Forgot your password?
typodupeerror
Spam Wireless Networking Hardware

WLANs As Spam Conduit 217

Posted by chrisd
from the spammers-are-still-evil dept.
Saint Aardvark writes "According to this article, a honeypot was recently set up on two wireless LANs. 25% of the connections observed were deliberate, and 71% of those were to send spam. Even more reason to take care of your ether." These statistics should be taken with a salt lick...
This discussion has been archived. No new comments can be posted.

WLANs As Spam Conduit

Comments Filter:
  • by ilduce (141065) on Thursday April 10, 2003 @12:41AM (#5699006) Journal
    ...public vigilante executions of spammers? Kinda like a citizens arrest, but more permenant. Just a thought.
    • by Kj0n (245572)
      What about a flamewar?

      With *REAL* flamethrowers, of course!
    • Re:How about... (Score:2, Insightful)

      by evilviper (135110)
      Seeing the incredible anti-spam sentiment is quit amazing to me. It seems to be a bit out-of-proportion to the actions in question.

      From what I've seen on /., it seems like GW Bush would just have to say that Iraq was the #1 source of spam, and the opposition to war would have disappeared right away.

      Maybe it'll enter our vocabulary soon, as some sort of curse word.

      Murder

      Rapist

      Spammer

      • Re:How about... (Score:5, Interesting)

        by dev11 (635413) on Thursday April 10, 2003 @04:53AM (#5699831)
        Unsolicited email is annoying, but I guess what really angers me about the majority of the spam I get is:

        Sleaziness. Penis enlargers, teen sluts, and porn of questionable legality. If I had young kids, this would really piss me off if they got sent this crap.

        Fraud. This is somewhat related to the above. Most of these products are most likely frauds, or of questionable value. Masking your identity through forging headers, using open relays and the like. If your product is so great, you shouldn't have to hide yourself. Spam is the snake oil of the new century.

        Intrusiveness. Embedding images in HTML email that the client fetches and confirms your email is "live", so it can be sold and put on more spam lists. I am still in the stone age and use pine and never HTML mail, but most non tech people use Outlook, which has this as default behavior. Also, claiming that I opted in and now I need to specifically opt out, with some form that probably just confirms my address is pretty low.

        Volume. When I get 50 spam mail messages a day, and 10 or so legitimate messages, email as a communications medium is seriously flawed in it's present form. Many get hundreds of spams a day. Blacklists and Spam Assassin help some, but there are too many false positives.

        Commercial email is OK, provided that I signed up for it and the company doesn't try to hide their identity. Some of this is actually useful at times. It would be nice if there could be an analog of a do not call list for email, but that is not technically feasible at present with the current protocol. A new protocol needs to be implemented. As much as I hate spam, I prefer technical solutions rather than handing control to the government. Even if there were spam laws (I know some states have them), they are ineffectual.

        • Re:How about... (Score:3, Informative)

          by Lynn Benfield (649615)
          Blacklists and Spam Assassin help some, but there are too many false positives

          Perhaps not as many as you'd think though - I recently switched from Spamfire [matterform.com] (keyword based filter) to POPFile [sourceforge.net] (Bayesian with list of known-to-be-good-senders), and have been very impressed.

          It's been running for 10 days, has processed 1108 mails, and made 26 mistakes. Almost all of which were in the first 24 hours - I've been checking my spam folder a couple of times a day, and have had 3 false positives in the last week (al
          • I've heard a lot about false positives here, but
            I'm running SpamAssassin with nearly the default ruleset, and I've had a grand total of 1 false positive in 6 months (on the second day I had it running). I had a few legit mails just a hair below the cutoff for flagging them as spam, and they all hit the FAKED_UNDISC_RECIPS rule. I added the following entry to local.cf, and the problem was solved. Btw, does anyone know what criteria they use for 'faked'?

            score FAKED_UNDISC_RECIPS 1.0

            I've also given a bunc
          • If I get even one false positive, it means I have to manually wade through the 35 SPAM (actual count today) messages I got today, just incase one was a false positive. In effect the spam matching effort is wasted because I still have to look at all the spam. I want spam elimination software to get rid of the spam so I can go on with my life without paying attention to it. When I have to pay attention to it at all, that means that the software is worthless.

            False negatives are not as bad. If I can get r

            • I have my mail server set up to automatically recognize incoming spam and reject it with an error message which says 'this is being rejected because it looks like spam; if it's not, please resend it to notspam@mydomain.com.' That's an address which I've set up to completely bypass my spam filters and come directly to my inbox.

