RE: How safe / unsafe is Free Open WiFi?

[Nick Duda <nduda () VistaPrint com>]

Not to go off topic too much, but my understanding is that WEP, while it can be cracked is still hard to crack for the 
average home based on the number of WEP packets that you need to capture in order to crack WEP. Cracking it on a 
corporate network with lots of WEP activity would be easier.

Is this not the case anymore? I;m not defending WEP by anymeans, down with WEP!

- Nick

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Aaron Howell
Sent: Monday, March 10, 2008 11:39 PM
To: security-basics () securityfocus com
Subject: Re: How safe / unsafe is Free Open WiFi?

PCSC Information Services wrote:

> assets. The use of Free/Open WiFi networks is not inherently more risky
> than ANY use of the Internet.

 I agree with almost everything you said, however, I respectfully
disagree on this single point. Since I can sit across the cafe from you
and quietly sniff all of your traffic with zero effort, I would say that
using open wifi networks is more risky than, say, sitting in my office
at home. Given that WEP is cracked in less than 30 seconds these days,
even using WEP is pretty much worthless.

 The advantage (to a malicious individual) of an internet cafe, a hotel,
an airport, etc, is that you aren't paying any attention to who is
sitting across from you, and what they're doing. If someone is parked
outside my house for 30 minutes, I'm going to wonder what is going on,
if there's a dude sitting across from me in the coffee shop, I'm going
to think he's drinking his coffee and surfing for porn...

 As in most situations, the best course of action is user education. If
you explain to people that their traffic can be silently captured with
little to no effort, they will be more likely to take steps to make sure
that traffic can't be used, either by encrypting it, not checking their
POP3 account while in a public place, etc.

> appropriate safeguards. To suggest that a hard line is more secure than
> WiFi fails to account for compromise in the wired network. The same type
> of attacks that are available in a WiFi network are also available over
> a line.

 Again, I agree with you in principle, however the barrier to entry in
sniffing ANY wireless connection is lower than doing so for a wired
connection. BEing able to sniff a wired connection assumes either a very
broken network configuration, or compromise of some resource. Neither of
these are true for wireless, as it is commonly deployed in these locations.

> > I have what is probably a rather basic question:  Just how safe are
> > free, or open, WiFi networks that you find in Internet cafes, Hotels,
> > Airports, etc?  My personal opinion is that there are very unsafe, but
> > I do not have the technical expertise to explain to my colleages why
> > they are unsafe.
> >
> > Can anyone provide a summary, or a link to an article that provides a
> > summary, of why a laptop or PDA user should avoid using free and open
> > WiFi networks?

 Like I said above, most of what Sean says holds true. My advice to my
friends, family, and clients: Don't do anything on an open network that
you wouldn't want everyone else in the room (and for 100 yards around
the building) to be able to see. Fire up a wireless protocol analyzer
sometime at one of these places and be amazed (or not, depending on your
level of cynicism) by the number of people checking email in plaintext.
DEFCON has the wall of sheep, maybe we could implement something like
this at internet cafes and hotels around the world...

--
Aaron Howell
nGenuity Information Services
509-396-2075 x6000

http://www.ngenuity-is.com