Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Technology

Disney World Goes 802.11b 250

LighthouseJ writes "Over at CNN they report that Disney World in Florida has a 47-square mile 802.11b wireless LAN through the park with 200 access points. The move comes after visitors complaints that they couldn't use credit cards at every place in the park. Plus, it allows "cast members" to offer guests goods and services anywhere, not restricted to where the credit card machine is at. The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support sees this as a valuable technology, citing mobility and flexibility as the main reasons for the switch. Khan goes on to say that the system is protected by a 128-bit encryption scheme and software installed to detect intrusions. When he was asked if visitors will have access to the wireless network, CNN quotes him to say: 'We need you to come to the park and enjoy the park,' he said. 'If we start opening Internet cafes, you won't do that.' He's a smart man." So, running AirSnort wouldn't probably be the best idea? *grin*
This discussion has been archived. No new comments can be posted.

Disney World Goes 802.11b

Comments Filter:
  • How long will it be? (Score:2, Interesting)

    by D3 ( 31029 )
    Before they get cracked and decide this was not a good idea?
    • by ackthpt ( 218170 )
      I wouldn't bet my credit card number on it not being cracked, but at the least they do seem to be thinking forward on security, by detecting attempts to access their network.

      If you were planning to crack a network and steal purchase information, there's easier places, like dumpster diving, as I still see the occasional receipt with full number and expy on it blow down the streets with other stray litter.

      • With the electronic transactions that we have nowadays, you're going to see less and less of that sort of thing being possible. They're going to resort to snooping WLANs like Disney is setting up if they can. Sad thing is, they claim it's 128 bit encrypted- is that WEP or IPSec? If it's WEP, they might as well be broadcasting in the clear.
        • Something Disney or anyone else can do, is sell cards with a certain amount of credit at the park, similar to phone cards. I've received a few of these in lieu of gift certificates. Up to now Disney has issued their own money for use in the park, this would appear to be a minor change, then once the cards are exhausted they could be collector items, with various themes on them, like they do with the money. Sometimes better security is just a matter of a slight change in practice.
          • I could see a "Disney" card where you can charge it up w/Cash value and use it like a credit card- with the ability to get a cash refund/credit for anything not used when you leave the park. Otherwise, it's no different than those gift cards Wal-Mart, Target, etc. are selling.
  • If they only have WEP, I won't spend a dime there. But I bet they are not dorks, they probably have everything done over a real encryption scheme
    • Yup. Ian Goldberg gave a very interesting presentation on cracking WEP [blackhat.com] at BlackHat Vegas this year. None for me, thanks.

      I'm inclined to agree with you that Disney couldn't possibly be dumb enough to rely on WEP alone, but then I wouldn't have thought ETrade was stupid enough to put their login credentials in a cookie vulnerable to cross-site scripting attacks [securityfocus.com] either.
      • According to the presentation the conclusion was that brute forcing WEP keys was _not_ feasable. They concluded it would take >200 days to crack a 40bit key, the attacks against weak ICV's claim to succed in 24-48 hours depending on data flow. If you use equipment that doesn't have the ICV problem and you use WEP correctly you can be relativly safe.
        Granted there are attacks against WEP, but they are _trivial_ to defend against if one knows what they are doing. I think Disney probably employs a few network security engineers and consulted with the big boys before they deployed this.
        All those who keep claiming that 802.11 is insecure
        a) don't really know what they are talking about
        and
        b) are repeating some other chicken little's BS

        WEP can certainly be deployed insecurely, and by default will keep out a determined enemy for less than 2 days, but that does not mean 802.11 cannot be deployed securely. If you use the right hardware and configure it correctly 802.11 is as secure as a wired LAN. Add to that some type of VPN and it's probably more secure than most wired LAN's.
        • Good points. I'd forgotten that the decryption vulnerability is based on the assumptions of weak IV generation and a fixed keystream. My apologies - it's been a while since July ;)

