Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Toronto, The Naked City 212

PunWork writes "In an effort to promote wireless network security, Toronto consulting firm IpEverywhere (pun intended) has published a map of downtown Toronto, showing the location of both encrypted and unencrypted ('naked') wireless networks. Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant? The Toronto Star has a story about the map and the consulting firm here."
This discussion has been archived. No new comments can be posted.

Toronto, The Naked City

Comments Filter:
  • Toronto consulting firm IpEverywhere (pun intended)

    I dun get it.

    • Well the submitter name is "PunWork". So maybe he just constantly tries to find puns that work. I'll I have to say is don't quit your day job PunWork, whatever that is!
  • Like Toronto's local wardrivers don't have maps that blow that one out of the water.
    • Re:Get real.. (Score:3, Informative)

      by unicron ( 20286 )
      Follow up: Wardrive map of the North Pole:


      Navigate it to the wardriving section.

      Santa seems pretty lax on security, you'll notice.
    • who has sites? I've got this one [nerdsunderglass.com]
    • The map and site determine "secure" and "insecure" solely by whether or not the node uses WEP. That's wrong for two reasons:

      1) WEP all by itself is simply not secure.

      2) If you are using another form of encryption (such as IPSEC) then WEP would slow down your network without any security benefits because the data stream would be encrypted twice.

      By way of example, I run a Linux server and Linux laptop. The server has a second ethernet interface that is dedicated to the wireless device. Both the laptop and the server are configured to drop all packets arriving or departing via the wireless device except for IPSEC (esp protocol and udp port 500). Forwarding in the server is only permitted from the ipsec (post-decode) interface. If someone wants to use my broadband connection then they have to break IPSEC.

      And yet these guys would flag me on their map as an insecure station because I don't use WEP. Maybe they should re-make the map based on whether or not their roaming node can do more than just handshake. Like, try connecting to Slashdot or something....

  • by deft ( 253558 ) on Tuesday September 10, 2002 @01:10PM (#4229512) Homepage
    both will happen.

    1. the idiots will try and hack and abuse.
    2. the companies will slowly gain awareness, try to figure out how to secure themsleves, secure funding, initiate sucurity protocols, fix holes, etc.

    gee, i wonder who will get going first. the company or the idiots.

    • by rkwright ( 75860 ) <rkwright3@yah o o . com> on Tuesday September 10, 2002 @01:22PM (#4229651)
      I agree. If you take a look at other areas in computer security (for example, Windows 2000 servers and insecure IIS setups), the actual breakins/worms/etc. have (albeit slowly) caused more admins to lock down their Win2K servers. It has also caused a change for the better with the vendor (Microsoft) in that the next version of their server software (.Net Server 2003) will initially be relatively locked down, and the admin who is configuring the server will have to specifically turn services on. Thus, abusers and intruders have a necessary place by providing the motivation for improving security.

      However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup.
      • "However, with so many consumer-based 802.11 access points out there, I doubt that Joe Homeoffice will even realize how to lock down their networks. In this case, the vendors should start by having as much default security as possible, as well as some helpful reading in the instruction manuals for how to secure your wireless setup."

        I agree. There is a similar lack of security on ResNets by clueless students. Basically at the start of each semester, some of by buddies scan the resnets for insecure machines and print out some security documentation on the printer of the insecure person or deposit a helpful security document on the person's Windows desktop. (I don't actually do this because I don't live in university residence.)

        If people did that on wardrives, you might call it 'drive-by security consulting' .

      • My friend has a Linksys wireless base station and laptop; I gave him some minimal help in setting it up in "infrastructure" (unrestricted?) mode.

        Unless there is some sort of "wireless sniffer" which can detect in-use MAC addresses, and also unless the wireless NIC can modify its own MAC, restricting the Linksys base station to a specific set of MACs should be sufficient for small-system security, correct?

        It would be even better if I could take a MAC from an old NE2000 10Base2 ethernet card and use that MAC, since anyone trying to guess a MAC would probably use the ranges that have been assigned to the WAN manufacturers. It would be best if this could be done under Windows (in spite of my distaste for MS).

        I'm just looking for a "hosts.deny" sort of security; I don't really need encryption (and I understand that wireless encryption has been broken anyway).

