Forwarded from: Peter A. DeNitto <email@example.com> I read this and I wonder what the point is. All the 802.11b wireless commercial ventures require you to hit a web server so they can bill you. Now, the billing is not inherently insecure, it uses SSL encrypted above the network layer. But having someone have access to an open share, why is this the problem of the network provider? Why are these insecurities that are inherent in the operating system blamed upon the network medium? It's not T-Mobile's fault that your system is set up so insecurely as to have an open share. I hope Bill Burns is more savvy than this and was merely noting that he could browse for other peoples computers. And news flash: you can browse for peoples shares on wired lans as well. It's called a broadcast packet, you know, the same technology that ARP & DHCP use? Don't expect them to offer WEP services just yet. How do you explain to Retail Employee how to assist Uninformed User how to set a WEP key? Ok, now explain them how to do it on 8 flavours of Windows. Now try a MAC. Ok, why not sit a paid employee to sit in a Starbucks and assist everyone? Now try to create a business model that can make money doing that. People can barely manage to change SSID's on their own. T-Mobile's response is the response I'd offer. When will people stop complaining about wireless "insecurity" and press their application suppliers for secure applications? Why do people continue to use unencrypted POP instead of a secure POP or SSL encrypted IMAP? It's about encryption at the application layer, not about encryption at the network layer, and until the industry "gets it" we're doomed to an insecure network. Stop beating on 802.11b. It's as secure as everything other shared medium. Get something real to write about. --Pete On Fri, 18 Oct 2002, InfoSec News wrote: > http://www.unstrung.com/document.asp?doc_id=22807 > > Dan Jones > Senior Editor > Unstrung > 10.17.02 > > LAS VEGAS -- Veterans of past Cellular Telecommunications & Internet > Association (CTIA) shows tell us one major security problem they faced > was having their analog phones cloned. > > Happened all the time apparently... > > These days we face a different threat, namely that the free wireless > LAN network we're using to get online -- provided by T-Mobile U.S. in > this instance -- is offering potential hackers a backdoor to get at > data on your laptop. > > It works like this. T-Mobile has a proxy set up so that the user is > directed to their Website and clicks to login before they get access > to Internet connectivity. However, access to the wireless access point > is not password protected, so the network itself is open. Basically, > any shared areas on your hard drive are visible to other people on the > network. > > Unstrung Website engineer Bill Burns noted the problem when using the > service at his local Starbucks. However, we should stress that this is > pretty common with public wireless LAN access systems, certainly not > something that is exclusive to T-Mobile's HotSpot service. [...] - ISN is currently hosted by Attrition.org To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 06:04:30 PDT