Toronto, The Naked City 212
PunWork writes "In an effort to promote wireless network security, Toronto consulting firm IpEverywhere (pun intended) has published a map of downtown Toronto, showing the location of both encrypted and unencrypted ('naked') wireless networks. Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant? The Toronto Star has a story about the map and the consulting firm here."
eh? (Score:1)
I dun get it.
Re:eh? (Score:2)
Get real.. (Score:2)
Re:Get real.. (Score:3, Informative)
http://www.securitytribe.com/
Navigate it to the wardriving section.
Santa seems pretty lax on security, you'll notice.
Re:Get real.. (Score:1)
False conclusions (Score:2)
1) WEP all by itself is simply not secure.
2) If you are using another form of encryption (such as IPSEC) then WEP would slow down your network without any security benefits because the data stream would be encrypted twice.
By way of example, I run a Linux server and Linux laptop. The server has a second ethernet interface that is dedicated to the wireless device. Both the laptop and the server are configured to drop all packets arriving or departing via the wireless device except for IPSEC (esp protocol and udp port 500). Forwarding in the server is only permitted from the ipsec (post-decode) interface. If someone wants to use my broadband connection then they have to break IPSEC.
And yet these guys would flag me on their map as an insecure station because I don't use WEP. Maybe they should re-make the map based on whether or not their roaming node can do more than just handshake. Like, try connecting to Slashdot or something....
its not an "or" situation (Score:4, Insightful)
1. the idiots will try and hack and abuse.
2. the companies will slowly gain awareness, try to figure out how to secure themsleves, secure funding, initiate sucurity protocols, fix holes, etc.
gee, i wonder who will get going first. the company or the idiots.
Re:its not an "or" situation (Score:4, Insightful)
However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup.
Re:its not an "or" situation (Score:2)
I agree. There is a similar lack of security on ResNets by clueless students. Basically at the start of each semester, some of by buddies scan the resnets for insecure machines and print out some security documentation on the printer of the insecure person or deposit a helpful security document on the person's Windows desktop. (I don't actually do this because I don't live in university residence.)
If people did that on wardrives, you might call it 'drive-by security consulting' .
Is locking down the MAC addresses sufficient? (Score:2)
My friend has a Linksys wireless base station and laptop; I gave him some minimal help in setting it up in "infrastructure" (unrestricted?) mode.
Unless there is some sort of "wireless sniffer" which can detect in-use MAC addresses, and also unless the wireless NIC can modify its own MAC, restricting the Linksys base station to a specific set of MACs should be sufficient for small-system security, correct?
It would be even better if I could take a MAC from an old NE2000 10Base2 ethernet card and use that MAC, since anyone trying to guess a MAC would probably use the ranges that have been assigned to the WAN manufacturers. It would be best if this could be done under Windows (in spite of my distaste for MS).
I'm just looking for a "hosts.deny" sort of security; I don't really need encryption (and I understand that wireless encryption has been broken anyway).
Pardon me for any technical errors; I'm clueless about wireless.
Re:Is locking down the MAC addresses sufficient? (Score:2)
Er. Yes.
Anyone can sniff the valid MACs out of the air and spoof a valid MAC. Useing a old MAC buys you nothing. There are 2^48 MACs so it is unlikely that anyone will randomly try MACs. They will sniff.
To be secure you need WEP. It is not perfect, but if you change your secret atleast once a month you will be far better off then doing nothing. WEP will provide both date security, but also the access controls that you want.
If you really want to be secure you would setup airsnort to try and crack your secret. Once you have half the number of weak packets required to crack, set a new secret. Other options include: use Cisco cards only and Leap; Use Orinoco cards with the new (beta) drivers that don't use weak WEP IVs; Use a proper VPN for all traffic going over the wireless link.
But you in particular have a linksys and don't want to buy new gear. So use WEP and change the key.
