CRIME Another wireless risk

From: Sasha Romanosky (sasha_romanosky@private)
Date: Fri Feb 06 2004 - 13:34:50 PST

Next message: George Heuston: "CRIME Meeting Tomorrow @ 10AM @ Oregon Zoo--Last Call"

Previous message: George Heuston: "CRIME Meeting 10 Feb @ 10AM @ Oregon Zoo--2nd Call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a funny, little story I thought I'd share with the group:

From Risks Digest 23.16
Date: Mon, 26 Jan 2004 16:13:37 -0600
From: Chris 
Subject: Another wireless risk

The other day I was in the position of needing to print out my credit
card
site's invoice display.  Since I don't have a fully functional printer
at
home, and I needed to make a photocopy anyway, I decided to take my Mac
Powerbook down to Kinko's and print it off there.

The problem was, when I plugged the Powerbook into their Ethernet link
(called a "Macintosh link" for some reason by their onsite
documentation...never mind that any computer with an Ethernet port could
use
it), I couldn't reach the Internet.  (Nor could I see any printers in my
application...and the printer driver disk the Kinko's clerk helpfully
offered didn't help, because it only had drivers for OS 9, not OS X.)
However, the fellow who'd just vacated the laptop station had been using
wireless, and he said that should work.  And I did a quick scan, found
an
open wireless router labelled "linksys," (the way they didn't even
bother to
change the default name should have warned me, I suppose...but given the
general lack of computer adroitness I had observed in the staff, that
carelessness seemed to fit right in) with a Lexmark printer on it, and
Internet access...so I called up the invoice and hit print, then asked
the
Kinko's clerk where that particular printer was.

Longtime RISKS readers should be able to guess what came next.  "But we
don't have a wireless network...and we don't have any Lexmark printers
either."  Further research indicated that the wireless router was hooked
into a Bellsouth DSL connection, presumably someone's nearby home or
business.  So I had just printed my credit card invoice to some total
stranger's printer...and had no way even to find out where it was so I
could
get it back.  Fortunately, the invoice didn't contain any *truly*
sensitive
information, such as my SSN or account number (beyond "ends with ....").
And I was closing that account anyway.

The risk here is kind of the inverse of the "usual" risk associated with
a
wireless system...instead of "you never know who might be using your
network," it's "you never know whose network you might be using."  The
combination of an open wireless network and a location where you would
expect there to be one can easily enough confuse you into conflating the
two.

Next message: George Heuston: "CRIME Meeting Tomorrow @ 10AM @ Oregon Zoo--Last Call"
Previous message: George Heuston: "CRIME Meeting 10 Feb @ 10AM @ Oregon Zoo--2nd Call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 06 2004 - 14:52:12 PST