              In the past six months I have never received even a single piece of spam at my 'notspam' address, which is only advertised through this error messages. And even if any spammers did
              • That is a hasstle. Not for me, once I have it set up, but for those who want to contact me. I'm looking for a job now, I can't afford to let an otherwise good job slide by because whoever was trying to contact me has better things to do than figgure out what magic is needed to make my email work. There are many more job hunters than jobs right now, so they won't take the time to email me if I don't respond back right away.

                I also question your notspam@example.com solution. Someday that will get onto the

      • Seeing the incredible anti-spam sentiment is quit amazing to me. It seems to be a bit out-of-proportion to the actions in question.

        The reason you're seeing it is because just about everyone here experiences spam. If I got punched in the head a dozen times a day, I would be pretty fucking angry at people who go around punching people in the head and I would want them all to die a slow horrible death. Fortunately, I don't get punched in the head on a regular basis so I tolerate head punchers much more tha
  • by Anonymous Coward on Thursday April 10, 2003 @12:42AM (#5699012)
    Block all ports except 80 if you have to... just don't take away my free access!
    • Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

      My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

      My $0.02
      • by waldoj (8229)
        Even port leaving port 80 isn't safe due to the Form_Mail.pl security issue that is plauging web servers all over and dumping spam into a mail spool near you.

        There's no problem with keeping port 80 open. It's running an unsecured web-based non-authenticated mail relay that's the problem.

        -Waldo Jaquith
        • HTTP can be abused to send spam. All you need to do is find an open proxy server listening on port 80. I've seen this done when a spammer tried to do a dictionary attack on a mail server that I run at work. The scumbag used open SMTP relays, open SOCKS proxies, and open HTTP proxies to do its dirty work.

          Eventually, the spammer gave up - it must have noticed that I was firewalling the connections as soon as I detected them. MIMEDefang [roaringpenguin.com], combined with a modified filter script and ipchains or iptables, can

      • My point is that mearly blocking ports is never the answer, keeping your patches up to date and not running open relays is a simple solution.

        And how is that going to help if your wireless LAN is wide open to anyone passing by? The mail relay is, by definition, open for insiders.
    • Built in sharing? (Score:3, Insightful)

      by gad_zuki! (70830)
      > Block all ports except 80 if you have to... just don't take away my free access!

      I would if I could. I wouldn't mind sharing some of my connection with the people in my neighborhood, but security and just the nature of tcp/ip to go as fast as it can means it just ain't gonna happen. Not am I willing to set up more network equipment, VPN, etc.

      I'd love to see a built in DMZ with port 80 open and bandwidth thortling if I choose to share. Heck, this would probably solve half your security issues right t
  • tequila (Score:5, Funny)

    by Entropy_ah (19070) on Thursday April 10, 2003 @12:42AM (#5699015) Homepage Journal
    These statistics should be taken with a salt lick...
    Does spam go well with tequila?
  • Makes you wonder where they built the Wireless LAN.
  • Spam on the cell. (Score:5, Informative)

    by zbowling (597617) <zac@zacLIONbowling.com minus cat> on Thursday April 10, 2003 @12:44AM (#5699022) Homepage Journal
    Spam and telemarketing calls to a persons cell phone (or any system where the person that is being called has to pay for the call) is currently illegal in the states under telecommunications act of 1989. Its the same act that allows us to ask to be put on a company's not calling list and sue if they call back. Do a google for it. Some cool ways to protect yourself using the law.
  • 4 percent? (Score:3, Interesting)

    by f13nd (555737) on Thursday April 10, 2003 @12:45AM (#5699024) Homepage
    what about the other 4%... was that accidental?
  • I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

    I can't remember the last time I got that much legitimate email...

    I really wonder how these stats are gathered.

    • Well companies that host thier own mail servers and the like ussually dont get that much spam, but there are a lot of yahoo and hotmail accounts (sigh, I have one too) that *ALL* get 7-8 times as much spam as regular mail. If youre wondering what I mean by all... set up a hotmail account with gibberish (no dictionary words) as the name. Dont use it for anything. It only takes 2-3 days to get your first piece of spam. Ive done it 9 or 10 times and the longest it took was 5 days til first spam, and that wa
    • my 'Inbox' at work is about 10% legitimate e-mail...

      60% legitimate mail? to me thats like heaven...
    • I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

      Well that sure as hell isn't my inbox. I'm lucky if one in twenty message is NOT spam.

