Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured 209
avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"
i hate you all (Score:5, Funny)
Will everybody please STFU about securing your wifi..
Cracking their wep when I'm on the road and without my gear is a pain in the ass!
Re: (Score:2, Insightful)
From TFA
Something less bellicose might not have caught anyone's attention.
A better word than bellicose would be childish.
Re:i hate you all (Score:5, Interesting)
Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.
Re: (Score:3, Interesting)
My thing is i don't understand why people don't just make unsecured wifi routers that firewall one user from another. That way, you can get on the internet from it, but it's much harder to hack others on the same segment.
Re: (Score:2)
wtf? how the fuck do you firewall one computer connected wirelessly from a 2nd connected wirelessly with the ability to spoof the router?
Re: (Score:3, Informative)
Easy. Don't allow traffic between any IPs behind the router, other than TO the router itself.
This is trivial with Iptables.
That would force users behind the router to connect via its external NIC to talk to each other, and that can be filtered easily as well.
You can't really spoof a machine on your own subnet.
Re:i hate you all (Score:5, Insightful)
More to the point about finding unsuspecting piggybackers, I don't see how it should be expected that the law should get involved to quickly unless a serious crime has been committed. I find this particularly alarming:
So they'd prefer if the police stopped and strip search everyone doing something they considered suspicious? What kind of hackers are they if they think authority needs to always get up close and personal with anyone doing anything remotely out of the ordinary.
It's a good thing that the police had a look, could see that a crime wasn't being committed, and decided to continue looking for something worthy of their time, not a bad thing as the absurd summary seems to suggest.
Re: (Score:3, Interesting)
The summary only mentioned the police drive by, not the hotel's assertion that police concern was a primary factor in disallowing the balloon launch, which is what makes the complete lack of concern at the end ironic, and therefore worth mentioning. Nobody's talking about unwarranted strip searches.
-Restil
Re: (Score:2)
What kind of hackers are they
Gee, I dunno, the kind of hackers that foolishly draw attention to themselves by performing mindless attention-whoring activities at Defcon ?
Defcon itself is a big pathetic joke. It's really just a bunch of overgrown kids talking about various acts of fraud and abuse, while launching cowardly attacks at anyone not in the in-crowd. They make the 2600 con look like a goddamned Mensa party.
Re: (Score:2)
Yet curiously, many exploits in OSS software seem to be found during the beginning of August.
Re: (Score:3, Informative)
It could just as well mean that the authors were delighted and found it commendable that the police did not make a fuss about an innocent site survey.
If you read it that way, English must be a second language for you. It was CLEARLY disparaging of the police, tauntingly so.
That you mistake it for gleeful respect suggests a very naive outlook.
Networks on The Strip (Score:5, Informative)
Re:Networks on The Strip (Score:5, Insightful)
Exactly. 1/3 is actually a pretty good number, and shows that the casinos are taking security seriously. Plus, I wonder how many networks they didn't even see because they weren't broadcasting their SSIDs. This whole thing seems to be much more about doing something cool and making a lot of noise than any kind of serious analysis.
Re:Networks on The Strip (Score:4, Insightful)
Re: (Score:3, Informative)
Re: (Score:2)
Thanks for this, I have repeated this comment hundreds of times to various people setting up their networks and yet they still seem to think that setting the essid as "hidden" is providing some small extra security, when in fact it only obscures your network for legitimate users, since anyone sniffing for a networks will see it regardless of whether you have it set to broadcast or not.
Worse, when your clients can't see the cloaked SSID, they send probes for it that include the SSID. If it's an obscure one, you can just go to Wigle [wigle.net] and find out where that AP is. A bit of a privacy problem, if you don't want random people to know where you live, especially if you're out of town.
Re: (Score:2, Informative)
Depends with what software they have been 'sniffing'.
SSID is broadcasted in 802.11 beacon frame, along with some other stuff.
So if you turn off the SSID broadcasting, you'r removing the SSID info from the body of beacon packet, so regardless you have traffic or no, your AP is gonna show up (without ssid so you will not know the name of ap) in something more advanced then netstubmler. Kismet for example.
This has nothing to do with traffic amount.