Re:its not an "or" situation (Score:2)
adsl-68-20-215-135.dsl.chcgil.ameritech
dsc01.hoi-tx-6.rasserver.net - - [10/Sep/2002:13:19:58 -0700] "GET
NNNNNNNNNNNNN
0003%u8b00
207.248.53.14 - - [10/Sep/2002:18:38:14 -0700] "GET
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u68
b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 328
Re:its not an "or" situation (Score:3, Interesting)
the hackers will get the maps and start mucking with wireless nets in toronto. As the owners of the wireless nets notice that they're being abused, they'll call security firms hoping they will fix the problems.
Companies with weak security don't usually know they have weak security, and they don't read up on security news, so they won't know that ipeverywhere has "assisted" hackers in finding their insecure wireless network. But if they do find out, then they'll realize that the security firms and the hackers are working hand-in-hand to get $$$ from the companies. They may not be complicit, but they are symbiotic. This is just another case along the lines of what gweeds was talking about at HK2K [theregister.co.uk]
, but you knew that already..... right?
Ironically... (Score:3, Funny)
That's lame (Score:2, Insightful)
Maybe someone should make a new insecure Linux distro called "Naked Linux". It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan). In the mean time Windows is trying to get dressed. Stupid 2 legged pants!
Re:That's lame (Score:2)
Well, the latest RedHat beta is now called "null", so you never know...
Soko
Re:That's lame (Score:1, Offtopic)
--trb
Its obvious! (Score:2)
I'd put my life savings on the aduse of the ignorant.
Lets see, annually, people get viruses from opening attachments in their emails. How many people, do you think, get re-infected because of ignorance?
How many people go to windowsupdate.microsoft.com for security patches?
Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.
I anticipate a lot of abuse in the city of Toronto...
Re:Its obvious! (Score:4, Insightful)
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!
oh man that is really funny!
Most IT people dont know squat. and very very few of them know much about, let alone even understand security.
If your statement were true then corperate break ins and virus's would be a much smaller problem.. 99% of all virus attacks I get are from INSIDE corperate coming from the T1 ties to the NOC not from any of my users or the internet gateway I have. Whenever there's a discussion about Virus scanners and basic virii security.. over 1/2 the IT professionals on the conference call have no idea how to ensure that all the machines are up to date or protect their networks.
Also, I have had to resort to firewalling the corperate side to protect my network... Yes, the TRUSTED corperate network T1 tie is firewalled by me to keep out attackers and virii.
I am one of about 700 IT professionals in my corperation... and I have to spend valuable time securing my network from the bungling boobs that this company hired.
Re:Its obvious! (Score:2)
map here (Score:1, Informative)
Spammers (Score:5, Insightful)
Re:Spammers (Score:1)
Drive-by spamming.
Ugh...
Re:Spammers (Score:1)
Re:Spammers (Score:1)
Damn, stop giving them ideas!
I'll Give Admins Some Ideas Too Then. :) (Score:1)
- Block outbound/inbound port 25 traffic, except to/from local MX. Or, block it totally, if possible.
- Block common proxy ports.
- Route all HTTP traffic thru a secured proxy.
That should cut off most of the routes that spammers use to spam. Any WLAN that does not take these steps will soon become a spammer magnet.Re:Spammers (Score:1, Informative)
Re:Spammers (Score:1)
Come, spammers! To my unsecured tr^H^Hap! (Score:2)
... obligitory simpsons reference (Score:1, Offtopic)
Mr. Freely? come on guys, I.P. Freely!?
Computer viruses go airborne (Score:4, Interesting)
What is to stop viruses now becoming "airborne" and people who use an open wireless network unwittingly picking them up or (knowingly or unknowingly) transmitting them into open wireless networks?
Surely most people who wardrive would be smart enough to avoid them through various means... but most people who use computers are fairly clueless about security and virus protection.
Any known cases of wifi virus infection?
Re:Computer viruses go airborne (Score:2)
IIRC, This has happened, and may happen again, but it's REALLY REALLY UNTHINKABLY RARE. Most network stacks have been rock solid for 30 or 40 years.
