FC: Doonesbury, Allen Hutchinson on 802.11 networks and security

From: Declan McCullagh (declanat_private)
Date: Sun Jul 21 2002 - 21:58:07 PDT

  • Next message: Declan McCullagh: "FC: Brad Templeton on Bush's TIPS program, spam, press credentials"

    This is hardly a new topic, but it's a good reminder. Also see Sunday's 
    Doonesbury:
    http://www.doonesbury.com/shopping/buycomic.cfm?uc_fn=1&uc_full_date=20020721&uc_daction=X&uc_comic=db 
    
    
    -Declan
    
    ---
    
    From: "Allen Hutchison" <allenat_private>
    To: <declanat_private>
    Subject: Watch your wireless configs...
    Date: Sat, 20 Jul 2002 19:17:30 -0700
    
    
    Declan,
    
    I thought you might like this small piece I posted on my blog this evening.
    Feel free to forward to politech if you find it interesting.
    
    Regards,
    
    Allen Hutchison
    www.hutchison.org/allen
    Allenat_private
    
    -----------Forwarded Message------------
    Watch your wireless configs
    Last night I was playing around with the newest version of Lindows. I
    haven't worked with the OS much to date, because it didn't have support for
    my Cisco Aironet card. Since the card was the only way laptop can connect to
    the network I didn't want interrupt that ability. Anyway, yesterday a
    college of mine told me that Lindows now had support for wireless cards. So,
    I took the plunge and installed the OS on my laptop.
    
    The first thing I noticed, after the installation completed, was that my
    wireless card was blinking. I thought that the Lindows install had grabbed
    the settings for my card before it wiped windows off the machine. So I
    started trying to download software and access my network resources. Then I
    noticed that the network seemed really unresponsive. I started looking more
    closely at the network, and found that Lindows had not grabbed my previous
    settings, and I was associated with someone else's access point. To be sure
    I went to the default router address with a www browser, and found that it
    was a linksys.
    
    Well, I thought, that isn't too strange, I have a linksys on my network too.
    So I tried to log in, but it wouldn't take my password. So I tried the
    default password on a linksys router "Admin" and I got in. Then I realized
    that I wasn't logged into my network at all. I was getting to the net
    through somebody else's access point somewhere else in the network.
    
    This person had never bothered to do anything to secure his network. Upon
    further inspection with a sniffer, I found that I could grab all of his
    traffic off the air in my office. He was using no encryption and no access
    control. I could browse the shares on his computer, I could see his password
    flying by. If I only knew where he lived, I could go tell him, and help him
    set up something more secure. All I know, however, is a general direction
    from my condo, South.
    
    This goes to show how important it is for vendors to stress security with
    their wireless products. Information is becoming more and more of a
    commodity, and the information that describes us is moving around on the
    Internet every day. When we install new technology, it is the responsibility
    of a vendor to explain the security consequences. It was obvious in the case
    of my mysterious neighbor that he hasn't installed any security on his
    network. It is quite possible he isn't even aware of the security hole he
    has opened onto his data.
    
    Something to think about.
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 01:45:49 PDT