[ISN] WhiteHat: Sydney's CBD a haven for Wardrivers

From: InfoSec News (isn@private)
Date: Mon Nov 14 2005 - 22:27:05 PST


http://www.zdnet.com.au/news/security/soa/WhiteHat_Sydney_s_CBD_a_haven_for_Wardrivers/0,2000061744,39221970,00.htm

By Munir Kotadia
ZDNet Australia
11 November 2005

Security firm WhiteHat has found that out of 751 wireless networks
discovered in Sydney's central business district, 75 percent were
unencrypted.

Speaking at a hacking workshop in Sydney on Friday, WhiteHat's chief
executive Jason Hart explained how he and a colleague drove around the
CBD for 30 minutes on Thursday with a laptop to scan for wireless
networks.

To conduct the 'Wardrive', Hart used a standard IBM laptop loaded with
NetStumbler and Kismet -- both of which are freeware WLAN detection
tools. Of the 751 wireless networks discovered, 75 percent were
unencrypted and 35 percent were broadcasting their default station ID
(SSID), which Hart said is a sign that they were 'rogue' access points
unknown to administrators of the systems on which they resided.

Hart said he was not surprised by the results of the test: "No, it is
not a surprise. But my concern is how many companies are aware that
those access points are within their business? Probably in the
majority of cases [administrators] do not know about them."

According to Hart, the test demonstrated that although companies spend
millions of dollars buying security products to protect their
business, far too many still 'leave the back door open'.

He advises administrators to 'sweep' their buildings for wireless
networks at least once a month but preferably once a week.

"It should be part of somebody's job description to sweep the
building. It doesn't cost anything except a bit of time -- and you are
minimising risk within the business. Download NetStumbler and walk
about your building," added Hart.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Mon Nov 14 2005 - 22:40:56 PST