        Pardon me for any technical errors; I'm clueless about wireless.

        • Pardon me for any technical errors; I'm clueless about wireless.

          Er. Yes. :-)

          Anyone can sniff the valid MACs out of the air and spoof a valid MAC. Useing a old MAC buys you nothing. There are 2^48 MACs so it is unlikely that anyone will randomly try MACs. They will sniff.

          To be secure you need WEP. It is not perfect, but if you change your secret atleast once a month you will be far better off then doing nothing. WEP will provide both date security, but also the access controls that you want.

          If you really want to be secure you would setup airsnort to try and crack your secret. Once you have half the number of weak packets required to crack, set a new secret. Other options include: use Cisco cards only and Leap; Use Orinoco cards with the new (beta) drivers that don't use weak WEP IVs; Use a proper VPN for all traffic going over the wireless link.

          But you in particular have a linksys and don't want to buy new gear. So use WEP and change the key.
      • Joe Homeoffice certainly doesn't know how to lock down his Web server.

        adsl-68-20-215-135.dsl.chcgil.ameritech .net - - [10/Sep/2002:12:47:47 -0700] "GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir" 404 83

        NNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685 8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858% ucbd3%u7801%u9090%u9090%u8190%u00c3%u
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u685 8%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858% ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u5 31
        b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 328
    • here's what will happen:
      the hackers will get the maps and start mucking with wireless nets in toronto. As the owners of the wireless nets notice that they're being abused, they'll call security firms hoping they will fix the problems.
      Companies with weak security don't usually know they have weak security, and they don't read up on security news, so they won't know that ipeverywhere has "assisted" hackers in finding their insecure wireless network. But if they do find out, then they'll realize that the security firms and the hackers are working hand-in-hand to get $$$ from the companies. They may not be complicit, but they are symbiotic. This is just another case along the lines of what gweeds was talking about at HK2K [theregister.co.uk]
      , but you knew that already..... right?

  • by Anonymous Coward on Tuesday September 10, 2002 @01:12PM (#4229535)
    The map on the site doesn't cover Toronto's nude beach at Hanlan's point.
  • That's lame (Score:2, Insightful)

    by Jonny Ringo ( 444580 )
    Unencrypted networks are now referred as "naked" networks? They just called it that to get more people to read it.

    Maybe someone should make a new insecure Linux distro called "Naked Linux". It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan). In the mean time Windows is trying to get dressed. Stupid 2 legged pants!

    • It will be great for the desktop to compete with Windows whom has always been naked. (Maybe that's Red Hats secret Plan).

      Well, the latest RedHat beta is now called "null", so you never know...

    • Re:That's lame (Score:1, Offtopic)

      by (trb001) ( 224998 )
      Oh, would that distro come pre-installed with this [virtuagirl.com]?

  • Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant?

    I'd put my life savings on the aduse of the ignorant.

    Lets see, annually, people get viruses from opening attachments in their emails. How many people, do you think, get re-infected because of ignorance?

    How many people go to windowsupdate.microsoft.com for security patches?

    Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.

    I anticipate a lot of abuse in the city of Toronto...
    • Re:Its obvious! (Score:4, Insightful)

      by Anonymous Coward on Tuesday September 10, 2002 @01:21PM (#4229635)
      Yeah, most IT people know what they are doing, and don't do anything foolish with their security, but you know that a lot of average users are learning to setup networks, and setting up a wireless network isn't exactly rocket science.

      oh man that is really funny!

      Most IT people dont know squat. and very very few of them know much about, let alone even understand security.

      If your statement were true then corperate break ins and virus's would be a much smaller problem.. 99% of all virus attacks I get are from INSIDE corperate coming from the T1 ties to the NOC not from any of my users or the internet gateway I have. Whenever there's a discussion about Virus scanners and basic virii security.. over 1/2 the IT professionals on the conference call have no idea how to ensure that all the machines are up to date or protect their networks.

      Also, I have had to resort to firewalling the corperate side to protect my network... Yes, the TRUSTED corperate network T1 tie is firewalled by me to keep out attackers and virii.

      I am one of about 700 IT professionals in my corperation... and I have to spend valuable time securing my network from the bungling boobs that this company hired.
      • Hmmm... Lets see 11:21 by my time, I think that would make it 1:21 in Toronto? Yep, I think your company does need to get rid of some of those bungling boobs they have working on their network ;)
  • map here (Score:1, Informative)

    by Anonymous Coward
  • Spammers (Score:5, Insightful)

    by The Turd Report ( 527733 ) <the_turd_report@hotmail.com> on Tuesday September 10, 2002 @01:14PM (#4229561) Homepage Journal
    I wonder how long it will take spammers to clue in on this? It is a wonderful deal for spammers; as they are untraceable via this method. There are steps that people running these networks could do to prevent spammers, but still allow legit users. But, you all know how well some admins look after security...
  • i don't quite understand this... lets do an interview with the author.

    Mr. Freely? come on guys, I.P. Freely!?
  • by jhines0042 ( 184217 ) on Tuesday September 10, 2002 @01:17PM (#4229584) Journal
    People get viruses delivered the their computers via email, the net, etc...

    What is to stop viruses now becoming "airborne" and people who use an open wireless network unwittingly picking them up or (knowingly or unknowingly) transmitting them into open wireless networks?

    Surely most people who wardrive would be smart enough to avoid them through various means... but most people who use computers are fairly clueless about security and virus protection.

    Any known cases of wifi virus infection?

    • For a virus to be able to infect your system simply by sending a network packet to your machine, that requires that someone first finds a remote root vulnerability within the network stack of your operating system.

      IIRC, This has happened, and may happen again, but it's REALLY REALLY UNTHINKABLY RARE. Most network stacks have been rock solid for 30 or 40 years.

      So yes, it's a nice, scary theory. But I wouldn't bet on it happening any time soon.
      • Nice scary theory, but...

        Lets say I have a computer that is infected with a virus. This virus (say Klez) looks for network shared drives to copy itself to.

        I also have a 802.11b network.

        Someone has a laptop with a shared network drive with, for some reason (ignorance), full permissions turned on.

        Said person logs into my network because they are nearby and their network card finds the network (windows XP does this nicely) and then Klez, running on my machine, finds your network drive and copies itself there as "readme.txt.exe" or something else like that.

        Could be more likely than you might want to think. Only involves two stupid people in proximity who have technology they don't understand to have it happen. I can't even swing a dead keyboard* and not hit two idiots with Technology around here.

        (*swinging dead cats is just too hard)
    • Do you have ANY idea how viruses actually spread? the medium is irrelevant.

  • Which other sites show maps of APs? I'd like to see if my neighbor's is on there. Wide open...default password on the router...

    I thought I remember seeing a site once where you could just enter a zip code to get an idea.
  • It might be that all these points are simply honeypots.

    Did they make tcp connections to find out?
  • by ldopa1 ( 465624 ) on Tuesday September 10, 2002 @01:18PM (#4229601) Homepage Journal
    Cool, now when I go to Toronto, I have a map of all of the Starbucks downtown...
    • "Cool, now when I go to Toronto, I have a map of all of the Starbucks downtown..."

      You don't need a map. If you're in the core, all you have to do is turn yourself around 360 degrees and you will most likely see a coffe shop, probably a Starbucks or Timothy's (not to be confused with Tim Horton's.)

  • I can only assume that those red pins in and around Queen's Park are part of some government "Broadband for the Masses" program. Surely the government would never be lax on security.

    For those who don't know, Queen's Park is the seat of the Ontario government.

    • Although Queen's Park has a few pins stuck in it, the rows of red to the left of it are all University of Toronto - Engineering school is on College Ave. just west of Queen's Park if memory erves me correctly... Lots of red down there... hehe, Let's hear it for the engineers!
  • by EvilAlien ( 133134 ) on Tuesday September 10, 2002 @01:22PM (#4229647) Journal
    All we need is more drive-by spam [com.com].

    Thats right, the scum of the network are taking advantage of open wireless networks, whether they are chalked or grabbed off online maps such as net stumbler dot com [netstumbler.com]. The rise of drive-by hacking [bbc.co.uk] is a natural by-product of the wardriving/chalking community, and it would be naive to considering this a surprising development. Highjacking an open wireless network is only the smart thing to do for hackers whether they are after data or just a spamming platform.

    This puts the pressure on network administrators to secure their wireless networks. It is far easier to drive by a NAP and jack in, and the proliferation of wireless networks could obsolete physical intrusion techniques such as connecting a Dreamcast or iPAQ [slashdot.org] to an internal network. Tools for wardriving are readily available, such as THC-warDrive [thehackerschoice.com]. A lazy or incompetant network administrator makes it easy for a kid with the parents car, a pringles can, and a laptop.

    • Actually, the scum of the network aren't taking advantage of wireless networks. There are, as we speak, no reports of drive-by spamming in the wild. The article you reference claims to have such evidence, but it was a ZDNet journalist distorting what he heard from an expert. I know, I asked the expert [oblomovka.com].

      I'm not saying drive-by spamming is not a theoretical possibility; I'd argue that there are a number of reasons why you won't see it in widespread use. Firstly, it's no harder to create a throwaway AOL account and spam from there. Secondly, one of the reasons why spamming is so prevalent is because it's entirely anonymous: sitting in front of someone's house hoping they don't spot you streaming through their network simply isn't. A lot of people really hate spammers; it's easy for spammers to laugh at their hatred from their own homes. It's a lot harder when they're sitting in a car, hoping you're not going to leap out with a baseball bat and explain a few things to them.

      I understand your concerns about this hypothetical behaviour. But as someone who runs an open network, regularly uses other's open networks, and realises that security is more than just throwing up some foo around the LAN perimeter and hoping no-one gets through, I think it's a distraction from the real problems we have now.
  • This is news? People have been [cubicmetercrystal.com]
    scanning wireless [wardriving.com]
    networks [securitytribe.com]
    for a long time now...
  • How accurate could/should a map like this be? Last time I was in Toronto the NW corner of Jarvis/Dundas (right side, middle of map) was a parking lot, but there are a few red flags there... does that make sense? Admittedly, the parking lot could have been built upon in the past few months, but I doubt it. Or someone could be running a network from their van. Or I just don't know enough about this sort of thing.

    Jez curious is all...

  • Direct from Toronto: Naked News!!! [nakednews.com]
  • A quote taken from a CEO in fits of rage when he finds out that his company is on that list:

    Fire the Net Admin, and call our lawers were going to see IpEverywhere in Court

  • This sounds like a consulting firm drumming up business for themselves. Kind of like the telemarketers that call everyday offering to sell us toner at a reduced rate.

  • What about properly secured public/community wireless portals that use nocatnet [nocat.net] for user authentication? they dont use WEP as it's useless for this kind of community access point. while nocatauth does quite well at making open portals available for members.
  • In the old days... when somebody had an easily accessed jack to their phone system into which you could plug a phone (or modem, although laptops weren't as popular) and make long distance calls

    Today, when people have a wireless "jack" to which large masses of people can plug in and make use of their connection/network/internet.

    Seems to me that as technology progresses so do the ways to abuse it, and the stupid ways in which people leave themselves open to abuse...
    General Public Ignorance keeps me employed - phorm
  • There's a pair red pins (unsecured WAPs) on the west side of University Avenue between Dundas and Queen, right about where the US Consulate is.
  • by Leto2 ( 113578 ) on Tuesday September 10, 2002 @01:42PM (#4229833) Homepage
    People, unencrypted by WEP doesn't mean unsecured. We all know 802.11 WEP has its shortcomings, so more and more administrators are relying on different techniques to secure their wireless LAN, IPsec and VPN to name a few.

    And after you've secured your network on a higher level than OSI 1, you can be less paranoid about WEP. So much less, that some claim that DISabling WEP is not a bad thing at all. Think about it, you already have encryption taken care of, so why not make your network more stable, robust and fast by disabling WEP?

    Those 'wardriving' pictures should make a distinction between "secured with WEP", "no WEP, but I cannot use the network because of IPsec/VPN/whatever" and "no WEP, and I can surf freely through it".


  • the image.... (Score:2, Offtopic)

    by _ph1ux_ ( 216706 )
    ...in my head was of naked warwalkers. but, isnt it cold in toronto? just think of the shrinkage.
  • by wytcld ( 179112 ) on Tuesday September 10, 2002 @01:46PM (#4229867) Homepage
    As the map shows, about anywhere you go in Toronto, there's open access. Since there is no crime in Canada, this is not a problem, it's a feature.
  • by Soko ( 17987 )
    Queens Park (look on north portion of the map) is the seat of the Ontario Provincial Legislature, not an open, green space. This means that there are (or were) 2 open, non WEP (like that mattered) access points within the government offices. I really, really hope these are isolated from the internal network via firewalls - I don't want all of the info that the Ontario Government has on it's citizens (like me and my family) being broadcast for anyone to see/save/use.

    • Actually, it's both. There is a small (5-minute-walk diameter) park north of the government buildings. Of the Queen's Park oval, probably 40% of it is buildings. (It's the gray part of the map.)
    • by Arker ( 91948 )

      Remember, WEP is not the be all and end all of wireless security. Just because those networks don't have WEP doesn't mean they aren't secured in another, quite possibly better, way.

      Of course, they could also be totally open. No way to know without taking your laptop on a walk I suppose... let us know what you find out if you do.

      • Ummmm...that was the point of my post. WEP is more or less just a padlock - it only really keeps out the curious. Someone looking for access won't have much trouble getting past that. In order to dead-bolt the access, the wireless access points should be on the untrusted side of a firewall, with VPN access for authorised machines.

        I wish I _could_ find out if it's still wide open - I'm a ways away in Hamilton right now. And one does not just "go to Toronto" on a whim - the gridlock is viscious, so I'll rely on others to find out and post what they saw. :)

    • Re:Uh-oh. (Score:2, Funny)

      by Greedo ( 304385 )
      I don't want all of the info that the Ontario Government has on it's citizens (like me and my family) being broadcast for anyone to see/save/use.

      Don't worry Scott Kormick (SIN: 574-782-401). All of your personal information -- such as your annual salary of $45,490 as Assistant Manager of a Subway franchise, your 12 unpaid parking tickets, and your criminal record (shame on you for drinking in High Park) -- is secure within the governement's system.

      In order to assure you, I stopped by your house at 312 College St. to let you know in person. I guess you were at the hospital having that nasty rash looked at (I hear it's hereditary).

      Oh, and your cat Snickers is cute.

  • by wo1verin3 ( 473094 ) on Tuesday September 10, 2002 @01:51PM (#4229918) Homepage
    With IT people in the Toronto area... here is how serious they took this map.... Several of them wanted to know if we could find the blinking red dot over their house. :(
    • The first thing I did was check to see the one that I administer (at the corner of Bay & Elm Streets). I work in a little Mac Store here, and one of the services we provide to our customers (and everyone else) is free wireless access. I should probably WEP my network, and at least have them ask for the password to log in... but I'm just too lazy. We're open 'till midnight on weekdays, so I might get around to it tonight. If you're in the area, drop by and ask for Daniel... If you tell me you saw my posting on /. um... I'll give you a free Ambrosia SW CD. Otherwise... free AirPort access until I secure it.


  • while black triangles indicate networks protected with WEP -- "wireless equivalent privacy" -- encryption.

    I know it's a wireless technology, but WEP is (in theory at least) wired equivalent privacy - that is, it's supposed to be about as good and private as cat5, arrrrrg!

  • This is a problem in just about every city. I live on a tree lined residential street in Santa Monica, CA. There's no real offices or businesses within about a half mile because I live between two public parks. I was planning on putting in a wireless network in my house so I bought a card and put it in my laptop. I was AMAZED to find that it locked right up to someone else's network immediately! I was able to browse the web, and even look at their shared files. This was true on channel after channel on the card. I can only imagine how it must be even worse in an industrial area. Now I know why my 2 Ghz spread spectrum phone has such poor range.
  • Wireless in trouble? (Score:3, Interesting)

    by Anonym1ty ( 534715 ) on Tuesday September 10, 2002 @01:56PM (#4229965) Homepage Journal

    With all this on war driving and hacking into networks for fun or foul, we better start being careful of what we say and how we act. (be nice)

    We should realize that right now we have a great oppertunity to use wireless.

    If admins continue to leave networks that need to be secure open to the public they are going to get hacked -in one form or another, maybe just harmlessly syphoning bandwidth, maybe stealing private information - but something is going to happen regardless.

    What I fear hear is government regulation. Right now it is the resposibility of the admin who sets up this network to make sure it is reasonably secure. If wireless hacking becomes enough of a problem, governments will be compelled to regulate wireless networks. Sure some regulation may even be good, but from my perspective what is more likely to happen is it will be regulated to death.

