Kevin Poulsen, SecurityFocus 2003-07-03
Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether.
Colapse all |
Post comment
Study: Wi-Fi users still don't encrypt
2003-07-03
Richie (3 replies)
Richie (3 replies)
Study: Wi-Fi users still don't encrypt
2003-07-05
Anonymous
Anonymous
Not quite the same thing. It's more like using one of those nifty microphones with a dish to easy drop on your neighbors who you would normaly not be able to hear. Or using a scanner to pick up cordless phones, or baby monitors... etc If you can sniff data packets with your nose with with out a exte...
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-06
Husamettin
Husamettin
I dont think you are complately true about eavsdropping. Basicly it(eavsdropping) is done by the help of a tool. But in general in real life when you hear some one by change it is called overhearing on the other hand when you intentionally try to listen either by the help of a tool or not it is call...
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-06
sw1val (1 replies)
sw1val (1 replies)
"There were huge signs throughout the place saying AirDefense is monitoring all conference traffic."
So if I put a sticker on the back of my laptop that say "monitoring all conference traffic" does that make it ok? I'll even be willing to slap a couple on the side of my car....
[ more ] [ reply ]
So if I put a sticker on the back of my laptop that say "monitoring all conference traffic" does that make it ok? I'll even be willing to slap a couple on the side of my car....
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-07
Jay
Jay
Regarding home users not encrypting: Most don't, but in all reality, most don't need to. Yes, it would be horrible if their pesonal information on their PC were compromised, but they just don't think of it...hence not doing it. It's all about what you're willing to risk... and the lengths you'll...
[ more ] [ reply ]
[ more ] [ reply ]
AirDefence is Monitoring
2003-07-07
Pete (1 replies)
Pete (1 replies)
Do you think that putting notices out that "AirDefence is monitoring all traffic" portrayed some sort of false sense of security for the people?
Therefore your results could be invalid....
[ more ] [ reply ]
Therefore your results could be invalid....
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-07
j3wlz
j3wlz
Oh well, sucks for the naive/ignorant people who use Wi-Fi/Wlans. People just don't take security seriously *tisk tisk*. Sure, ireless networking is fun and you don't have to worry about all the cables and wires. But is it really worth it all in the end? I'll stick with the cables and wires ;)......
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-07
Michael Sierchio (2 replies)
Michael Sierchio (2 replies)
The problem here is how we as security
professionals have managed the message. Users
generally regard WEP as worthless, primarily
because of the reported results of Ioannidis,
Rubin and Stubblefield in recovering WEP keys
with 2 hours of passive listening via the
Fluhrer-Mantin-Shamir attack....
[ more ] [ reply ]
professionals have managed the message. Users
generally regard WEP as worthless, primarily
because of the reported results of Ioannidis,
Rubin and Stubblefield in recovering WEP keys
with 2 hours of passive listening via the
Fluhrer-Mantin-Shamir attack....
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-08
Anonymous (1 replies)
Anonymous (1 replies)
Not quite. The fact that WEP was compromised fairly quickly by "professionals" CLEARLY makes it unsuitable for most business uses. Even if it does take some skill to crack WEP, you would be sued for negligence, if not fired, for relying on it for security when it is known to be breakable. No one is ...
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-09
Chris H
Chris H
Hahaha.....Sued for negligence, thats a good one. How many network admins have been sued or fired for using IIS or Apache?? both of which have well known flaws that can allow full system access.
Security is about risk assessment and mediation, iow how much risk are you willing to assume?...
[ more ] [ reply ]
Security is about risk assessment and mediation, iow how much risk are you willing to assume?...
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-10
Anonymous
Anonymous
Yes, the 80211conferce SSID that was enabled did NOT have WEP or any other provisions for security, so what would you expect people to do?
[Even if WEP was turned on, after seeing what the folks in the Security tutorial could do to 'somewhat easily' decipher it, what's the point?] So, the reality ...
[ more ] [ reply ]
[Even if WEP was turned on, after seeing what the folks in the Security tutorial could do to 'somewhat easily' decipher it, what's the point?] So, the reality ...
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-08
Anonymous (1 replies)
Anonymous (1 replies)
How much of this is the fault of providers (whether they be corporations or ISPs)... I know precious few providers that allow for S/IMAP or S/POP access... most consider it a resource drain and don't allow it.
The majority of "basic" users do not have the expertise to set up a SSH tunnell, eve...
[ more ] [ reply ]
The majority of "basic" users do not have the expertise to set up a SSH tunnell, eve...
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-08
Anonymous
Anonymous
I agree I am currently in the process with a team of setting up a new ISP. Thank GOD I am the CSO and am in charge of all the networking and security involved. We ARE providing SSL encryption for pop for our users and as an added bonus to them we have them behind a Firewall. Atleast our dialup us...
[ more ] [ reply ]
[ more ] [ reply ]
So why the shock?
2003-07-10
BLKMGK
BLKMGK
I and others did this at DEFCON last year, and will agani this year. We covered an entire WALL with (partial) account information pasted up on bits of paper. DEFCON has the worlds most hostile network and STILL people were stupid enough to do this and I'm quite sure they will this year too. People a...
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt
2003-07-10
jaxxofdeath
jaxxofdeath
is it really all that surprizing the attacks and unencrypted access points what is suprizing is that so little session hijacking(man in the middle) attempts were successful the reason most people dont encrypt there network(not that it would be much of a challenge to a real hacker because WEP was bad...
[ more ] [ reply ]
[ more ] [ reply ]
Study: Wi-Fi users still don't encrypt DUHHHH
2003-07-11
Anonymous
Anonymous
HELLO ???
i was there too. things to consider
1) - there was no encrypted wifi netowork - open public access.
2) net sutmbler and others were on the floor selling thir product and demoing it
3) upstairs there were security classes activly probing.
Are you seriously shocked that in the #1 wif...
[ more ] [ reply ]
i was there too. things to consider
1) - there was no encrypted wifi netowork - open public access.
2) net sutmbler and others were on the floor selling thir product and demoing it
3) upstairs there were security classes activly probing.
Are you seriously shocked that in the #1 wif...
[ more ] [ reply ]
Interesting.. is it actually illegal to eavesdrop on unencrypted Wi-Fi traffic? How about me overhearing a conversation my neighbour is having in his garden? I'd expect the law to agree that to claim privacy one would...
[ more ] [ reply ]