          If you use the right hardware and configure it correctly 802.11 is as secure as a wired LAN
          I think this is what you meant, but "correct configuration" in this context generally means walling off wireless portions of the network in the same manner as you wall off the internet. By treating the 802.11 segment(s) as potentially insecure, you can maintain your overall security posture.
          • Although many designers are now treating 802.11 networks like the Internet it is not strictly necessary, or always a good idea. Whether you treat your WLAN as untrusted depends on your security policy, but putting it in your DMZ and using VPN to your LAN is not always a requirement because it is actually possible to configure the WLAN itself so that it is secure enough for most environments. Of course, some companies run IPSEC over regular LANs so security is always relative.
  • by nll8802 ( 536577 ) on Wednesday November 28, 2001 @11:27AM (#2624909) Homepage
    How long before that network is comprimised. In a matter of days People will probablly know what websites Mickey has been to (www.nakedmice.com) or what Mickey purchases online. (Probablly Real Dolls )
    • Re:I want to know... (Score:3, Interesting)

      by Fesh ( 112953 )
      Compromised? How long until somebody drops a jammer in a trash can? Talk about pissed-off customers.

      'Course, I'm totally clueless about the jam-resistance qualities of 802.11. I suppose that it's actually pretty hard to disrupt the signal with interference, otherwise it wouldn't make a terribly good wireless protocol...
  • by pres ( 34668 ) on Wednesday November 28, 2001 @11:28AM (#2624910)
    There are things the user could use besides surf the web. For instance, a little app on your wireless device that let you check the length of lines at the rides, the reservations at a restaurant etc.
    Still, just as is, it is cool.
    • by Mondrames ( 242558 ) on Wednesday November 28, 2001 @11:32AM (#2624947)
      A realatively inexpensive device (solar maybe) for the kids' shirt. You lose your kid? Go to the security desk, and they can find what AP your kid is closest too.

      Also could be used to collect better metrics on which Guests prefer which attractions. Like Slot Club cards at casinos. Maybe you can get perks if you blow a lot of money in the gift stores (Glass Castle anyone?)

      I'm sure there's other uses too.
      • A realatively inexpensive device (solar maybe) for the kids' shirt. You lose your kid? Go to the security desk, and they can find what AP your kid is closest too.

        They have similar things already in use in theme parks. A water park I went to last summer had a system where you would check out a transmitter for each family member, on a wristband like a watch. You could take your transmitter to a viewing station and it would pinpoint on a map where the other members of the group were. So the kids can go off on their own and the parents can still keep tabs on them, or large groups don't have to wander around looking for each other. Pretty slick, IMHO.
      • > A realatively inexpensive device (solar maybe) for > the kids' shirt. You lose your kid? Go to the
        > security desk, and they can find what AP your kid > is closest too.

        %shell%: ping johny.doe.disneyland.disney.com
        ping: unknown host johny.doe.disneyland.disney.com

        "ah... Mam... We have a problem..." :(
      • Hmmmm... They may already have this... They have these pins [go.com] that light up during parades, fireworks shows and certain attractions. I would figure that they work on some sort of timer, but maybe they're 802.11 devices.
    • by jmauro ( 32523 ) on Wednesday November 28, 2001 @11:40AM (#2624981)
      I don't think that you can surf the web. Just because they use Ethernet and IP does not mean that they are connected to the Internet at large. Taking into account that this system handles lots of credit card orders (even encrypted) it would make more sense if the entire system was on its own isolated network.
      • Oh,

        you mean a wireless isolated network...

        wireless as in broadcasted ?
        that + isolated is quite a nice one 8)

        Encrypted as in "please hack me, cos I'm full of family card codes and serialz" ?

        Oh, isolated as in "no internet connection".

        Yes ! an isolated broadcasted encrypted credit card numbers cahoot !
        in a place full of "teenagers" that could try to snort & hack...

        Possibly using a Palm VII (or wireless Pocketpc) to catch and forward the packet...

        Oh God, I think I'll try and take a vacation. possibly in Orlando 8)

        Why ain't I 15 !?!
      • The article I read doesn't mention anything about IP. While it's probable that they are, they could be using another protocol other than IP.

        Hmmm... SNA would be cool :p
    • See, that's why I don't understand the resistance to making this technology available to customers. You charge an exhorbidant rental fee for one of these things, make sure it's well set up and easy to use and you're in buisness. It would be nice to have a way to tell when the line for space mountain is really short. I'd appreciate a searchable restaurant database with the ability to make reservations. Or howabout we sling a GPS device into it and let the damn thing give directions? If you've ever gotten lost in Disney world you know what I'm talking about.