      I really should get some friends though... ;-)
    • I get about 1 spam message every few days on my main account. I just take very good care of where I use the email address.

      My hotmail account on the other hand...

    • I've read repeatedly that some percentage of all email is spam. I think the number that usually gets thrown around is 40%.

      I can't remember the last time I got that much legitimate email...

      People like you are balanced out by people like me. I use "Contact Me" forms on my website rather than my e-mail address, I don't give out my real address, and I use a throw-away address for mailing lists and a free e-mail address (Softhome, Yahoo, etc.) for submitting to forms on the web where I have no choice.

      Onl

      • Not to mention that having an open mail relay on a WLAN is no different than having an open mail relay on the internet.

        I, for one, am not fooled by their conclusions. Any open, exploitable service that is reachable publically will be abused, regardless of the transmission medium.
  • Um...no. (Score:5, Insightful)

    by waldoj (8229) <waldo AT jaquith DOT org> on Thursday April 10, 2003 @12:46AM (#5699030) Homepage Journal
    Wait, so this company, "Z/Yen," has determined that 71% of malicious connections to wireless networks are used for sending spam, and they've done so on the strength of setting up a grand total of two WiFi hotspots in one unspecified city (which I assume to be London, because that's where they're located) for an unspecifed time span...and this leads to conclusive results? That's just stupid.

    In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.

    -Waldo Jaquith
    • Re:Um...no. (Score:5, Funny)

      by zapatero (68511) on Thursday April 10, 2003 @01:43AM (#5699298) Journal
      So two security companies set out to do "research" on WLAN access and the results of their findings conclude that security is needed. These are staggering results. Who woulda guessed.

      It's ground breaking research. It ranks up there with Philip Morris' discovery that lung cancer is cuased primarily by cat dander. And McDonald's dietary discovery that low cholesterol leads to depression and suicide.
    • The article doesn't say they were spamming, it just says they were sending mail, then starts ranting about spam. Of course they were sending mail - that's one of the big reasons that people want to use wireless, along with receiving their email and web surfing.
    • Kent: Mr. Simpson, how do you respond to the charges that petty vandalism such as graffiti is down eighty percent, while heavy sack-beatings are up a shocking nine hundred percent?

      Homer: Aw, people can come up with statistics to prove anything, Kent. Forfty percent of all people know that.

      Kent: I see. Well, what do you say to the accusation that your group has been causing more crimes than it's been preventing?

      Homer: [amused] Oh, Kent, I'd be lying if I said my men weren't committing crimes.

      Kent: [pau
    • scripsit waldoj:

      In other news, based on my survey of my apartment, 75% of people are running Mac OS X, and 25% are running Linux.

      Based on my survey of my work environment, about 50% of Americans hold Ph.D. degrees, the remainder being graduate students.

      • Totally OT, but back in the mid 90's when I did Internet searches (altavista, etc...) on my last name I was pretty sure that my entire bloodline was made up of grad students and doctors in academia or very wealthy people scientific jobs. Of all the home pages I found for people with my last name - that is about all I found. No Crack Ho home web pages or 'I'm on welfare' web pages or any of that crap to be found for anybody with my last name.

        It was pretty refreshing. I also found it funny that in web sur
  • Clarity (Score:5, Interesting)

    by John Paul Jones (151355) on Thursday April 10, 2003 @12:47AM (#5699039)
    The survey found that almost a quarter of unauthorised connections to the WLANs were intentional, with 71 percent used to send emails.

    Umm... First, this means that 75% of the connections were not intentional? Is this the equivalent of 75 people saying they're sorry for stepping on your toes, while 25 people did it on purpose?

    Second, define "emails". Is that 10? 10,000?

    This seems a bit alarmist.

    • My guess is 24. It's the first denominator capable of .25 and .71. :)
    • Forefather John Paul sig-quoth:
      I wouldn't piss on most of our current politicians if they were on fire, and neither would most people I know.
      Dude, I'd love a legal excuse to pee on any of our current politicians, so please set your choice alight ASAP! I've got a friend with a video camera...

    • You expect something like "Everything is OK" from slashdot?

      Maybe you haven't been here very long...