So yes, it's a nice, scary theory. But I wouldn't bet on it happening any time soon.
Re:Computer viruses go airborne (Score:2)
Lets say I have a computer that is infected with a virus. This virus (say Klez) looks for network shared drives to copy itself to.
I also have a 802.11b network.
Someone has a laptop with a shared network drive with, for some reason (ignorance), full permissions turned on.
Said person logs into my network because they are nearby and their network card finds the network (windows XP does this nicely) and then Klez, running on my machine, finds your network drive and copies itself there as "readme.txt.exe" or something else like that.
Could be more likely than you might want to think. Only involves two stupid people in proximity who have technology they don't understand to have it happen. I can't even swing a dead keyboard* and not hit two idiots with Technology around here.
(*swinging dead cats is just too hard)
Re:Computer viruses go airborne (Score:1)
Re:Computer viruses go airborne (Score:2)
Travis
Maps (Score:2)
I thought I remember seeing a site once where you could just enter a zip code to get an idea.
Toronto, the most secure city? (Score:2)
Did they make tcp connections to find out?
United States Consulate - honeypot? (Score:2, Informative)
Re:United States Consulate - honeypot? (Score:2)
Yeah, and there are several in the Eaton Centre...maybe at Compucentre?
Wireless nodes.. (Score:4, Funny)
Re:Wireless nodes.. (Score:2)
You don't need a map. If you're in the core, all you have to do is turn yourself around 360 degrees and you will most likely see a coffe shop, probably a Starbucks or Timothy's (not to be confused with Tim Horton's.)
Re:Wireless nodes.. (Score:1)
Re:Wireless nodes.. (Score:2)
I can one-up you on that ... in the office tower where I used to work in Toronto, there were 3 coffee shops in the building and two of them were on the same floor.
Re:Wireless nodes.. (Score:2)
Re:Wireless nodes.. (Score:2)
So that makes 5 shops within about 150 paces.
Let's hear it for the government! (Score:1)
For those who don't know, Queen's Park is the seat of the Ontario government.
Re:Let's hear it for the government! (Score:1)
Yay, more drive-by spam. (Score:4, Interesting)
Thats right, the scum of the network are taking advantage of open wireless networks, whether they are chalked or grabbed off online maps such as net stumbler dot com [netstumbler.com]. The rise of drive-by hacking [bbc.co.uk] is a natural by-product of the wardriving/chalking community, and it would be naive to considering this a surprising development. Highjacking an open wireless network is only the smart thing to do for hackers whether they are after data or just a spamming platform.
This puts the pressure on network administrators to secure their wireless networks. It is far easier to drive by a NAP and jack in, and the proliferation of wireless networks could obsolete physical intrusion techniques such as connecting a Dreamcast or iPAQ [slashdot.org] to an internal network. Tools for wardriving are readily available, such as THC-warDrive [thehackerschoice.com]. A lazy or incompetant network administrator makes it easy for a kid with the parents car, a pringles can, and a laptop.
Re:Yay, more drive-by spam. (Score:2)
I'm not saying drive-by spamming is not a theoretical possibility; I'd argue that there are a number of reasons why you won't see it in widespread use. Firstly, it's no harder to create a throwaway AOL account and spam from there. Secondly, one of the reasons why spamming is so prevalent is because it's entirely anonymous: sitting in front of someone's house hoping they don't spot you streaming through their network simply isn't. A lot of people really hate spammers; it's easy for spammers to laugh at their hatred from their own homes. It's a lot harder when they're sitting in a car, hoping you're not going to leap out with a baseball bat and explain a few things to them.
I understand your concerns about this hypothetical behaviour. But as someone who runs an open network, regularly uses other's open networks, and realises that security is more than just throwing up some foo around the LAN perimeter and hoping no-one gets through, I think it's a distraction from the real problems we have now.
*Yawn* (Score:2)
scanning wireless [wardriving.com]
networks [securitytribe.com]
for a long time now...
