Wireless Security
RE: Bruce doesn't secure his wireless Jun 19 2008 03:44AM
Bahrs, Art (Arthur Bahrs providence org)
Hmmm ... An interesting thought... Could Bruce have more than one home network?

He said he didn't lock down his home network ... Not that he didn't secure any and all networks in the premises.. How many of us have more than 1 networks at the house?

Just a thought ... After all there is always 'Mr. Spock's unspoken truth" to quote an old standard...


-----Original Message-----
From: jesse michael <jesse.michael (at) comcast (dot) net [email concealed]>
Sent: Wednesday, 18 June, 2008 6:28 PM
To: Zacheusz Siedlecki <zacheuszs (at) gmail (dot) com [email concealed]>
Cc: Sec <wifisec (at) securityfocus (dot) com [email concealed]>
Subject: Re: Bruce doesn't secure his wireless

On Wed, Jun 18, 2008 at 11:08:17PM +0200, Zacheusz Siedlecki wrote:
> I think it's not about details. It's about statistic and probality of
> intrusion (Bruce is god at maths). It's difficult to strike a good
> balance between security and usability of system. Bruce found it for
> his home network. Attack on desktop from Internet is more probable
> than script-kiddie-wardriver in neighborhood so it's not worth a
> thing. Ithink it's about ideology also (Linux vs Windows, close vs
> open).

Sure, statistically, the average person isn't likely to have someone
attack their wireless network like that, but if there's something
unusual about the target (e.g. you're very well known in the security
community and have essentially dared people to compromise your network),
the usual threat/risk calculations will need to be adjusted.

I fully expect to read another news article at some point in the
future about Schneier ending up talking to the police about having
his network compromised because he's just advertised to the world that
he has not even bothered to taken trivial steps to secure it.

There's an argument that could be made that by leaving the network
unprotected, he has plausible deniability if illegal acts are made
from his network connection, but that hasn't been tested in court
as far as I know, and I'd rather not be a test case for such things.

This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus