Toronto, The Naked City

PunWork writes "In an effort to promote wireless network security, Toronto consulting firm IpEverywhere (pun intended) has published a map of downtown Toronto, showing the location of both encrypted and unencrypted ('naked') wireless networks. Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant? The Toronto Star has a story about the map and the consulting firm here."

its not an "or" situation

[deft]

both will happen.

1. the idiots will try and hack and abuse.
2. the companies will slowly gain awareness, try to figure out how to secure themsleves, secure funding, initiate sucurity protocols, fix holes, etc.

gee, i wonder who will get going first. the company or the idiots.

That's lame

[Jonny Ringo]

Unencrypted networks are now referred as "naked" networks? They just called it that to get more people to read it.

Maybe someone should make a new insecure Linux distro called "Naked Linux". It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan). In the mean time Windows is trying to get dressed. Stupid 2 legged pants!

Spammers

[The Turd Report]

I wonder how long it will take spammers to clue in on this? It is a wonderful deal for spammers; as they are untraceable via this method. There are steps that people running these networks could do to prevent spammers, but still allow legit users. But, you all know how well some admins look after security...

Re:Its obvious!

[Anonymous Coward]

Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!

oh man that is really funny!

Most IT people dont know squat. and very very few of them know much about, let alone even understand security.

If your statement were true then corperate break ins and virus's would be a much smaller problem.. 99% of all virus attacks I get are from INSIDE corperate coming from the T1 ties to the NOC not from any of my users or the internet gateway I have. Whenever there's a discussion about Virus scanners and basic virii security.. over 1/2 the IT professionals on the conference call have no idea how to ensure that all the machines are up to date or protect their networks.

Also, I have had to resort to firewalling the corperate side to protect my network... Yes, the TRUSTED corperate network T1 tie is firewalled by me to keep out attackers and virii.

I am one of about 700 IT professionals in my corperation... and I have to spend valuable time securing my network from the bungling boobs that this company hired.

Re:its not an "or" situation

[rkwright]

I agree. If you take a look at other areas in computer security (for example, Windows 2000 servers and insecure IIS setups), the actual breakins/worms/etc. have (albeit slowly) caused more admins to lock down their Win2K servers. It has also caused a change for the better with the vendor (Microsoft) in that the next version of their server software (.Net Server 2003) will initially be relatively locked down, and the admin who is configuring the server will have to specifically turn services on. Thus, abusers and intruders have a necessary place by providing the motivation for improving security.

However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup.

Unencrypted != unsecured

[Leto2]

People, unencrypted by WEP doesn't mean unsecured. We all know 802.11 WEP has its shortcomings, so more and more administrators are relying on different techniques to secure their wireless LAN, IPsec and VPN to name a few.

And after you've secured your network on a higher level than OSI 1, you can be less paranoid about WEP. So much less, that some claim that DISabling WEP is not a bad thing at all. Think about it, you already have encryption taken care of, so why not make your network more stable, robust and fast by disabling WEP?

Those 'wardriving' pictures should make a distinction between "secured with WEP", "no WEP, but I cannot use the network because of IPsec/VPN/whatever" and "no WEP, and I can surf freely through it".

-Leto2

Re:Unencrypted != unsecured

[MagicFab]

At the very least, change the legend so it reads:
WEP Enabled (Worse, false sense of security) instead of:
WEP Enabled (Good)

Aluminum siding better than WEP

[elliotj]

I setup a WIFI net at home recently and have found that the coverage I get inside the house is amazing. Outside it's a different story. I'm pretty sure that the aluminum siding is blocking the signal from leaving the building because I do get limited reception if I'm lined up with a window.

Basically this stops any war drivers from seeing my network unless they get really lucky and creep up to the bushes outside one of the few windows that faces the street. If they do that I'm more at risk that they see ME naked than my network!

Anybody else notice specific physical obstacles that clobber reception?

Naked != unprotected or insecure

[mouthbeef]

I just spoke with the COO of the IPEverywhere about this study, and confirmed that the methodology only established whether a node was running WEP (a "security measure" of dubious value).

That means that many of the "unsecured" nodes in this report may have had other means of securing themselves, from switch- or AP-based MAC filtering to captive portals such as NoCat. Moreover, the protocol for this study did not establish whether the open APs in question were handing out DHCP leases (or, indeed, whether they were connected to the Internet at all).

Finally, this study did not investigate in any depth whether the open APs were deliberately or accidentally left open. Many of us run open "community" networks around the world (I operate one in Toronto at King and Niagara, and three in San Francisco, two at 19th and Shotwell, and one on Sycamore near 17th and Mission). These networks are deliberately "unsecured" and are provided out of public-spiritedness, or even out of a political commitment to providing tools for anonymous speech on the Internet -- anonymous speech being fundamental to democratic discourse.

Since WEP is such a poor "security" measure, the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy (either remote or on your own network). In fact, if you're a promiscuous user of any network -- conference centers, airport lounges, hotel rooms, schools, etc -- you should assume that unless your messages are encrypted, they will be sniffed on the wire.

The primary "security" concern about open wireless seems to be that a "rogue" AP will be installed behind a firewall. The firewall, of course, is hardly sufficient in and of itself for securing a network. It's based on the presumption that everyone on one side of the firewall is trustworthy, and everyone on the other side is untrustworthy. We know, though, that this is a fallacy. Getting inside the firewall -- either through physical intrusion (think of visitors to your office plugging into the the network to check mail) or virtually, by 0wning a box on the network with a trojan -- is not difficult for a determined intruder. Meanwhile, the legitimate users of your network resources are often outside your firewall (mobile execs at a client site, for example) and thus not only walled off from the rest of the network, but also vulnerable to attack, since their machines' first line of defense is the firewall, which they are suddenly out of.

Security is hard. The proper place to draw your network perimiter isn't around your office, but around each machine. Personal firewalls, regular applications of security patches, good passwords and user education provide genuine security. Firewalls (and FUD about open APs) doesn't.

This is the wrong approach

[dazdaz]

I think this is a childish approach and very dangerous because of the legality of doing this, however I do understand their need to highlight this serious issue, this is clearly the wrong way.

In fact I would go so far as to say this is an unauthorised pen-test, in that part of a pen-test is in finding hosts/networks in the same way the physical location has been found, but not only found, also published.

I dont know where liability and juristiction come into play here, i'm surprised these guys/gals are prepared to go this extreme and risk finding out.

Surely a CNN interview would do their careers good and promote the issue far wider than a website could?