Re: (Score:2)
Interesting, I didn't know that. Still, the Las Vegas Strip is one hotel after the other, they're all bound to have open WiFi for their guests. If this was in a residential area or a business park without any hotels around, 1/3 unsecured would be a completely different matter.
Re: (Score:2)
He surveyed something like a 7.5mile radius - the strip was a small part of his survey. BTW, here at Caesers the sign in page that asks for room and last name isn't even SSL unless YOU manually switch it. Insecure? Oh hell yes!
Re: (Score:2)
Really? So if I'm say 3 miles away with a directional cantenna you don't mind me hopping on your network and hacking say a bank? Downloading music and movies? Kiddie porn? Is it REALLY no big deal to you? If you want a pain in the ass leave that sucker open.....
Re: (Score:2)
They used Kismet, they see you broadcast or not by looking at the existing traffic. The summary is crap BTW. Rick and crew weren't happy about the cops because they had been told that the police would be "looking for them". Seems that naming the project "warballooning" might not have been a good idea! This was primarily to demonstrate the ability to scan\see networks from a long standoff distance.
The secure\unsecure figures weren't even mentioned in the talk and were brought up only after *I* shouted a ques
Re: (Score:2, Informative)
As somebody that currently lives a block away from the Luxor and Mandalay Bay, I can accurately say that you don't have to drive far from the strip to find a very high density of wireless access points, with approximately this ratio of secured to unsecured points. Within reach of the confines of my condo I have a buffet of wide open AP.
Take the strip out of the equasion and I think it's still valid.
Re: (Score:2)
I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.
I was at DEFCON and stayed at Circus Circus. In about 30 seconds, I cloned someone else's MAC address and was on their WiFi. Also I could have pulled up Wireshark and seen all their traffic (see: Wall of Sheep).
So let's get this straight (Score:5, Insightful)
If the police flip out over something we do, they're overreacting idiots that don't understand technology.
But if the police don't flip out over something we do, they're underreacting idiots who aren't keeping us safe.
Mmkay.
Re: (Score:2, Funny)
If your UID wasn't so slow I'd have to say "Welcome to Slashdot, you must be new here", but now I'm rather stumped on what to say.
Re: (Score:2, Funny)
If your UID wasn't so slow I'd have to say "Welcome to Slashdot, you must be new here", but now I'm rather stumped on what to say.
Yea, slow UID's are terrible.
That's why I supercharged mine.
Re:So let's get this straight (Score:5, Funny)
Re: (Score:2)
Compared to the 1.2mil+ uid's, yea I'd consider ~100k low.
Re:So let's get this straight (Score:5, Funny)
Well, if 3-digit users like you aren't gonna participate (6 posts a year!), somebody has to play Village Elder.
Re:So let's get this straight (Score:4, Funny)
Police should only employ top specialists in every topic there is, so they can make a judgment on of any situation on site.
That way, when somebody lies on the street and needs a heart transplant, the police can help him on-site. No special equipment needed, a chewing gum and a swiss army knife will do th etrick.
Re: (Score:2, Interesting)
Re: (Score:2)
To sat nothing of the interests of people who just want freedom in their everyday lives.
Re:So let's get this straight (Score:5, Insightful)
You make a good point, however I guess I would ask why any rational society would expect just those two modes of operation. Neither seems that useful. Wouldn't it be more logical to expect either the police to come over and say hi, or to take a note of the registration and car details (not necessarily visibly)? A standard social engineering technique used time immemorial has been to look as though you should be somewhere. Only an idiot looks suspicious, and it's not the idiots who should concern the police the most.
In the first case, it's basic community policing 101. You don't prevent crime by looking intimidating, you prevent crime by being aware of what's happening and understanding why. The second option also works on the premise of being aware, but looks for standard social engineering practices and patterns, rather than cause-and-effect.
In neither case is flipping out a productive or useful method. It doesn't help you recognize where or when problems are likely to occur, and only helps you catch the more dysfunctional criminals who are likely causing the least of the social headaches. However, it is by far the most common method used, because it's easy. Catching competent criminals is much harder, much more expensive, and gives a police department a worse score on offenses dealt with.