      Lots of people collect "character" autographs (yes really), it wouldn't be hard to have these devices tell you where characters are in the park. The commercial applications of this are simply astounding... the only reason I can think of for Disney not utilizing it is the fear of someone breaking the system. To me, that says the security is sub-par.
      • ... the only reason I can think of for Disney not utilizing it is the fear of someone breaking the system. To me, that says the security is sub-par.

        I'd have to disagree with that. Running some sort of public access network on the same wireless segment you are doing credit card authorizations on would be silly.

      • the only reason I can think of for Disney not utilizing it is the fear of someone breaking the system.

        But if that's the case, why are they allowing credit card numbers to go through it? Anyways, great ideas. The character seeker would be HUGE.
    • For instance, a little app on your wireless device that let you check the length of lines at the rides,

      Hey, my GPS can do that! And considering ±3 metres with the length of the usual line, that would produced a reasonable degree of accuracy. It would be pretty cool to spend a day at D/World or D/Land with a GPS tracking you around like Billy of Family Circus (BTW, there's a couple good spoofs of F.C. in the latest Bizzaro [bizarro.com] collection.)

      Still, you need something to do while standing in line at these parks for 40 minutes waiting to get on a 30 second ride.

      "Look, mummy, is that man tying calculators together?"
      "No, Bobby, he's a creep trying to crack the 802.11b network and 128bit encryption and steal our credit card info to sell to bin Laden"

    • Great idea, except most wireless devices (PDA's etc) don't use 802.11b.
    • Because as far as I know at Disney's, they don't wanna let you know how long their lines are sometimes, they use specific techniques to hide that, for instance the scary Alien thingy, you got like 3 halls before it where you get to wait in groups, so it looks like yur already on the ride, but it's basically a glorified queue :)
    • If I've already paid admission, and can't get knick-knacks and food from anywhere but their shops, why should Disney care if I come for the attractions, or the Wireless?

      After I've bought my ticket, I'm IN the park. IIRC, the rides don't cost anything but time after that. I'd much rather check tomorrows weather on my Pilot, plan out my next day at Epcot while in line at Magic Kingdom's Pirates of the Carribean, and just shoot out a quickie "Wish you were here" email over lunch, than have to wait until I get home to do these things.

      It's not about 'enjoying the park'. It's about the cost of providing the additional service. It's always about the MONEY. This is DISNEY people.. They have a Copyright on FUN, remember?
    • by Christopher Bibbs ( 14 ) on Wednesday November 28, 2001 @02:27PM (#2626052) Homepage Journal
      Disney already has a system in place called SmartPass which allows visitors to "reserve" a place in line so they can go off and do other things (shop) and come back later without having to wait in a huge line. They also get the added benefit of knowing which rides you went on and where you were shopping before hand (your park access card is your room key, park ticket, SmartPass, credit card, Big Brother device, etc).

      I won't get into it because it's to OT, but they also have biometric scanners at the gates for season pass holders (no privacy policy, 'natch).
  • by Anonymous Coward
    Sweet! Streaming porn while you whirl till you hurl!
  • I got out of the US Army last year and my last duty station was in Italy. I worked at the General Staff level and used my government credit card to pay for many dinners with visiting VIP. Imagine my surprise when paying for a dinner the restaurant owner brought out a wireless credit card machine. And this was a year and a half ago.
    • It's a lot harder to do something for 150,000 people at a time than 150.

      It's not just a matter of buying 1000 whatevers that worked for the guy doing it for 150.

    • And this was a year and a half ago.

      I think the point of the story is that Disney is using tech you can go buy down at Circuit City.

    • There's many places in Europe, companies - especially courier services etc. - use either wireless LAN enabled credit card machines, or GSM based ones, depending on the range they need to cover. It's been quite common for several years.
    • Old stuff (Score:3, Interesting)

      Residing in europe for some time now (hmm, since I was born ? 8) I can tell you this is old stuff.