      An online Starcraft RPG? Only at [netnexus.com]
  • "If the proposals come into force, senders of unsolicited emails will require prior consent from recipients, and web users will have to be told if cookies are being used, with the option to reject them. Individuals will also be given more power to decide whether they want to be listed in subscriber directories. "

    Although the proposal sounds good whats this big fuzz about cookies ? Sorry for sounding possibly ignorant but since when have cookies become security threat ? If thats the case wouldnt every webs
    • I've never seen a browser that didn't allow the option of 'prompting' the user for each cookie thats set. Do these guy's want web pages to be reqired to say they use cookies?
      • Try that option on the following computer shop: www.globaldirect.co.uk. It tries (or at least tried) to set the session cookie with every single image or page it sends. So you get an overall of 40-50 cookie dialogues. And there are quite a few sites like that out there so the average Joe Public will disable this option outright
  • Serious? (Score:5, Insightful)

    by molrak (541582) on Thursday April 10, 2003 @12:49AM (#5699053) Homepage
    So let me get this straight. As opposed to just sitting in the apartments or offices or whatever, spammers are now riding around major urban areas trying to find insecure wireless networks? This, to me, would seem to be a tremendous waste of time.

    I'll admit, I don't understand why people spam; but the economics of such a thing simply don't seem practicle. The 25% would seem to be about right to me, but that 18% of the total was just for spam, just doesn't seem to add up.

    Then again, as Mark Twain said, "There are three kinds of lies: lies, damned lies and statistics."
  • Misquote (Score:5, Insightful)

    by Mattygfunk1 (596840) on Thursday April 10, 2003 @12:51AM (#5699063)
    ... and 71% of those were to send spam.

    The summary misquotes the article here. 71% of the connections sent email - not necessarily spam email. I am surprised the figure wasn't higher.

    Anyway it is hardly groundbreaking news that you have to secure wireless internet connections.

    _____
    cheap web site hosting [cheap-web-...ing.com.au]

  • by ramzak2k (596734)
    i see a wireless pig icon up there ! Is it just me ? I need some sleep ..
  • public spots (Score:5, Interesting)

    by saben78 (527294) on Thursday April 10, 2003 @12:52AM (#5699071)

    It's easy for the home and business admin to secure his/her AP. But how do public access places like airports and StarBucks counter drive by spamming?

    Any ideas?

    • Re:public spots (Score:3, Informative)

      by jratcliffe (208809)
      If memory serves, the service providers (Boingo, T-mobile, etc.) use a client on your PC to authenticate you (probably MAC-based, but I'm not sure). Their concern isn't just security, of course, but making sure that you actually pay for the service.
  • by interstellar_donkey (200782) <pathighgate@NOspAm.hotmail.com> on Thursday April 10, 2003 @12:54AM (#5699085) Homepage Journal
    Remember folks, there are surly looking spammers driving through your surburbian neighborhood right now just looking to abuse your DSL connection through your unsecured access point to send spam.

    So if your router gives out a DHCP address in the middle of the night, run outside in your pajamas with a baseball bat. There are spammers you need to teach a lesson.

    • How long until we see:
      Make money FAST crusing your neighborhood! Annoy millions of people with unrelenting spam!
  • What if there were only 2 unauthorized connections? What a story!
  • by xintegerx (557455) on Thursday April 10, 2003 @12:59AM (#5699114) Homepage
    I just received in e-mail..

    1) Sue for "Cable Theft" (if cable ISP)

    2) Sue for "Denial of Service Attack" (since the intent of spam is to fill up your mailbox, causing you to give up real e-mails.)

    3) Sue for "Espionage" if you both received a 'viagra' spamvertisement and the e-mail says it's not commercial spam, because if it's non-commercial, they were watching you through a window and wanted to notify you of viagra!

    4) Is the spam for an ergonomic peripheral, like mouse or keyboard or computer chair? Or maybe, the company offers you pills to decrease your hormonones? In either case, this means they think you might have repetitive stress syndrome from using your... tool. This is either "Espionage" (they saw it), or "Intent of Deliberate Harm" (they e-mail you so much shit, they KNOW you are guaranteed to have RSS in your wrists....

    5) ???

    6) Profit
  • Bad logic. (Score:5, Insightful)

    by twitter (104583) on Thursday April 10, 2003 @12:59AM (#5699116) Homepage Journal
    Huh? What statistics? Where was this thing set up? How many hits did they record, 4? Did they deliver the spam? Was the welcome message, "Tell all your leet friends about the spam relay here!" Is someone at the RSA office the type that thinks they can make a fast buck selling dick enlargers? F+

    The study, as presented is useless except to divide people. They might have just as well said that the internet itself was evil for enabling spam. I can say the same thing about materials used to make billboards. The RSA says, "Don't share, people." Great!