Re:So let's get this straight (Score:5, Interesting)
Quoted for truth. Several of my teachers told my class that if we wanted to, we could just wander around the school instead of going to classes, as long as we looked like we were on an errand. I'm not sure whether I should think that it's cool that I could get past authority figures by simply acting like I know that I belong, or whether I should be scared that someone who knows how to act like they belong somewhere can generally get access to that place.
Re: (Score:2)
When I was in school, and I'm hoping your talking about high school and not colledge, but we had hall passes. Restroom passes were wood things made of different shapes so if you were on the wrong floor or in a difference corridor it was easily noticed. If you were going to get something from your locker or for the teacher of whatever, you had a hand written hall pass on a off shade of yellow paper and you were asked for it if you were seen by a monitor or another teacher going somewhere between classes. It
Re: (Score:2)
Indeed one might, but it would certainly result in the "overreacting idiots that don't understand technology" hysteria here that the OP suggests.
Re: (Score:2)
With the Dash cams and video recording in police cars nowadays, as well as the license plate recognition systems that locate a license plate and automatically runs it through the computer, it is possible that they had already "take a note of the registration and car details" and such.
If nothing came back with a flag on it, then they would have had a recording of whoever was there at that time if something happened. A little detective work after that could get anyone's identity and make sure something was do
Re: (Score:3, Interesting)
Asking for perfection isn't a bad thing, expecting it is.
In this case, however, I don't see how the officer did anything wrong. A bunch of kids (effectively, you know how geeks get when they're doing something marginally legal with technology) hanging out in a field with a balloon...what are you going to do? I'd say they responded properly, driving in to check it out (probably called in), realizing it wasn't anything important, and making the people aware that they were there before leaving.
Re: (Score:2)
You're reading too much into that bit about the patrol car. Somebody saw the balloon, freaked, hit 911, meaning the cops had to check it out. They did, and quickly decided it was no big deal. Happens a lot.
Some artists I know in San Francisco decided to have some fun with colored chalk and a sidewalk. Nothing illegal about this, but somebody called 911 to report that terrorists were marking targets on the local gas mains. So these guys are chalking away, and a patrol car pulls up. Cop leans out of the car,
Re:So let's get this straight (Score:5, Funny)
"'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"
The police probably one-up'd these nerds.
Popo 1: What the fudge, those guys are launching some sort of balloon, let's check it out. .5 Hz, synchronize now.
Nerds: I smell bacon, let's wave to them in unison at...
Popo 2: Wait, wtf. Is that an albino convention... no wait they're all wearing 'Defcon' T's and khaki's. Let's get out of here before they start asking us about the number of joules my tazer outputs. Speaking of which, it just finished charging and I thought I saw a crack head down that last alley. Just wave back and let's get the hell out of here.
Popo 1: I'm with you number two, switching to yellow alert, engines full reverse, Hahahaha.
Re: (Score:2)
welll the project WAS named "warballooning" which apparently freaked someone. The police were supposedly "looking out for them" - for what infraction I dunno'. But to be really fair - they were lofting an igloo cooler like 7 miles from the local airport on one BIG ass balloon. So yeah, if I was a cop I'd have asked WTF just to make sure they weren't going to drift some C4 and nails towards the strip. Afterwards note their info and move on.
Honestly the cops probably didn't need a 911 call to want to go check
The Police just waved? (Score:5, Insightful)
Re:The Police just waved? (Score:5, Funny)
Geeks with balloons are not scary.
Re: (Score:2)
I disagree. [fitsnews.com]
Re:The Police just waved? (Score:5, Insightful)
Agreed. The statement in the summary "...the project managed to show how trusting the local law enforcement agencies really were..." infuriates me. Police are not supposed to be harassing people left and right, trying to uncover illegal or just unsanctioned activities. The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal. They acted appropriately.
I would much prefer that law enforcement err on the side of trust and friendliness. This probably means that some fraction of illegal actions will go undetected and unpunished (note that only a small fraction of those illegal actions are truly dangerous and unethical)... but that is the 'price' of freedom.
Again, I applaud the police for not flipping out when they see people engaging in activities that they don't exactly understand (but for which there is no evidence of illegal action).