Accuracy of map? (Score:1)
Jez curious is all...
Re:Accuracy of map? (Score:1)
Re:Accuracy of map? (Score:1)
Re:Accuracy of map? (Score:1)
Re:Accuracy of map? (Score:1)
You missed the other Naked Reference... (Score:2)
A quote (Score:1)
Fire the Net Admin, and call our lawers were going to see IpEverywhere in Court
Bang the Marketing Drum (Score:1)
Re:Bang the Marketing Drum (Score:1)
Out
the map fails.... (Score:2)
An old story gets worse (Score:1)
Today, when people have a wireless "jack" to which large masses of people can plug in and make use of their connection/network/internet.
Seems to me that as technology progresses so do the ways to abuse it, and the stupid ways in which people leave themselves open to abuse...
General Public Ignorance keeps me employed - phorm
Unsecured networks at US Consulate? (Score:2)
Unencrypted != unsecured (Score:5, Insightful)
And after you've secured your network on a higher level than OSI 1, you can be less paranoid about WEP. So much less, that some claim that DISabling WEP is not a bad thing at all. Think about it, you already have encryption taken care of, so why not make your network more stable, robust and fast by disabling WEP?
Those 'wardriving' pictures should make a distinction between "secured with WEP", "no WEP, but I cannot use the network because of IPsec/VPN/whatever" and "no WEP, and I can surf freely through it".
-Leto2
Re:Unencrypted != unsecured (Score:2, Insightful)
WEP Enabled (Worse, false sense of security) instead of:
WEP Enabled (Good)
the image.... (Score:2, Offtopic)
Re:the image.... (Score:2)
According to weather.com [weather.com], the current temperature in Toronto is 84F, or about 29C. I don't think that's cold enough for significant shrinkage.
You don't need a map (Score:3, Funny)
Uh-oh. (Score:2)
Soko
Re:Uh-oh. (Score:2)
Not necessarily a problem (Score:3, Interesting)
Remember, WEP is not the be all and end all of wireless security. Just because those networks don't have WEP doesn't mean they aren't secured in another, quite possibly better, way.
Of course, they could also be totally open. No way to know without taking your laptop on a walk I suppose... let us know what you find out if you do.
Re:Not necessarily a problem (Score:2)
I wish I _could_ find out if it's still wide open - I'm a ways away in Hamilton right now. And one does not just "go to Toronto" on a whim - the gridlock is viscious, so I'll rely on others to find out and post what they saw.
Soko
Re:Uh-oh. (Score:2, Funny)
Don't worry Scott Kormick (SIN: 574-782-401). All of your personal information -- such as your annual salary of $45,490 as Assistant Manager of a Subway franchise, your 12 unpaid parking tickets, and your criminal record (shame on you for drinking in High Park) -- is secure within the governement's system.
In order to assure you, I stopped by your house at 312 College St. to let you know in person. I guess you were at the hospital having that nasty rash looked at (I hear it's hereditary).
Oh, and your cat Snickers is cute.
I work in IT... (Score:3, Funny)
Re:I work in IT... (Score:2)
Cheers
Arg, they keep making that mistake!! (Score:1)
I know it's a wireless technology, but WEP is (in theory at least) wired equivalent privacy - that is, it's supposed to be about as good and private as cat5, arrrrrg!
This is a problem everywhere! (Score:2)
Wireless in trouble? (Score:3, Interesting)
With all this on war driving and hacking into networks for fun or foul, we better start being careful of what we say and how we act. (be nice)
We should realize that right now we have a great oppertunity to use wireless.
If admins continue to leave networks that need to be secure open to the public they are going to get hacked -in one form or another, maybe just harmlessly syphoning bandwidth, maybe stealing private information - but something is going to happen regardless.
What I fear hear is government regulation. Right now it is the resposibility of the admin who sets up this network to make sure it is reasonably secure. If wireless hacking becomes enough of a problem, governments will be compelled to regulate wireless networks. Sure some regulation may even be good, but from my perspective what is more likely to happen is it will be regulated to death.