    Whenever we are forced to regulate we get these types of results: People who want to use wireless won't be able to comply with impossible for the little guy to comply with standards - experimentation dies, soon so does innovation.

    Why should admins secure their network when they can rely on a government wireless police force to go around picking up the kiddies breaking into their network? Sounds stupid? that's right it sure is, but crap like this could very well happen. -We're allowed to remail lazy.

    I have a wireless lan and it's reasonably secure... It isn't hack proof - nothing is. but it is encrypted and secured and stuff and also it is on it's own network, not directly tied into my wired lan... plus there isn't information on the wireless that could be considered "secret" or personal. I want the thing to work around the house for getting that there interweb. The access point is in the basement -- a simple thing, limits the coverage of the unit a lot - just the house and parts of the yard.

    I'm still looking at other ways to secure it. I found a good one the other day SHUT IT OFF WHEN NOT IN USE. (who'd a thunk it?) Why can't businesses figure this one out?? put the power cord to the thing on a timer!! not business hours? no wireless!

  • I want to know who is using all those Wireless Networks all along Richmond near Spadina. I thought that was towards the end of the Club District.
    Even along Queen West, for that matter. Last I checked Queen West was a bunch of trendy clothing stores and used cd shops. Of course, I can't forget about Active Surplus, the best damn store in Toronto.

    Am I missing something here?
    • Actually, there are some pretty chic office spaces down there that are used by IT consulting firms. Offhand I can think of Cyberplex (may no longer be there) which is in the Paramount movie theatre building, and Toronto.com's offices. Chapters.ca as well...
    • Sure, lots of people, myself included live, in the area. I would guess that a good number of the WAPs they found are actually residential.
  • Apparently my college (George Brown) has a naked network. I never thought in a million years I would be reading something like that on Slashdot.

    I love it. Time to h4x0r my grades.
  • I notice one of the big red "abuse me" circles right in the middle of the U of Toronto engineering buildings, where they should know better.

    I'd make snarky comments about the prof who I suspect might be running the open network, but in this case I have no strong reason to suspect it's him.
  • I say abuse the ignorant and we can bring back darwinism in a technological point of view. Survival of the fittest.
  • Is this going to help spread awareness, or is this just going to encourage people to abuse the (apparently) ignorant?

    You act as if these are two mutually exclusive events. I do not believe them to be. Awareness is nice to be given in homeopathic doses, but I'm glad to see it spread given any opportunity.

  • Wouldn't IpFreely have been even funnier?
  • by elliotj ( 519297 ) <slashdot@nOSpaM.elliotjohnson.com> on Tuesday September 10, 2002 @02:24PM (#4230299) Homepage
    I setup a WIFI net at home recently and have found that the coverage I get inside the house is amazing. Outside it's a different story. I'm pretty sure that the aluminum siding is blocking the signal from leaving the building because I do get limited reception if I'm lined up with a window.

    Basically this stops any war drivers from seeing my network unless they get really lucky and creep up to the bushes outside one of the few windows that faces the street. If they do that I'm more at risk that they see ME naked than my network!

    Anybody else notice specific physical obstacles that clobber reception?
    • For this exact reason I have stopped the time honored practice of "checking the wifi atennae in the buff."

      I haven't tried this yet, but I'll check what my outside reception is like. I'm still trying to figure out how to set things up inside. I get AWESOME reception two floors below in the "dungeon", but who wants to compute in the dungeon? (INSERT BDSM PRON JOKE HERE)

      I'm not sure if the heating ducts running up and through the house are helping it or not...

      And my "spot" at the dining room table gets BALLS. Its quite close to the open stairwell (at the top of which is the room with the WAP diagonally opposite the door) but the waves will not travel.*

      * Actually, I haven't checked since I re-positioned the wap on top of a 100 blank cd-r tower and tried to tilt the antennae in the right direction.
    • Sorry, I can't find the link, but with the right equipment (all consumer available) you can easy link up to any wireless network up to 40 km away.