Re: (Score:2)
Re: (Score:2, Interesting)
The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal.
Anywhere else in the world it could look like a school science experiment. In Vegas, especially during Defcon, it should be assumed to be a novel approach to gaming a casino.
Re: (Score:3, Interesting)
Let's also remember to mention that:
A. These people were not committing crimes.
B. The cop most likely wouldn't have the foggiest idea what they were doing.
C. Police on the street aren't the ones that track down cyber criminals, that's handled by other organizations.
Only 1/3? (Score:3, Informative)
Last weekend I made a quick 5 mile drive and found 105 systems in my average residential neighborhood. 46 were unsecured. About 25 were running WEP.
Re:Only 1/3? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
I trust my neighbors (mostly).
I trust their kids somewhat less.
I trust their kids' friends not at all.
Re: (Score:2)
Re: (Score:2)
I live in a very small farming town. I can pick up 3 networks from my house, there are 5 in town. Mine is the only secure one (WPA2). Try to explain it to anyone else and they'll say "Why shouldn't my neighbors get on my network?"
I leave mine open for that very reason. I monitor it and haven't seen anything other than casual web browsing. And in a small town, where everyone knows everyone else, it's even less likely someone will use their AP for evil.
If I was running a bank or something that needed more security, I wouldn't leave it open, though.
Re: (Score:2)
I don't even have to go outside to get a large number of samples. From where I sit (in downtown San Francisco) I get 47 wireless networks, 4 of them are unencrypted. (and of those I know two require log-ins.) Or 8.5% are open.
All of this is anecdotal. When I visit my family in Rural Middleparts 100% of the wireless networks are open (1 of 1). Meanwhile in Tokyo something close to 5% or more of networks are open. If it's that high, it's impossible to find a place to connect there because everyone has da
Re: (Score:2)
Re:Only 1/3? (Score:5, Informative)
I'm not sure if you are making a joke, so just in case you aren't, I'll point out that MAC address filtering is no security at all. Your laptop is transmitting it's MAC as part of the regular wifi transmissions so sniffing it out of the air is trivial with Kismet or Kismac. Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.
Here's an overview:
http://www.irongeek.com/i.php?page=security/changemac [irongeek.com]
For Linux, if you just want a random MAC to make yourself even more anonymous:
http://www.alobbs.com/macchanger [alobbs.com]
Similar software exists for windows (google "windows macchanger")
Re: (Score:3, Informative)
Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.
bash-3.2$ uname -a
Darwin Laptop.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh
bash-3.2$ ifconfig en0|grep ether
ether 00:11:24:d5:57:9e
bash-3.2$ sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
Password:
bash-3.2$ ifconfig en0|grep ether
ether aa:bb:cc:dd:ee:ff
It's trivial on OS X (Leopard and Tiger), too.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Really? All I have to do is wait for your MAC to get transmitted and I have it. I then send a deauth packet to your card, bumping it off the network, and then authenticate myself. Ooops, you are now wondering WTF :-) There's nothing random about the MAC I'd choose....
Harriet Island report (Score:2)
I was at Harriet Island in St. Paul, MN for the Irish fair. Whipped out the laptop, and couldn't find any unsecured AP that had more than 1% strength. ALL the other APs, all with strong signals are secured. Kinda pissed me off as I wanted to check my email.
Warballoon (Score:2)
Hill suspects that local authorities might have been spooked by the fact that he called his device a warballoon.
A slight name change sounds necessary then.. How does waterballoon sound?
Open by choice? (Score:5, Interesting)
Re: (Score:2)
Re:Open by choice? (Score:5, Interesting)
I do.
There's even an organisation around where I live/work that promotes it. It's called wippies :
http://www.wippies.com/www.phtml [wippies.com]
For a free year long commitment, they will send you a free wifi router that will run a second wifi network 'on the side' for other subscribers to use when they're away from home. There's a google map of coverage somewhere on their site, but I can't find it right away...
Re: (Score:2)
Re: (Score:2)
> but there's nothing altruistic about this subscribers-only network
Really?
It's free to join...you just have to share yours too.