Whenever we are forced to regulate we get these types of results: People who want to use wireless won't be able to comply with impossible for the little guy to comply with standards - experimentation dies, soon so does innovation.
Why should admins secure their network when they can rely on a government wireless police force to go around picking up the kiddies breaking into their network? Sounds stupid? that's right it sure is, but crap like this could very well happen. -We're allowed to remail lazy.
I have a wireless lan and it's reasonably secure... It isn't hack proof - nothing is. but it is encrypted and secured and stuff and also it is on it's own network, not directly tied into my wired lan... plus there isn't information on the wireless that could be considered "secret" or personal. I want the thing to work around the house for getting that there interweb. The access point is in the basement -- a simple thing, limits the coverage of the unit a lot - just the house and parts of the yard.
I'm still looking at other ways to secure it. I found a good one the other day SHUT IT OFF WHEN NOT IN USE. (who'd a thunk it?) Why can't businesses figure this one out?? put the power cord to the thing on a timer!! not business hours? no wireless!
Richmond and Spadina? (Score:1)
Even along Queen West, for that matter. Last I checked Queen West was a bunch of trendy clothing stores and used cd shops. Of course, I can't forget about Active Surplus, the best damn store in Toronto.
Am I missing something here?
Re:Richmond and Spadina? (Score:1)
Re:Richmond and Spadina? (Score:1)
Naked College (Score:2)
I love it. Time to h4x0r my grades.
U of T. (Score:2)
I'd make snarky comments about the prof who I suspect might be running the open network, but in this case I have no strong reason to suspect it's him.
Re:U of T. (Score:2)
Ok, then it isn't the nameless prof.
It just disturbs me that, in addition to having basically insecure workstations with their arses hanging out on the 'net with little or no filtering, that we are doing the equivalent of giving anyone who walks by an ethernet cable and saying "here! don't bother attacking us remotely, we'll give you a direct link!".
To their credit, the administrators do a fine job of keeping the system up and running. I just find security around here a little worrisome.
Technological darwinism. (Score:2)
Should how awareness is achieved be important? (Score:1)
Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant?
You act as if these are two mutually exclusive events. I do not believe them to be. Awareness is nice to be given in homeopathic doses, but I'm glad to see it spread given any opportunity.
I.P. Freely (Score:1)
Aluminum siding better than WEP (Score:4, Insightful)
Basically this stops any war drivers from seeing my network unless they get really lucky and creep up to the bushes outside one of the few windows that faces the street. If they do that I'm more at risk that they see ME naked than my network!
Anybody else notice specific physical obstacles that clobber reception?
Re:Aluminum siding better than WEP (Score:2)
I haven't tried this yet, but I'll check what my outside reception is like. I'm still trying to figure out how to set things up inside. I get AWESOME reception two floors below in the "dungeon", but who wants to compute in the dungeon? (INSERT BDSM PRON JOKE HERE)
I'm not sure if the heating ducts running up and through the house are helping it or not...
And my "spot" at the dining room table gets BALLS. Its quite close to the open stairwell (at the top of which is the room with the WAP diagonally opposite the door) but the waves will not travel.*
* Actually, I haven't checked since I re-positioned the wap on top of a 100 blank cd-r tower and tried to tilt the antennae in the right direction.
False sense of security (Score:2)
With your sheilding they might have to be just 1 or 2 km away, which still leaves them completely hidden, and your network totally open.
Naked != unprotected or insecure (Score:5, Insightful)
That means that many of the "unsecured" nodes in this report may have had other means of securing themselves, from switch- or AP-based MAC filtering to captive portals such as NoCat. Moreover, the protocol for this study did not establish whether the open APs in question were handing out DHCP leases (or, indeed, whether they were connected to the Internet at all).