      Every (most) credit card are smartcard for 15 years in France. The credit card machine is in fact an autonomous code checker. It won't transmit your code on the air, but check it locally, then make a confirmation number that encrypt the acceptation code and your card references.

      this number is either send remotely for acceptation by the central bank computer (above $500) or just locally accepts if the amount is small.

      thoses devices existed before in Infrared transmission, and now use local radio link.

      This allows a faster and more secure way than just the stupid magnetic strip...

      Hoping to read from you 8)
      • by pi_rules ( 123171 )
        If I'm not mistaken one of the engineers of the system tried warning the French government that it was possible to make a smart-card that could be fake; ie: not really "filled" with real money. Nobody would listen so he finally made one, bought some subway tickets and mailed them to the government proving that it could be done.

        Then they threw him in jail for stealing the subway tickets. Anybody else remember this or have more info on it?
  • Whoo hoo! Not only do you probabaly get a monster connection to the internet, but you could probably get on it really easy considering that wireless ethernet has almost no access controls.

    You know, some people go to Disney World to meet Mickey Mouse, others go for the rides. I think I'll go for the killer Quake III experience ;)

  • by rekoil ( 168689 ) on Wednesday November 28, 2001 @11:31AM (#2624939)
    or at least, if it /is/ an IP network, each device will be a VPN client. I would presume Disney has enough money to hire people smart enough to not depend on WEP for security.

    Then again, larger companies have done dumber things...

    -C
    • true, if they were smart, they could have their own proprietary protocol made up and have all the systems use that. thatway no one can bring a powerbook or Dell laptop with wireless access to hack the system since the protocol would not be supported. then Disney could let people rent all those cool little devices to help navigate the park.
      • All you need to do is monitor the ethernet frames or whatever else is coming in on the RF modem. All using a goofball protocol does is ensure that script kiddies don't get in on first base of hacking the net.
        • isn't that who they have about 90% to worry about?
          also, it would allow them to come up with some realy cool stuff built into the protocol, and perhaps even before the connection can be granted, the device has to be authorised to communicate by a central server based on a name. if some one tries to hack it , an alarm can sound and a built in locator can give security the persons location. creating their own Protocol can reduce risk a tramendus amount and let them add nice fetures that you could not get in IP.
  • by sluggie ( 85265 ) on Wednesday November 28, 2001 @11:40AM (#2624978)
    "We need you to come to the park and enjoy the park"

    Imagine your laptop in one hand, some candy in the other one and getting chased by 23 security officers running over and knocking down mickey and his fellows...

    I'm sure this scene is going to make it into "password: swordfish 2"

    this sounds like a big heap of enjoyment to me ;)
  • headlines (Score:2, Funny)

    by josh253 ( 32868 )
    2 million credit card numbers stolen from disney world by 12 year old with laptop...
  • Hmmmph. (Score:4, Offtopic)

    by dcigary ( 221160 ) on Wednesday November 28, 2001 @11:43AM (#2624997) Homepage
    Proof positive that the Slashdot editors only accept posts from people that they like. I submitted this on the 18th and it was rejected even before I could do a screen refresh.
    2001-11-18 18:41:49 Disney's Wireless Magic Kingdom (articles,news) (rejected)
    God, I love the smell of burning Karma in the morning....
    • Do what I do, once you are about to submit, copy the entire article you are about to post, submit it, then put it in your journal [slashdot.org]. You can't forge the time and date on those, so it brings your point home even better (I already have an article in there that I was rejected on, then someone was accepted a day or two later).

      My theory isn't that they only accept from people they like (I'm rejected all the time, and in the hof for submissions), its the author that reads it and finds it interesting. Something Hemos finds interesting might be something michael hates. So look at the "science" section (usually michael with a sprinkling of timothy), and try to write articles similar so michael will accept you.
      Just my personal theory.
      • Re:Hmmmph. (Score:3, Offtopic)

        I completely agree with this theory. I've noticed that timothy tends to post the sort of stories that I'm interested in. It's only natural that the authors will pick the submissions that interest them, and throw the rest in the bucket.

