorance." The company, which provides network-security consulting services for large businesses, acknowledges its actions may be perceived as a way to drum up business for itself. But Tanguay said companies visiting the site have no obligation to use IpEverywhere's services. Other experts in the community confirmed the company's findings. "I'd say their findings are not surprising," said Keith D'Sousa, senior manager of information security services at KPMG LLP in Toronto. "From our own experience, we've had a 50-per-cent hit rate." A study done by RSA Security Inc. found that 67 per cent of all Wi-Fi networks detected in London, England, were unencrypted and open to attack. Last year, reporters from The Star went "war driving" with KPMG and found 43 Wi-Fi networks in less than 15 minutes — 80 per cent of which were not secure. War driving is when a person drives around city streets and attempts to intercept unprotected wireless networks, using mainly a laptop, some free software and a cheap antenna. When using a plane, the practice is called "war flying." Meanwhile, "war chalking" is when hackers mark buildings or sidewalks with chalk to signal vulnerable networks to other hackers. "For some reason, companies have woken up to security on their computers and the Internet, but they've fallen asleep on wireless," said Surtees. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 04:38:32 PDT