      With your sheilding they might have to be just 1 or 2 km away, which still leaves them completely hidden, and your network totally open.
  • by mouthbeef ( 35097 ) <doctorow@craphound.com> on Tuesday September 10, 2002 @02:37PM (#4230406) Homepage
    I just spoke with the COO of the IPEverywhere about this study, and confirmed that the methodology only established whether a node was running WEP (a "security measure" of dubious value).

    That means that many of the "unsecured" nodes in this report may have had other means of securing themselves, from switch- or AP-based MAC filtering to captive portals such as NoCat. Moreover, the protocol for this study did not establish whether the open APs in question were handing out DHCP leases (or, indeed, whether they were connected to the Internet at all).

    Finally, this study did not investigate in any depth whether the open APs were deliberately or accidentally left open. Many of us run open "community" networks around the world (I operate one in Toronto at King and Niagara, and three in San Francisco, two at 19th and Shotwell, and one on Sycamore near 17th and Mission). These networks are deliberately "unsecured" and are provided out of public-spiritedness, or even out of a political commitment to providing tools for anonymous speech on the Internet -- anonymous speech being fundamental to democratic discourse.

    Since WEP is such a poor "security" measure, the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy (either remote or on your own network). In fact, if you're a promiscuous user of any network -- conference centers, airport lounges, hotel rooms, schools, etc -- you should assume that unless your messages are encrypted, they will be sniffed on the wire.

    The primary "security" concern about open wireless seems to be that a "rogue" AP will be installed behind a firewall. The firewall, of course, is hardly sufficient in and of itself for securing a network. It's based on the presumption that everyone on one side of the firewall is trustworthy, and everyone on the other side is untrustworthy. We know, though, that this is a fallacy. Getting inside the firewall -- either through physical intrusion (think of visitors to your office plugging into the the network to check mail) or virtually, by 0wning a box on the network with a trojan -- is not difficult for a determined intruder. Meanwhile, the legitimate users of your network resources are often outside your firewall (mobile execs at a client site, for example) and thus not only walled off from the rest of the network, but also vulnerable to attack, since their machines' first line of defense is the firewall, which they are suddenly out of.

    Security is hard. The proper place to draw your network perimiter isn't around your office, but around each machine. Personal firewalls, regular applications of security patches, good passwords and user education provide genuine security. Firewalls (and FUD about open APs) doesn't.
    • the best practice for wireless users is to use SSH and/or SSL tunnels to secure sensitive traffic to a proxy

      This can be abused, however, if someone sets up a rogue access point with the same ESSID (perhaps even spoofing a good AP's MAC) and then executes various known and implemented man-in-the-middle attacks against SSH/SSL sessions.

      In fact, many, many applications fail silently in the presence of a MITM attack. If you are lucky you will see a warning from SSH. If you are UNlucky, you will think you are secure while someone with a rogue AP captures all your traffic, and perhaps even hijacks a session.

      You can do this with commodity amplifiers (to ensure that your AP signal is higher than all the legitimate AP's) and easy to come by antennas.
  • The actual URL is http://www.nakedwireless.ca/winudcol.htm

    I work for a computer company at the corner of Bay and Dundas on the map, which has tons of red push pins. Luckily there are no nudist colonies here ;D

  • Did Ashcroft [usatoday.com] help design thier logo [nakedwireless.ca]?
  • Flash? (Score:3, Informative)

    by b1t r0t ( 216468 ) on Tuesday September 10, 2002 @03:41PM (#4230977)
    I don't see any map. All I get is a couple of pictures and two plug-in boxes. Either the site is slashdotted, or it requires you to run "Naked Flash". I refuse to leave Flash enabled because of all the annoying web ads that now (ab)use it.
  • Appearantly the ignorant one is you considering that the encryption is faulty anyway, why bother fooling yourself...
  • I think this is a childish approach and very dangerous because of the legality of doing this, however I do understand their need to highlight this serious issue, this is clearly the wrong way.

    In fact I would go so far as to say this is an unauthorised pen-test, in that part of a pen-test is in finding hosts/networks in the same way the physical location has been found, but not only found, also published.

    I dont know where liability and juristiction come into play here, i'm surprised these guys/gals are prepared to go this extreme and risk finding out.

    Surely a CNN interview would do their careers good and promote the issue far wider than a website could?

Executive ability is deciding quickly and getting somebody else to do the work. -- John G. Pollard