        This points out a possible flaw in the /. authors' process. Perhaps instead of accepting/canning story submissions, authors should accept only and leave the others in the inbox. If nobody else accepts a story within 3 days, it automatically goes in the bucket. If michael cans a story, Hemos isn't going to be able to accept it any more. If it's submitted again the next day, maybe it will get lucky and Hemos will see it before michael, but you never know.

        • Or an option on submitting (checkboxes?) on which authors you are submitting to (or what authors you don't want to submit to).

          That way I can submit to Taco, Hemos, or Timothy, and avoid michael and JonKatz.

          It's a crapshoot on which of the three it will get to, and it could cause someone to get backed up with too many submissions, but I think it is worth trying...
    • Re:Hmmmph. (Score:1, Offtopic)

      by Legion303 ( 97901 )
      You have to Slashdot Slashdot with submissions. Resubmit at a different time of day if the first one was rejected.

      -Legion

      • I've found that everything I submit has somebody else's version (usually a /. staffer) posted within three days, but with fewer links and/or less cogent commentary. I just content myself with the knowledge that I was first and better.
  • Hacking it (Score:4, Interesting)

    by Syberghost ( 10557 ) <syberghost@@@syberghost...com> on Wednesday November 28, 2001 @11:43AM (#2625003)
    They say they have "software" that detects intrusions. That doesn't seem to imply much about tracking you down to the square foot.

    OTOH, I don't recall ever seeing a laptop, so you'll stick out like a sore thumb unless you're in the bathroom with a PDA.

    They do search bags currently. ALL bags, even diaper bags.

    Also, there's an active Linux community among their IT people. There are definitely pockets of clue there, and it's likely that would extend to their IT security people as well.
    • by Scoria ( 264473 )
      So hide the PDA in a dirty diaper. "WHOOOOO! You can pass," said the security guard. :)
    • by DiveX ( 322721 )
      >They do search bags currently. ALL bags, even diaper bags.

      Maybe, but not very well. For the past three of the four times I have been there since Sept 11 (my girlfriend and I have season passes) I was able to walk around the security stands without even being noticed. I cannot, for the life of me, figure out why they search the bags, yet do nothing to search the person. A couple of shootings at Disney would demoralize the US more than shootings pretty much anywhere else. An entire AK-47 can be broken down into pieces that fit in a pants leg or under a large sweatshirt. Everything of destructive power that is carried in a bag can be carried on one's person. Thay are pretty clueless about technology anyway. I often take in my nightvision scope (a lot of neat things to see in Space Mountain, Spaceship Earth, and Pirates of the Caribean) and didn't even get a second look yet they made me disassemble my Camelbak water pouch. I don't know if they would stop a laptop or not. One can claim it is for download pictures or showing Disney DVDs to the kids at dinner when they get tired and cranky.
  • by lumpenprole ( 114780 ) <lumpenprole@nosPAM.gmail.com> on Wednesday November 28, 2001 @11:45AM (#2625009) Homepage Journal

    Because I'd hate for wireless Mickey 2001 to start picking up air traffic chatter

    Hi kids! I sure hope you enjoy the RED LEADER, RED LEADER THIS IS TANGO ONE. and make sure to visit our LOCKED, COCKED, AND READY TO BURN TANGO ONE, WHAT'S YOUR STATUS?

    And hey, under the recent terrorism bills wouldn't that qualify Mickey as a terrorist? There's be a trial to top OJ.
  • by pi radians ( 170660 ) on Wednesday November 28, 2001 @11:45AM (#2625014)
    Not another wireless mouse!

    Ba-dum-pa-chi! Thanks folks, I'll be here all night!
  • by Tweezer ( 83980 )
    The article doesn't mention if the entire 802.11b network is run over a VPN. If it's not I'm sure it wont be too long before we all find out.
  • by Jason Levine ( 196982 ) on Wednesday November 28, 2001 @11:49AM (#2625036) Homepage
    While on my honeymoon in DisneyWorld this year, my wife and I took quite a few of their Behind the Scenes tours. On the Epcot one, we found out why Disney will most likely never let people have 'Net access in their parks. (At least not in public places.)

    Our tour guide said that they actually did have a kiosk there a few years back that let people browse the web and check their web-based e-mail. He checked on the kiosk once and found that some pervert had left up a XXX e-mail and changed the wallpaper. He wouldn't elaborate on what it was, but he said it shocked even him.

