http://news.zdnet.co.uk/internet/security/0,39020375,39277577,00.htm By Tom Espiner ZDNet UK June 27, 2006 People 'just don't care' about Wi-Fi security according to researchers, but some senior security experts argue there's no need to secure networks at all A large percentage of Wi-Fi networks are "horribly insecure", according to researchers at Indiana University. In a study of almost 2,500 access points in Indianapolis, presented at the Workshop on the Economics of Information Security at the University of Cambridge on Monday, researchers found that 46 percent were not running any form of encryption. "People just really don't care about Wi-Fi security, and open Wi-Fi at home is a nice big target," said Matthew Hottell, lecturer in informatics at Indiana University. "Defaults [settings] are king," added Hottell. Most of the secured networks used routers whose security setting had been pre-installed by the vendor, rather than having being activated by the end user. Some used WEP encryption wizards to encourage people to turn on the security settings. "Education seems to have little effect. People with a higher economic status are not responsive to the heightened risk of privacy erosion, and people in general don't recognise that higher population density [heightens risk]," said Hottell. However, security expert Bruce Schneier argued that as long as people's devices were secure, having a secured network was unnecessary. "I have a completely open Wi-Fi network," Schneier told ZDNet UK."Firstly, I don't care if my neighbours are using my network. Secondly, I've protected my computers. Thirdly, it's polite. When people come over they can use it." University of Cambridge security expert Richard Clayton also questioned the assumption that unsecured networks were necessarily insecure. "What is your definition of secure?" Clayton asked the researchers. "Did you try to exploit the systems?" Hottell said the wardriving team had not attempted to hack any systems or read any network traffic. Microsoft's chief privacy advisor for Europe, Caspar Bowden, said there seemed to be a consensus among security experts that having a Wi-Fi network open to sharing has positive uses, but warned that people could not rely on WEP encryption if they wanted to secure networks. "If you do want to secure your network, look at end-to-end solutions rather than some of the dodgy crypto around like WEP," said Bowden. "There's only one thing worse than no security, and that's a false sense of security," he added. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jun 27 2006 - 22:25:02 PDT