Finally, this study did not investigate in any depth whether the open APs were deliberately or accidentally left open. Many of us run open "community" networks around the world (I operate one in Toronto at King and Niagara, and three in San Francisco, two at 19th and Shotwell, and one on Sycamore near 17th and Mission). These networks are deliberately "unsecured" and are provided out of public-spiritedness, or even out of a political commitment to providing tools for anonymous speech on the Internet -- anonymous speech being fundamental to democratic discourse.
Since WEP is such a poor "security" measure, the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy (either remote or on your own network). In fact, if you're a promiscuous user of any network -- conference centers, airport lounges, hotel rooms, schools, etc -- you should assume that unless your messages are encrypted, they will be sniffed on the wire.
The primary "security" concern about open wireless seems to be that a "rogue" AP will be installed behind a firewall. The firewall, of course, is hardly sufficient in and of itself for securing a network. It's based on the presumption that everyone on one side of the firewall is trustworthy, and everyone on the other side is untrustworthy. We know, though, that this is a fallacy. Getting inside the firewall -- either through physical intrusion (think of visitors to your office plugging into the the network to check mail) or virtually, by 0wning a box on the network with a trojan -- is not difficult for a determined intruder. Meanwhile, the legitimate users of your network resources are often outside your firewall (mobile execs at a client site, for example) and thus not only walled off from the rest of the network, but also vulnerable to attack, since their machines' first line of defense is the firewall, which they are suddenly out of.
Security is hard. The proper place to draw your network perimiter isn't around your office, but around each machine. Personal firewalls, regular applications of security patches, good passwords and user education provide genuine security. Firewalls (and FUD about open APs) doesn't.
Re:Naked != unprotected or insecure (Score:2)
This can be abused, however, if someone sets up a rogue access point with the same ESSID (perhaps even spoofing a good AP's MAC) and then executes various known and implemented man-in-the-middle attacks against SSH/SSL sessions.
In fact, many, many applications fail silently in the presence of a MITM attack. If you are lucky you will see a warning from SSH. If you are UNlucky, you will think you are secure while someone with a rogue AP captures all your traffic, and perhaps even hijacks a session.
You can do this with commodity amplifiers (to ensure that your AP signal is higher than all the legitimate AP's) and easy to come by antennas.
Direct URL to the map (Score:2)
I work for a computer company at the corner of Bay and Dundas on the map, which has tons of red push pins. Luckily there are no nudist colonies here
-Shieldwolf
Hey! (Score:2)
Flash? (Score:3, Informative)
You are ignorant (Score:2)
This is the wrong approach (Score:2, Insightful)
In fact I would go so far as to say this is an unauthorised pen-test, in that part of a pen-test is in finding hosts/networks in the same way the physical location has been found, but not only found, also published.
I dont know where liability and juristiction come into play here, i'm surprised these guys/gals are prepared to go this extreme and risk finding out.
Surely a CNN interview would do their careers good and promote the issue far wider than a website could?
Re:While Bush Fucks America, Canada Just Looks Bet (Score:1, Offtopic)
So much for our pristine nature.
Re:While Bush Fucks America, Canada Just Looks Bet (Score:2)
Re:While Bush Fucks America, Canada Just Looks Bet (Score:2)
What really bothers me, is that I drive to work and even though the "drive clean" program has been in effect for years, I'm still seeing black exhaust comming out of trucks and cars. Or about Canadian companies like Eco Logic that have working systems to clean up hazardeous waste, yet receive no support from the government, that still incinerates garbage and pcbs. (kirkland lake area residents what out!).
Not to mention the pollutants from the coal burning electrical plants in Ontario. Let's invest a couple of million and put scrubbers on the stacks so that tons of carbon isn't spewed into the air. And oh, yes, Ohio thanks for your contributions to our haze. You're one of the dirtest states there is, but you don't notice because it blows over here.
I've considered moving just for my health's sake, at a great financial loss. Thanks to the government for giving me this option. (Die of lung cancer, or other respertory disease, or move).
Re:Easy to build such a map in Toronto (Score:2)