  • You arent kidding (Score:4, Insightful)

    by t0ny (590331) on Thursday April 10, 2003 @01:00AM (#5699119)
    so that means that, citing their statistics, at least 30% of people have closet spammers living near them. Ya right!

    I mean, Im sure most people living near me wouldnt mind downloading pr0n with my connection, but sending spam? Even if they had said hacking I would consider that a stretch. Its not like every kiddy is a script kiddy.

    • Oops, I realized I fuxored the numbers. Its more like 18%, not 30%
  • I occasionally read a NewsFactor article by accident. They define silly. They are usually speculation couched as fact, and prove little except that if you pay Yahoo! enough, they will carry your stories on their news site.
  • by smeenz (652345) on Thursday April 10, 2003 @01:05AM (#5699141) Homepage
    The finding doesn't surpise me much. As far as I'm concerned, a wireless lan should be considered at least as dangerous as your internet connection, and should be firewalled appropriately. What makes them more dangerous is that it's like having your users sit in your DMZ.. their laptops with wireless cards can be wide open and they don't have a clue. I guess it's just like when those users use a dialup modem account without a firewall, but because they're often connected to the corporate network via a vpn etc, they believe they are somehow more secure. They might well have a ipsec or mppe vpn active, but that doesn't usually stop windows from listening on ports 137/138/445. And how many windows users do you really think are going to run a 'personal' firewall and/or understand what they've got themselves into by going wireless.
  • by rf0 (159958) <rghf@fsck.me.uk> on Thursday April 10, 2003 @01:14AM (#5699178) Homepage
    This is showing spammers are intelligent and learning. That can't be right can it? :)

    Rus
  • by drwho (4190) on Thursday April 10, 2003 @01:35AM (#5699272) Homepage Journal
    I've had an access point with public access set up in the middle of a major city for several years now, and have never seen a SINGLE spam attempt. As much as I hate spammers, I think this 'warning' is just hype.
  • I don't buy these figures. But I've thought about blocking off port 25 to unregistered hosts on my local net. That's all that would be necessary.

    Bruce

    • by weave (48069) on Thursday April 10, 2003 @05:17AM (#5699903) Journal
      Sigh, spammers ruin everything. I often use public hot spots when traveling to quickly slurp up some e-mail and send out pending e-mail (via an authenticated SMTP connection at my business host).

      I have Mac Stumbler running on my laptop and it pings me whenever I drive past a hotspot. Sometimes the hotspot will be named "public" or "public hotspot" even. (Saw a few of these in Tempe, Arizona. Was pretty amazed, and grateful).

      So if you're running one, I thank you.

  • Counterplot (Score:3, Funny)

    by Julian Morrison (5575) on Thursday April 10, 2003 @01:47AM (#5699312)
    Wireless spam? I'm thinking that's not necessarily such a bad thing. (1) wireless broadcasting objects are locatable in 3D using the proper detection tools (2) a wireless enabled laptop is deliberately radio-permeable and structured so as to pick up radio energy.

    Solution: directional high powered radio emitters on the 802.11b wavelength. Target the suckas and zap the bejeezus out of 'em.

    Mmmm, fried spam.
    • Target the suckas and zap the bejeezus out of 'em.

      Transform that into a GPS coordinate, vector in a B1 and BOOM! We'll need to develop some appropriately sized weapons however. The current 500, 1000, 2000 lb units might produce a bit too much collateral damage in peace-time urban environments...
  • Sounds familiar (Score:4, Informative)

    by gmajor (514414) on Thursday April 10, 2003 @01:48AM (#5699316) Journal
    For a class I took, a professor set up a temporary mail server that we needed to use for an assignment. He of course took precautions, making sure mail was only routed to a certain domain.

    But within 48 hours, the mail server was found by spammers!

    He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam. Make a collection of spam e-mails, and have filters block out mail that closely matches all the mails the honeypots have received.
    • He even had a great idea for anti-spam software/blocking. Set up these honeypots in different geographical locations, but don't publish the addresses; let the spammers find them. Have them accept mail as if they would route it, but do not actually send it out. We can assume any e-mails received are spam.

      This is trivial for the spammers to work around. All they have to do is try to send email to themselves along with the bunch of spam emails they're sending. If they can't email themselves, they'll move
  • E-mail or spam? (Score:2, Insightful)

    by stuartkahler (569400)
    It didn't clearly state whether they checked if the unauthorized connections were actually sending bulk e-mail (spam), or just normal users using the open net connection to send out their e-mail. I could see people writing e-mails and saving them for when they happen by an open wlan.

    Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?
    • Do any e-mail programs automatically send out pending messages as soon as a network connection is detected?

      Yes, Apple's mail.app, and I use that feature a lot while traveling (using an authenticated SMTP connection to my business host to get around the relaying issue). OS X can also automatically connect to the closest hot spot so you don't even have to configure a connection with a SSID if it's WAP free. Just drive up, auto connects, mail.app notices connection is up, it starts sending out pending e-mail

  • If a connection to your AP is not a legitimate, authorised connection (i.e. one made by the people the AP/wireless connectivitiy was put in place for), it doesn't matter what the reason for the connection.

    Saying that 71% of all unauthorised Wireless access attempts are attempts at spamming is nothing more than a useless statistic. If you have Wireless in place and have not properly secured it (Mac lists/VPN/VPN endpoint in DMZ), then you've got bigger problems than your local Wiget reseller using bandwid
  • Idea (Score:3, Funny)

    by use_compress (627082) on Thursday April 10, 2003 @02:17AM (#5699417) Journal
    Step 1: Purchase private island Step 2: Make private island autonomous country Step 3: Cover island with free Wifi Step 4: Implement secret anti-spam laws with Singapore-style penalties Step 5: Wait for spammers to come
  • Ok, I admit it, I do tend to go out front of other's places and use their wireless connections. And yes, most of the time it's for email. But you have to realize that just because you're sending out a dozen or so emails, it doesn't mean that it's spam. I like to use my email client in offline mode, and so I kind of "save up" the emails to send later, and then send them all at once. It's not spam, it's just communication.
  • Just think of how many teenagers could make a lot of money while participating in a favored American teen pasttime: cruising the drag (or loop, main, etc). No longer would they have to worry about gas money!

    On the other hand, I wonder how legal something like, say, a physical solution to a digial problem would be, IE, they're stealing your bandwidth, you shoot out the tires on their 'getaway' vehicle while it's parked on the street. Were you stopping perpetrators? Would this be a reverse attack, were they
  • NoCat Auth (Score:3, Interesting)

    by jroysdon (201893) on Thursday April 10, 2003 @03:40AM (#5699620) Homepage
    A good linux sysadmin could setup a multihomed Linux server between his AP(s) and broadband and use NoCat [nocat.net] authentication to block this sort of thing, while allowing surfing (or whatever else).

  • Can't believe it (Score:2, Insightful)

    by sharok (301384)
    Spammers taking time to wander around war riding ?
    Get real, they don't waste their time like that. They send out a billion spams on a high speed cable line then go golfing (or whatever).
  • a bit slow (Score:5, Interesting)

    by BenjyD (316700) on Thursday April 10, 2003 @06:05AM (#5700010)

    In the honeypot test, the first unauthorised connection to the WLANs was made in just over two-and-a-half hours.

    There was a TV show in the UK that recently did something similar to this with bike theft. They left an unlocked bicycle on the high street of a northern town and set up hidden cameras to watch. Somebody nicked the bike within 30 seconds of the owner walking away. I guess spammers are a bit slower than your average criminal.

  • darn (Score:2, Insightful)

    by jago25_98 (566531)
    for someone who loves the idea of free(er) public networks via wireless this is a stick in the throat :/

    a minority ruins for the majority once again.

    can't we get rid of open email and just use private acl's?
    this is what I'm going to go for my next account.
  • by Vodak (119225) on Thursday April 10, 2003 @08:38AM (#5700461)
    How can we as a society have our cake and eat it too in regards to public wireless networks? The answer is simple... Allow people to shoot spammers on site. No long would being a repo man be the most dangerous line or work. =]

    On a more serious note spammers using these open wireless networks to send spam kind of negates the whole black list mail server things doesn't it.
  • by Anonymous Coward
    Both forced entries onto the wireless network I administer were for the purpose of sending spam email. The distance between the two incidents was 27 miles away from one another--the emails were for different "products and/or services," so the assumption is that it was two different spammers.

    Are spammers looking for open WLANs? Yes. And if they're not open, some are even attempting to find another way onto the network:

    Personally, I'd never thought anyone would go to the lengths of MAC Address Spoofing, Air

For every bloke who makes his mark, there's half a dozen waiting to rub it out. -- Andy Capp

Working...