Clearly it's not the same as an open network, but it's still quite altruistic, IMO.
Re: (Score:2, Interesting)
Re: (Score:2)
Dunno...it seems to be flash which wants to open another window, which I don't want it to; and can't be bothered to find another link.
However, their top level flash image seems to suggest the router costs money. Wippies doesn't cost anything, IINM.
Re: (Score:2)
Well, yes, but I have to wonder why the RIAA's search has to end at the ISP? It's common practice to do this, so their search for the culprit should continue.
However, that's no defense for the legal costs.
How did you find out what they were downloading?
And what did you want the police to do? (Score:5, Insightful)
Oh now they're too trusting?!
What do you want?!
Should they have played hardball and interrogated them, maybe arrested them and confiscated their equipment until they could ascertain they were safe so you could have a post about "out of control" law enforcement again?
Perhaps they should've called out the bomb squads ala the Mooninites bomb scare? [wikipedia.org]
I, for one, vastly prefer this response.
police just can't win, can they? (Score:2)
'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off
If they hadn't, then there would have been a story about how intrusive and incompetent the police was.
The police did the right thing: they judged correctly that there was no imminent danger and drove on. It isn't their job to try to find economic or computer hacking crimes-in-progress, and they have neither the equipm
Re: (Score:2)
Sounds good (Score:3, Insightful)
Re: (Score:2)
only 1/3 are operating a public amenity, and you think that's an "improvement"?!?
Not 'Unsecured'. It's 'Open System' (Score:5, Insightful)
802.11 APs that people refer to as being 'unsecured' are in fact broadcasting a beacon declaring them to be 'Open System'. It is right there in the spec, section 8.2.2.2 .
'Open System' means exactly that. Come on it. We're open.
This is a good thing. I don't secure my wireless LAN. I secure my computers. If people want to borrow a bit of my bandwidth, go right ahead. My neighbor does it all the time when he can't get his crappy cable internet to work.
This should be encouraged. Call them 'Open' and call it a good thing.
Re: (Score:2)
Separating guest traffic on a VLAN is a fine idea.
It's a shame that off the shelf, consumer grade wireless routers don't do it.
Re: (Score:2)
Sure they will -- at least the hardware will. The rest is just software, and that part is free.
A Linksys WRT54G from Wal-Mart, running DD-WRT, can use multiple SSIDs, with different settings and routing for each. Even the cheesy 10/100 switch built into it supports VLAN.
Complaining that "off the shelf, consumer grade wireless routers" can't do these things is like complaining that a new computer can't play Quake: They're both a fallacy. The hardware in either case is perfectly able to do lots of neat st
geeks are bringing us the police state (Score:5, Interesting)
Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.
So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.
Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.
Why shouldn't they be? (Score:3, Insightful)
Why shouldn't they be? Why should people out in the open with laptops automatically be assumed to be criminals? No matter what they were doing, odds are the cops wouldn't have to technical knowledge to make a proper judgment anyway. Suppose these guys really were up to no good, and the cops questioned them about it. "We're just playing some network video games officer."
Or is the use of a portable computer in public now considered criminal behavior?
solution to problem (Score:2, Insightful)
Log into their routers and turn the security on for them.
You know 98% of those unsecured APs also had the default password, right?
But seriously, is it now illegal to scan for networks to see how many are unencrypted???
I would say the only hint of anything illegal would be if they logged on to the networks. But even that shouldn't get the police to come and beat you.
Transporter_ii
Tempest in a Teapot (Score:5, Insightful)
You say that like it's a bad thing. Most WiFi networks are of such low power to render them effectively useless beyond a few feet of the origin of the signal. In my neighborhood with houses on half-acre to acre lots I can detect half a dozen networks. A couple are 'insecure,' but the signal is one bar in strength. Besides, I'm detecting them with my own network, so why do I want to 'steal' their bandwidth? Mine is faster. There aren't many people who want to cruise the neighborhood looking for unsecured signals so they can use their laptop in the privacy of their own automobile to surf the net. How uncomfortable is that? I surf with my feet propped up, a beer on the table, and the dog curled up at my feet.
