[AusNOG] Google creepier than Conroy?

Steve Lisson SteveL at dedicatedservers.net.au
Sun May 30 18:00:50 EST 2010


Hi,

I have (but not for quite some time now) on occasion fired up Netstumber
to see what networks were around while I have been travelling on trains,
while they are not the norm there are certainly quite a number of
unsecured wifi networks around.

I also noticed that the closer to the city there were more networks but
less insecure ones. (not sure this is a good indication as closer to the
city the ratio changed a lot from private to business networks).

Case in point is someone around where I live had one, and I know from
accidently using it once (found out as could not connect to certain work
systems) that it gives out DHCP addresses with full internet access.

I shortly after changed my defaults from being able to connect to any
non-preferred networks after determining the type of router they were
using & also determining they had an Optus Cable modem in front of it,
both of which accessed with no or default login details. (I was just
curious as to how it came about and what type of connection they had, I
was getting very poor connectivity through it and was wondering what was
wrong with my internet connection). 

Their SSID & a search on whitepages.com.au alone is probably enough to
identify them, and found it quite amazing that they could set their SSID
but failed to set any security.

An insecure AP is just the start of the problem; consider if user that
has an insecure AP, then also has file sharing turned on for the local
network with no user/pass authentication. (I do not know if the network
near me suffers this problem, while curious to probe a little I had no
desire to go further)

It would astounds me that end users will purchase and install equipment
they don't understand if the products they are purchasing were not
marketed as being easy to install and secure (they are, but pick one).

Having said that I have seen one that liked (I think it was netgear?)
had the feature where you press a button on the AP and a button on the
wireless adapter software and it automatically negotiates encryption
(like pairing with bluetooth) which I think was a great development,
obviously you needed the same brand AP & adapter which is a shame but
something similar that is interoperable would be great.

Steve

-----Original Message-----
From: Mark Smith
[mailto:nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org] 
Sent: Sunday, 30 May 2010 5:11 PM
To: Steve Lisson
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Google creepier than Conroy?

On Sun, 30 May 2010 14:56:30 +1000
"Steve Lisson" <SteveL at dedicatedservers.net.au> wrote:

> Taking Google out of the equation for a moment...
> 
> With all these apparently open wifi networks from home users 'who do
not
> know better' is there possibly a problem with the way vendors market
the
> products?

I'm not sure if that is actually the case. I'm relatively late to the
Wifi consumer scene - I only ended up getting my first personal laptop
last year (haven't really wanted or needed one before). Consequently,
out of interest, I've paid a bit more attention to the SSIDs that are
announced where ever I am, and whether they have a lock symbol (on
Network Manager, under Linux). With a data set of my home, the local
cafe (so I see a few SSIDs for businesses surrounding it), and where
I'm working (Adelaide, near CBD), I think I've seen around 25 to 30
unique SSIDs. Other than Internode's Citilan SSID, which is expected,
I've only come across one other one that didn't have some form of
security enabled. So my impression is that the message has got through,
and in nearly all cases people are securing their Wifi to some extent.
Whether or not their picking good WEP/WPA keys is another issue, and
one that I'm not going to try to determine ...

Another interesting question to consider is if there is no security, is
that an invitation to connect? I think a broadcast, rather than hidden,
SSID and no security could be interpreted that way - security
mechanisms are available for you to use, and you haven't used
them. If I see a shop sign, and an unlocked door, then I assume that is
an invitation for me to enter. OTOH, any enabled security mechanism, no
matter how inadequate e.g. WEP, bad password, is a sign that access is
being controlled, and is limited to authorised parties.

> 
> With having '256 bit encryption', 'very secure', etc in big pronounced
> labels all over their packaging for their products is it really the
> users fault when they go home, plug it in and it works or is it
> plausible that they, from the marketing, just assume that they are
> automatically secure? (sure, they should have read the manual, but can
> be safely assumed a lot do not).
> 
> Should there be big mandated labels on the packages such as
'Incorrectly
> configured wifi can be hazardous to your [internet] health' with some
> gory picture along with it?
> 


> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net
> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Kevin Karp
> Sent: Sunday, 30 May 2010 2:46 PM
> To: ausnog at lists.ausnog.net
> Subject: [AusNOG] Google creepier than Conroy?
> 
> >  Borrowing from the Australian Privacy Foundation policy on...
> 
> Well, for my sins, I represent ISOC-AU at regular meetings
> with the Office of the Privacy Commissioner (Karen Curtis is the 
> Commissioner), at which
> Nigel Waters attends representing the Australian Privacy Foundation.
> 
> We meet 3 times a year with the OPC, the next one being on July 28
(the 
> last was held on March 31).
> 
> I am happy to represent your considered views at the next meeting. It 
> would be nice if the discussion
> is run through ISOC-AU's iamems mailing list, to receive as wide a 
> perspective as possible, but there
> plenty of opportunity for a more specialised view to present itself
from
> 
> this list.
> 
> I am on good terms with Nigel, so if there is something that APF
should 
> be doing of a more urgent
> nature, please let me know.
> 
> Regards
> 
> Kevin
> 
> -- 
> STUDENTNET(r) - Highly Commended: Australian Privacy Awards 2008
>     Kevin Karp kjk at studentnet.edu.au
>     next.studentnet.edu.au                  Tel +61 2 9281 1626
>     Suite 1, 89 Jones St
>     Ultimo NSW 2007 Australia              Fax +61 2 9281 3047
> _____________________________________________________________
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list