    Luckily for them, they were able to remove the offensive material before anyone noticed. Still, as a place that bills itself as "family-friendly," they simply can't take the risk that it would happen again (and more high profile).

    Our tour guide kept the possibility open that they would resume 'Net access with some types of safeguards against this, but no safeguard is 100%. Public Internet access is just not a high-priority item for Disney. (Believe me, there's so much to do at Disney World, that you won't have time to browse the Net.) The PR risks of another abuse far outweigh any customer gains.
    • I've been there multiple times over the course of the year (annual passes are great things) and I remember the kiosks the guide was talking about. They were still up the last time I was there, but they were whitelisted. Meaning that only the websites that Disney had approved were allowed, anything else not on their list was automatically blocked. The whitelisting seemed to work quite well. Interestingly enough, Slashdot was readable, so I guess someone in the Internet department at WDW likes his news for nerds.
    • by Rogerborg ( 306625 ) on Wednesday November 28, 2001 @12:04PM (#2625101) Homepage
      • Our [Disney] tour guide said [...] some pervert had left up a XXX e-mail and changed the wallpaper [on a public terminal]. He wouldn't elaborate on what it was, but he said it shocked even him

      Probably some of that sick, perverted, Godless Pixar stuff. ;-)

    • "(Believe me, there's so much to do at Disney World, that you won't have time to browse the Net.)"

      I wouldn't mind being able to browse the Net while standing in line. Hell, even surfing through a white-list filter would be better than nothing.

    • (Believe me, there's so much to do at Disney World, that you won't have time to browse the Net.)

      And here I am thinking that the best way to while away those 1-2 hour waits in line for all the most popular attraction would be with Unreal Tournament or Q3Arena. If lag became an issue because of the sheer number of devices and users drawing bandwidth, you could always play something turn-based, like CivNet.
    • Don't assume that just because you were never bored, ON YOUR HONEYMOON I might add!, that nobody else is never bored either, or never has other reasons to remain connected. Besides the obvious down time in lines, at meals, etc., there's the fact that some people have older relatives near death, younger relatives near childbirth, etc. You can't put your life on hold, and carrying celphones everywhere is not always an option.

      As for the kiosk abuse, that's completely irrelevant when you're talking about people using their own wireless devices. Think anyone is going to leave an expensive laptop or PDA lying around? If they keep it with them, then it's easy to identify the person responsible for the images.
  • by SkywalkerOS8 ( 398450 ) <brian@noSPAm.jaxzin.com> on Wednesday November 28, 2001 @11:50AM (#2625043) Homepage Journal
    Only about 35% of the 47 square miles owned by The Walt Disney Company in Central Florida is developed. I highly doubt they went through the expense of creating a WLAN cloud that covers marshland. I doubt that even the hotel resort properties are covered either. It probably only the 4 theme parks, the 3 water parks, Downtown Disney and maybe Fort Wilderness near Pioneer Hall. That drops the square mileage significantly. Even with the hotel areas its only a fraction of 47 square miles. I really hate bad reporting.
    • As per another one of my posts.. I noticed that they had this network over a year and 1/2 ago, it may have only been in testing then.. or perhaps they just didn't want to advertise it until they worked out some security issues..

      But.. it did cover the hotels. The nice thing for us about this is that you don't have to worry about sneaking a laptop into the park if you are staying at one of the hotels.
      Infact, it was at the hotel I originally noticed it as I was glacing around waiting for my bus :) There was an antenna coming from a amplifier connected to a wireless card coming from their cash register. :)
  • by Bonker ( 243350 ) on Wednesday November 28, 2001 @11:52AM (#2625053)
    By definition, any given network is crackable. It's just a matter of time, right?

    Here are some exploits that we can be sure of seeing in the future:

    1. 'It's a Small World' animatronic dolls reprogrammed via wireless network to share their cultural feelings via a massive animatronic orgy of all nations.

    2. Michael Jackson's "Captain Eo 3D" video replaced with low-quality MPEG of a video taken of what really happened at Macaully Caulkin's last birthday party.

