I have to agree, too many people are jumping onto the WiFi bandwagon with OUT thoroughly securing and locking down these somewhat lockable systems to a degree (WEP = POOOH)but better than nonething.

The worst are these setups you drive across with the DEFAULT settings out the box, passwords, etc. and they have left the Windows Administrator password eith blank or "password" etc on their Windows box so you have UNC path \\192.168.X.X\c$ access OMG Nicely leaving a notepad note on the desktop how to secure their systems with links probably spooked a few. I have only came across this twice but M$ is getting a little better with trying to wake people up and this SP2 should help with the auto default on firewall which would block above access. (rambling oops)

Both commercial and residential are on the rise for WIFI so this is going to get very intersting and hopefuly it will bring about some real secure coding standards that WORK!!!

I did contract work for a local municipality in Texas (you guess which city) anyways they have AP's that were and still are WIDE OPEN for any Joe to use of course it was seperated from the corporate network's , it was on it's own VLAN and firewalled off with Netscreen firewalls so City Employees and guests could surf the web wirelessly.

The kicker is that now anyone could drive up, use this wireless DSL AP connection for any type of malicious activities and it would be traced back to a city leased DSL line. They didn't wanna mess with WEP, they said they could care less about using MAC authentication, or any other form or security. LOL L@m3rS

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8835/26716#26716