FBI Warns Companies About Wireless Warchalking 188
nobilid writes: "Well-meaning wireless activists have caught the attention of the U.S. Federal Bureau of Investigation. One of its agents has issued a warning about the popular practice of using chalk marks to show the location of wireless networks."
So? (Score:4, Insightful)
The FBI is not saying that setting up free wireless networks is a bad thing. They're warning companies that run WLANs to check for warchalking around their buildings and check their LANs for security. This is what they should be doing, but considering how many idiot admins there are out there, they need the FBI to give them security advice.
Typical.
Right target for once. (Score:2, Insightful)
If companies don't bother... (Score:4, Insightful)
They will only do this after they've been 0wN3d. As per usual.
Re:Kinda Misleading (Score:4, Insightful)
Most would probably think that those marks were either a) gang related or b) random garbage.
From the article... (Score:5, Insightful)
Hey, how about you do this even if you DONT see chalk marks?
What's the Big Deal? (Score:2, Insightful)
They can't... (Score:4, Insightful)
At least the FBI are warning the companies and not arresting the warchalkers.
Well maybe that's because warchalking isn't ILLEGAL... All they're doing is walking around with a laptop and noting when someone else is broadcasting networking signals in an area. It's against federal law to attack the computers on that network, or misuse their bandwidth to mess with other people's computers, but putting a chalk mark on a wall to signify that the schmucks inside need to tighten their security is probably the least destructive thing they could do to them. It's like publicly announcing a security hole in a Microsoft product, except they do so by taping a notice to the door of Microsoft's front lobby. Sure, it's public so anyone can read it, but the number of people who pass by it is very small (compared to putting this info on a web page like another poster mentioned), and most of those people are are very likely to be the Microsoft employees themselves...
Re:well meaning?? (Score:5, Insightful)
The FBI's whole premise is bollocks, and you shouldn't assume that because it's possible to mark up a wlan that isn't yours that people actually do.
It's not easy to report holes (Score:5, Insightful)
I had a friend who had a friend who ran a webshop, with everything running NT. We benignly poked around for all of about 90 seconds probing for 2 known NT holes (had been known about for over a year at that point) and found the entire database for a local HR company completely exposed via the web (SQL Server 7 I believe it was). Repeated phone calls and emails to that shop went unnoticed. Notifying the HR company that their data was exposed and that they should notify their webshop resulted in threats of lawsuits and other less legal retaliatory measures for 'hacking', 'breaking in', etc.
Walking in to someone's house through their open front door is seen as bad, even if you're simply trying to tell them that their door is open and they should close/lock it because of burglars. Hell, you might even be a master locksmith, but they'll probably still call the police.
It's just not that easy to tell the network owners they are vulnerable. You may very well face 'hacking' charges.
Re:"Well-meaning wireless activists" (Score:1, Insightful)
Re:well meaning?? (Score:3, Insightful)
In fact, to me, that makes absolutely no sense. Why not just put up a flyer? Why use obscure chalk marks on the wall that can wash away? The only benefit that warchalking marks have over a flyer is that most people won't recognize them. The only reason that you wouldn't want people to recognize the marks is if you don't want the people running the network to realize that it is open.
Might I also add that if you did "invent" warchalking, you chose just about the worst name possible. Every technical person I know who has heard that word immediately associates it with the term "wardialing". Wardialing is not a benevolent act, and in fact, is about as rude and hostile as possible. Perhaps you need to think a little more about these things next time around, and perhaps you need to talk to the people out there warchalking, because I've never been given any impression by their words and actions excepting that all they want is a free ride on a network that isn't theirs to play with.
Re:It's not easy to report holes (Score:4, Insightful)
This isn't like revealing security problems in software publicly for all to see. Warchalking is in no way going to help the problem, because the covert nature of it pretty much precludes any possibility of the owner of the network finding out about the problem. It'd be one thing to send a letter to them, or, alternately, try to publicize the problem somewhere. However, warchalking does not take a public approach. All it does is make the problem worse, by inviting unscrupulous people to come in and abuse the network.
Re:They can't... (Score:2, Insightful)
Re:actual letter (Score:2, Insightful)
Flaw in arguments of "Warchalkers" (Score:2, Insightful)
Warchalkers have questioned the scare stories surrounding the phenomena, saying that anyone with malicious intent is unlikely to publicly mark their target.
It's not the warchalkers themselves that are the great security risk, it's the people who are going to use the open WLANs for malicious purposes who otherwise wouldn't have done the legwork to go out and find the open holes.
Re:well meaning?? (Score:5, Insightful)
Re:So? (Score:2, Insightful)
I guess we'll just get rid of IT in about 40 years. A shame, really.
Somebody has to hire us, or we'll never get experienced. Alas, this does not seem to be the trend. Perhaps I can go back to school and become a culinary artist. People will always have to eat, but we all know IT is a dead industry.
Re:Ummmmmmmmmm. . . (Score:2, Insightful)
So you're suggesting I should worry about my company's problem instead of my own? Did you not understand from my post that I am unemployed? Even if I wasn't, I could give two shits about a company who is going to can me when one of the two following conditions are met:
1. There is yet another recession, or
2. I am making too much money and will be replaced for someone who they can pay less.
Why should I look out for my company when they won't look out for me. I have to keep my own and my family's well-being in mind. Admit it - there is no job security in IT. If you think I am doing something else wrong, I welcome further comments. That's how we kids learn.
Furthermore (Score:2, Insightful)
What the difference? 0-4 years in age? At what point does someone become qualified to work in a particular position. The day after graduation? What about 6 months before graduation, or are they miraculously much more intelligent the day after graduation?
I guess I don't see the different between a "college kid" and a recent "college grad", since we all know a college degree doesn't dictate skill, just how much bullshit you are willing to put up with (work ethic).
My concern is not businesses (Score:2, Insightful)
Such users are much closer to the street and have less blocking mass between the transmitter and the street compared to a business user. These users are far less likely to change default security settings and passwords. Yet as a source of freeloading bandwidth or disguizing an attack they are very fruitfull. It is like those X10 cameras that they push to consumers, most of which someone with a few dollars of parts picked up at an electronics store can see the signal from your cameras from the street. But this is not a fact at all warned against by the hucksters pushing these devices everywhere you look.