    3. Ride Space Mountain during DDOS season? Only if you're feeling suicidal. You never know when that modified Nimda worm is going to kick in.
    4. Parade of Lights all flash in sequence to spell out "L33+ X1DD135 OWNZ JOO DIZNY"

    5. Animatronic Abe Lincoln now shouts, "Beefcake. BEEFCAKE!!!!"
    • I think I'd rather try stealing from DeBeer's, Fort Knox or the Mafia or something much less dangerous to my health...

      Have you ever been stuck on the Small World ride when the little boats get backed up? Ten minutes is what they do to the people they like (customers). Imagine how long you'd be strapped into the boat if they're catch you hacking? *shudder*
  • by GiMP ( 10923 ) on Wednesday November 28, 2001 @11:54AM (#2625065)
    I took note of their network over a year and half ago when I went there with my Highschool senior class.

    I noticed the cash registers were connected to an 802.11b network.. also, I spotted some computers as well.

    I didn't have an 802.11b card at the time, and my only laptop had suffered a terrible accident.. so I wasn't able to do any 'diagnostics', but I thought it was interesting. Maybe next time I'll bring my PowerBook /w 802.11b card and go to work.

    See, you don't need to worry about getting into the park with your laptop.. Because this also extends to their hotels and probably their on-site buses as well.
  • by acroyear ( 5882 ) <jws-slashdot@javaclientcookbook.net> on Wednesday November 28, 2001 @11:55AM (#2625070) Homepage Journal
    Disney could eventually use this to lead to a 100% cashless park (increasing patron safety in the long run -- less need for cash might lead to less to gain for purse-snatching).

    Yes, we all agree that this network may be risky for transfering credit card info around, but they could over time move to a "disney dollar" card, where you pre-load the disney card with your credit card as you enter or on the phone or whatever, then use that disney card within the park grounds to buy whatever. Disney can then provide insurance against fraud against that card instead of worrying about being libel against Visa and AmEx in the case of number theft over the airwaves...

    The other advantage is that Disneys own systems could authorize the sale over the Disney card instead of having to send out to a Visa/MC/AmEx authorizer off site-- it would be considerably faster that way (since the system could be built up front to support the average # of visitors on site), especially during holiday seasons...

    Just a thought...

    • The park is pretty much cashless if you stay at a Disney hotel. You can use your hotel card to charge stuff anywhere and get the combined bill when you check out.
    • The last time I was in a Disney Store I noticed that they sell gift cards, accepted only at Disney Stores, that you can load with any amount up to $500. (These are similar to the ones most major chains sell these days, from B. Dalton to Target.) I forgot to ask whether they were accepted at the parks, but it wouldn't surprise me, since in some ways Disneyland is the world's biggest Disney Store.

      It doesn't seem like it would be that difficult to adapt the cards to the technology. In fact it would make some things easier -- include a card on the back of each Annual Pass, for instance, and the passholder would automatically get their 10% discount on park purchases, plus they'd be more likely to store money on the card (which of course could only be used to buy stuff from Disney).

      As good as Disney is at extracting money from patrons, this seems like a natural for them.
  • by Quizme2000 ( 323961 ) on Wednesday November 28, 2001 @11:55AM (#2625073) Homepage Journal
    They should rent out wireless digital cameras, whenever a pic is taken its upload via 802.11 and before they leave the park, the got prints of the family vacation.
    Also a previous article said it would be used to play music around the park based on location. IMHO, kinda of a waste for just CC's.
  • The article doesn't say they are using tcp/ip. Doesn't look like it has internet access either. Probably requires some sort of username/pasword combo (possibly built into the devices) to log on to the LAN. If the encryption is properly implemented (a big if) it could be very secure.
  • by Orne ( 144925 ) on Wednesday November 28, 2001 @12:17PM (#2625165) Homepage
    Since you posted that AirSnort link, I was curious, so I popped over to sourceforge and downloaded it. Part of their documentation says: "For a key length of 128 bits, this translates to about 1500 packets." then it goes on to describe how you can search for certain constants (starts with 0xAA, etc) within the packet to see which random keys were successful. Interesting stuff, and definitely a clever way to decode: thanks to flaws in the logic, every bit rate can be reduced to 8-bit encryption.