Then there are those networks that are intentionally unsecured. The local library has a router intentionally pointed at the parking lot (Gasp!) In the downtown area every hotel is within range of an unsecured network. They even have a placard that tells you how to connect--free!
Sure, there are probably guys into taking advantage of you if your network is unsecured. Perhaps the issue is more prevalent in an apartment house or a dorm than single family residences, but I think this is more of a theoretical issue than a practical one. You can hypothesize your way to wild conclusions, but in the end, is this REALLY a serious problem?
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
I surf with my feet propped up, a beer on the table, and the dog curled up at my feet.
You let your dog sit on your table? So you're insecure AND a hick.
And the only question remaining... (Score:5, Funny)
Socially Engineering the Police (Score:3, Insightful)
They were cool and casual, and did not run from the cops. If they had stared at the cruiser with that "OMG, we're busted" look, or even worse, run away; there might have been trouble. You hear stories like this all the time--the guy who gets pulled over for a warning about going 10 miles over the limit, and he's cool and the cop never finds out he's got joints in the glovebox. Then, on the other side there's the guy who's initially done nothing wrong and ends up getting his whole car searched by dogs, and getting detained for an hour just because he acted suspiciously.
local law enforcement (Score:2)
Well, since what they were doing is totally legal, why shouldn't the local cops wave and drive off?
Thanks for the sour persimmons, cousin. (Score:3, Insightful)
.
and the next time the geek pulls some damn full stunt in Vegas will the cops be so warm and fuzzy?
Meaningless figures (Score:4, Insightful)
Stories keep getting posted about the number of networks which are unsecured like it's some kind of problem. The vast majority of those networks are SUPPOSED to be unsecured. They're probably open networks designed for free public use - like the ones you get around New York parks which have been installed by Google or the hotpots in coffee shops such as Starbucks.
In the UK, all BT Openworld public access hotspots are unsecured as well. You can't actually use them though, unless you log in as they have an HTTP intercept until you log in.
Unless they can differentiate between intentionally open public hotspots in Starbucks (etc) and unsecured home access points in naive people's houses, then any figures are totally meaningless.
Re: (Score:2)
I have thought about opening mine up, but the problem is that all of my desktop machines are wireless and I have the thing configured to only accept configuration stuff on the wired interface. As a result I have used the same old WEP key for the better part of 6 years.
I'm a bit lazy about my wireless for the same reasons he argues to open one.
Re: (Score:2)
The difference is, when he hirs his $1000/hr lawyer to defend him from accusations of transmitting child porn, because someone uses his wifi, his reputation as a security researcher will give him a lot of credibility in his opinions.
you and me? not so much. we'd get stuck proving it wasn't us, inspite of the general case of 'innocent before guilty'. by the way, your name would all ready be in the local paper as being involved in child pornography, your name would be attached to sex-offender lists and you wo
Re:cops just waved (Score:5, Funny)
"That's the most pathetic complaint I've heard in a very long time. Go to North Korea, assholes, you can get your police state fix there."
That would be no fun without good connectivity. What good is a police state if I can't rant about it online?
Re: (Score:3, Insightful)
"wtf are you talking about? korea has more fiber backbone than the US. Its government funded much so like land lines and telephone poles are here. I know a few korean gamers as well after playing gunz online a bit. Like the #1 fps I bet even more hacked/modded than quake."
You don't know the difference between North and South Korea.
Are you an American?
Re: (Score:2)
He plays Gunz, so it's quite likely he's a 12 year old.
Re: (Score:2)
The most entertaining part was when the cop car showed up, they all waved at the cops, and the cop car drove away. Had the intent been bi-directional communication, it would have been kind of hard without a much more stable platform, I'd imagine. But even in a listen-only Kismet setup, 170 networks, 1/3 of which are open is pretty significant.
Re: (Score:2)
Re: (Score:2)
Bullshit.
No matter what you think could happen either it's impossible or a number of the people reading your comment have already considered it and dismissed it.
Anonymity is not hard to come by on the web.
Hack any old WEP network and bounce through a few VPN's and proxies located in different countries which don't keep logs and the only people who are gonna be tracing you have magical powers and travel around in a truck built from unobtainium.