This is hardly a new topic, but it's a good reminder. Also see Sunday's Doonesbury: http://www.doonesbury.com/shopping/buycomic.cfm?uc_fn=1&uc_full_date=20020721&uc_daction=X&uc_comic=db -Declan --- From: "Allen Hutchison" <allenat_private> To: <declanat_private> Subject: Watch your wireless configs... Date: Sat, 20 Jul 2002 19:17:30 -0700 Declan, I thought you might like this small piece I posted on my blog this evening. Feel free to forward to politech if you find it interesting. Regards, Allen Hutchison www.hutchison.org/allen Allenat_private -----------Forwarded Message------------ Watch your wireless configs Last night I was playing around with the newest version of Lindows. I haven't worked with the OS much to date, because it didn't have support for my Cisco Aironet card. Since the card was the only way laptop can connect to the network I didn't want interrupt that ability. Anyway, yesterday a college of mine told me that Lindows now had support for wireless cards. So, I took the plunge and installed the OS on my laptop. The first thing I noticed, after the installation completed, was that my wireless card was blinking. I thought that the Lindows install had grabbed the settings for my card before it wiped windows off the machine. So I started trying to download software and access my network resources. Then I noticed that the network seemed really unresponsive. I started looking more closely at the network, and found that Lindows had not grabbed my previous settings, and I was associated with someone else's access point. To be sure I went to the default router address with a www browser, and found that it was a linksys. Well, I thought, that isn't too strange, I have a linksys on my network too. So I tried to log in, but it wouldn't take my password. So I tried the default password on a linksys router "Admin" and I got in. Then I realized that I wasn't logged into my network at all. I was getting to the net through somebody else's access point somewhere else in the network. This person had never bothered to do anything to secure his network. Upon further inspection with a sniffer, I found that I could grab all of his traffic off the air in my office. He was using no encryption and no access control. I could browse the shares on his computer, I could see his password flying by. If I only knew where he lived, I could go tell him, and help him set up something more secure. All I know, however, is a general direction from my condo, South. This goes to show how important it is for vendors to stress security with their wireless products. Information is becoming more and more of a commodity, and the information that describes us is moving around on the Internet every day. When we install new technology, it is the responsibility of a vendor to explain the security consequences. It was obvious in the case of my mysterious neighbor that he hasn't installed any security on his network. It is quite possible he isn't even aware of the security hole he has opened onto his data. Something to think about. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jul 22 2002 - 01:45:49 PDT