    However, once you've collected your packets and broken the key, you now have a decoded packet. Well, what does that mean? You have the framing information (packet length, header) and the message body (which is just raw data).

    I'd bet a 7-day park-hopper pass that the data in the packet's body is encrypted a second time with a more reliable scheme. If there's one thing Disney knows how to do well, its make money, and they can't risk the bad PR for this to foul up.
  • who dunnit? (Score:3, Informative)

    by headwick ( 247433 ) on Wednesday November 28, 2001 @12:30PM (#2625224) Homepage Journal
    "The man responsible, Murshid S. Khan, Director of Telecommunications and Technology Support"

    I graduated UCF with my Computer Engineering Degree in 2000. For our senior design projects, Disney came and solicited us heavily to work on their projects. Free labor, helping a poor college student out with an idea, free labor, did I mention free labor. This project along with several others were mentioned. My comments regarding network security concerns were treated as pessimism. Needless to say I did not lend my time for Disney's free labor.
  • More info to be found at http://www.computerworld.com/storyba/0,4125,NAV47_ STO65816,00.html . They mention that it involves "128 bit encryption", which certainly leads one to think 128b WEP, but remain cagey about further security- I'll vager VPN. One thing that did catch my eye was the guest tracking. They propose the innocuous example of insuring guests have all returned to a cruise ship- but I think that sets a dangerous precedent...

    Anyone else see Westworld/Futureworld? ;)

    Thermowax
  • People really have no clue about how to secure wireless networks.

    I'm sitting here typing this while I wait for Jim "Open Source is Un-American" Allchin to deliver the keynote at the Windows Embedded Developers Conference. I have already found one guy on the un-WEPed 802.11b network with his C: drive mapped as \\steven2\c
  • While working for the rat-king a number of years ago, I went to lunch in the cafeteria under the magic kingdom. I walked in and saw Snow White, in complete costume and makeup, sitting on her boyfriend's lap smokign a cigarette.

    Maybe Snow can start start taking credit cards to turn tricks in the alleys of main street. :-D
  • There's no way that Disney wouldn't take network security VERY seriously for this project. Although it does make me a bit nervous they placed so much emphasis on the 128-bit encryption.

    I tcpdumped about 10 megs of data snarfed from the most wirelessly connected university in America, and besides broadcast queries for NT servers and floods of IPX SAP frames coming from network printers, the *only* packet of interest I got was the output of a finger some guy ran against his own OpenBSD box on campus. And I later found plenty of security-related posts from this guy on usenet, too. How's that for irony?

    I went home and reviewed web pages describing their security infrastructure due to the weakness of 802.11b, and it was very intense. Beyond Kerberos. If Disney's doing this specifically to mobilize credit card readers, I've gotta say that wireless has been weakened long enough for them to not have any excuse to do it right.

    Not to mention, with IBM's Tomorrow World being such a big hit in Epcot (and Disney closing DIG, their Internet venture), I'm SURE we had something to do with their planning and deployment. And I totally agree with the others who have said that enabling wireless PDA's such as line checking, maps, and restaurant reservations.
  • by British ( 51765 )
    Great, instead of war driving, people will be doing war riding on "It's a small world after all".
  • The inevitable consequence is that the network will be very insecure, so let us mess with the lyrics:

    "M-I-C-K-E-Y...

    Why? Because w3 0wnz0r j00!!!!"

    Well, it is a lot easier than saying "because 802.11b doesn't specify encryption at the physical level".

  • In Epcot, the small souvenir stands all had what looked like paper towel tubes wrapped in wire. Those were the 802.11 antennas, but they were there for over a year.

    In Disney/MGM, some popcorn and hotdog stands still couldn't take charge cards as of last week, so I guess it's still being rolled out.
  • I don't know about everyone else but when I went to Disney World a few years ago I was dying for Internet access. I had not bought my laptop then and looked everywhere for someplace to log onto the Internet while I was there. I have to be connected where-ever I go and if Disney had an Internet cafe, even if the price was expensive (like everything else), I would have used it no doubt.

    Anyone else feel this way or am I just too big of a geek? :)

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...