Washington Post Latest To Join Open WiFi Fear Mongering Crusade
from the give-it-a-rest dept
By now we’d thought that fear mongering about open WiFi networks was limited to local news reporters — but apparently not. The Washington Post chimes in with its own silly scare piece about how criminals might use open WiFi networks to do illegal things. It’s a story that’s been reported to death already — and has been debunked an equal number of times. The article contains plenty of quotes from law enforcement, but not a single quote from a WiFi or technology expert. It also makes the completely incorrect assertion that: “Open wireless signals are akin to leaving your front door wide open all day — and returning home to find that someone has stolen your belongings and left a mess that needs cleaning.” That’s simply not true. Nothing gets “stolen,” and it’s unlikely they leave any kind of mess. If you set up your network correctly, your own use can be perfectly protected while others use your broadband. Basically, it sounds like this article was pushed by law enforcement officials who don’t like the fact that open WiFi makes it a bit harder for them to track down criminals. The thing is, though, there are always going to be ways to be anonymous online — and, more importantly, just like everyday criminals, those using open WiFi often leave plenty of other clues that allow them to be caught. It’s just that sometimes it takes a bit more detective work. There’s nothing in the law that says that criminals should be required to make it easy for police to track them down — and yet this reporter seems to think that all of the benefits of open WiFi should be taken away just because the system might be misused by a few.
Comments on “Washington Post Latest To Join Open WiFi Fear Mongering Crusade”
Criminals might use the following to commit crimes, therefore, they should all be banned:
guns, knives, all weapons
payphones and calling cards
paper and pen
computers
bank accounts
UPS, FedEx, USPS
shipping containers
IRC
Open WiFi = No Firewall
Just so you understand what “correctly” is in your sentence…
Your garden-variety, consumer-grade wireless router assumes that the wireless is for internal use. Hence, to the extent the router is providing any sort of firewall (NAT or better), that’s on the broadband connection “side” of the router…not the WiFi side. The WiFi and any wired network jacks on the router are considered part of the “internal” network and do not have a firewall between them. Hence, open WiFi gives WiFi users unfettered access to your internal network, with no firewall protection.
“Correctly”, therefore, implies that there is firewall protection between the WiFi side of the router and the internal network. For example, IPCop, an open source firewall, offers up a “blue” zone for WiFi separate from the “green” zone for wired users, and you can set up rules to state what can and can’t pass from blue to green or vice versa.
Re: Open WiFi = No Firewall
Doesn’t Windows Firewall essentially do the same thing? It allows a wireless connection for the internet, but little else when it comes to file sharing.
Beside, with Norton Firewall, McAfee Firewall, etc., most people with virus protection also have firewall protection. I’m not saying these are good ones, but for the average home user I would assume it’s adequate.
Open WiFi
I personally have seen open wifi used for evil. We (security company) discovered that there was a group of evil do-ers who were going around using open wifi to order Dell computers, and had a cohort who was a manager at an apartment complex. The wireless steelers would order a computer from someones in-secure wifi and have it shipped to an empty apartment, Dell was out about 2 million on this before they were caught! That said, if you secure your wireless, and use common sense, you have nothing to fear. Maybe we need to go to the model of Wireless drivers licenses!!
Re: Open WiFi
The fact that you claim to work for a security company scares the living hell out of me.
Re: Open WiFi
Scott,
Your (security company) story makes no friggin’ sense. How did they buy computers from Dell? Wampum?
Non
Re: Open WiFi
Um, are you attempting to argue against WiFi? I think you need to reread the first post which was by Nick D. I don’t think anyone believes it would never be used by evil doers. No more than anyone believes the telephone, postal services, or anything else will never be used by them.
Re: Open WiFi
Your story is pure bullshit. You couldn’t get a free pizza delivered that way, much less a computer. Dell needs a credit card number when you order a computer, you can’t just say “charge it to my ISP account”, even Dell isn’t that stupid. And speaking of stupid, you expect us to believe that they delivered 2 million dollars worth of equipment to the same apartment building without getting paid for any of them before they figured out something was amiss? That’s like 2000 laptops or 1000 42″ plasma TVs! “Must be a big apartment building and they’re all loyal Dell customers.”
Either: a) You’re an astroturfer spreading more FUD about open Wi-Fi or
b) You and your “security company” are incompetent morons.
Don't hackers read this blog?
Of course it is possible to do evil with open Wifi. Set up your open WiFi. Let it have encryption if you care. No need to make you think the wireless signal is being stolen. Route your wireless router through a linux box and snoop traffic to your hearts content. Steal passwords, cookies, etc.
Never presume you are safe on any network you don’t own. Use https and ssh for any data you don’t want others to see. Assume any unencrypted data is being viewed by someone with evil intent.
Re: Don't hackers read this blog?
True! Never assume the wifi network you are on is secure… Look at the stories of how “security specialists” at the RSA conference in SF have vulnerable notebooks connecting to an open wifi…
There are two sides to the issue…. the user abuse of open wifi networks and the provider of an open wifi network abusing the users… substitute “abuse” with your favorite form of mischief
Why make it any easier for the evil-doers?
I make no apologies that I recommend to everyone of my clients that they secure their wireless network. It’s too easy to do to justify not doing it. Maybe someone won’t download illegal files through your unsecured connection, or send out a huge amount of spam, but why invite them to in the first place?
For the life of me, I can’t see why it’s considered “fear mongering” to warn people of these possibilities and inform them of just how easy it is to lock the connection down. Sure, a determined evil-doer with the right knowledge can break into it regardless, but it still makes sense to at least put up a speed-bump.
Wifi in Public?
I’m not so sure this Open Wifi business has as much to do with home users (who usually can do what they want regarding security) as it is with public places, like libraries and coffee shops.
The government can’t force you to lock down your Wifi connection at home, just like they can’t force you to lock your door or get a home security system. If you don’t do it though, that is your own stupidity.
Should businesses be granted the same luxury though? I’m not so sure about that.
Unlocked doors: the new looming threat to buildings everywhere!!!
Yeah, it's scare mongering, but...
I think an essential point is being missed, that the article doesn’t play up as much as it should:
The liabilities of operating an open access point far outweigh the benefits, at least for the private citizen.
They quickly decided that the Elderly Woman was innocent, but what if it wasn’t so obvious? Anonymity isn’t the problem so much as creating a path so that the actions of others can be traced back to YOU.
Maybe this metaphor is as bad as the Post’s– operating an open access point is like giving strangers the use of your phone and mail box.
Law Enforcement is right on this one
Here’s a scenerio, that I as a system administrator for an ISP have personally witnessed that argues strongly for making sure your WiFi connections are secured:
Bad guy parks his car in front of your house/business and starts browsing for child porn using your unsecured wifi connection. Law enforcement tracks this back to your IP address, obtains warrant to ISP for the IP info associated with your IP address and “politely” removes all of your computer equipment for investigative purposes. Eventually they realize that you are not the culprit and a month or so later they will return your gear to you.
Secure your wifi connections people, this kind of thing absolutely happens.
Re: Law Enforcement is right on this one
Or better yet to all those router companies out there,
FORCE people to secure their internet access for crying out loud. Why do we even give home users the option not to?
Re: Re: Law Enforcement is right on this one
That way, the government does not have to waste money researching such an obvious answer.
Re: Re: Law Enforcement is right on this one
If we are talking about a home user, at least the default should be to have a secure network. The average person doesn’t know anything about securing their network. So, they need a simple wizard.
My friends and I think that coffee shops and such should print the key to their WiFi on their receipts. Then change the code every day. That way people have to (at least theoretically) buy something to gain access to their network. We came to this conclusion due to leaches not evil do-ers. We knew a guy who was too cheap to pay for internet access. He took his laptop and would sit in the parking lot of local hotels and coffee shoppes and use theirs.
Which I know some hotels have gotten wise to these leaches and now make you prove you are a guest to use their internet.
Good FUD! Wow.
As we speak, criminals are using pens and papers to plot their evil doing. They are roaming your neighborhood using public roads! They may even use the phone system to communicate with each other!
When will it end? Where do we draw the line! Please write to your congressmen and ask them to ban WiFi for criminals!
Please somebody think of the Children!