Full Disclosure mailing list archives
RE: Wireless ISPs
From: Scott Taylor <security () 303underground com>
Date: Wed, 12 May 2004 16:16:23 -0600
All the latest key managing algorithms, the TKIP, CKIP+CMIC, WPA - they all offer a huge improvement over static WEP keys. But not all client devices support their features. Most of the wireless bridge devices that customers are willing to buy support either no encryption or a static WEP key. Try telling a customer they must buy a $500 cisco workgroup bridge, plus $100 antenna, plus cable, plus installation... Just so their device can authenticate with EAP. It doesn't work out so well. Its enough to get them to drop $300 on a bridge with integrated antenna and power over ethernet. Cheaper, easier to install, but no advanced authentication possible. Its a good solid wireless link. Wireless is inherently sniffable anyway, so its not a huge loss. Most of these customers want to play their online games and download their porn. The fact that its not encrypted is not a huge business risk. Companies that do allow employees to connect to the corporate network from home should insist on not just appropriate VPN software, but require some degree of firewalling and virus policies on all computers that can connect. To some degree I've seen or implemented such policies. Businesses too lazy or incompetent to do so, well, thats their problem. In the meantime I'll do my best to keep customers connected, offer secure options whenever possible, and keep watch over the network as spikes in usage have identified customers who had inadequate virus protection, and their link was terminated until they took corrective action. Aside from that, its a big nasty internet out there. And it'll continue to be that way. On Wed, 2004-05-12 at 11:13, Schmidt, Michael R. wrote:
It is one part not knowing and one part training. And there will always be the people who are just plain and simple too stupid to deal with reality, that's where we get drug addicts, drunks and people smoking that last cigarette as the take their last breath... These people are taught, they have been told, but they still do stupid things. It's the nature of the beast people, get used to it. Sure a small child would drink bleach cause they didn't know better, but grown adults sniff glue and paint, someone somewhere they learned but what? It didn't take. People are sheep and need to be told what to do, deny it all you want but it is the truth. That's why we require responsibility - or at least registration before we let citizens do some things, like drive, like drink, how about getting on the net? How hard would it be to have a few companies start a "secure" Internet? All access is by licensed know individuals. No more hacking, no more slacking. If we don't know you, then you don't get access. If suspicious activity comes from you IP you get closed down till we know your machine is safe. That's where I'd go for all of my financial transactions. The Internet is the Wild West and I am only there because it is the only game in town. And think, with a "restart" it could be built right from the start. Come on people we let terrorists and criminals in on this thing voluntarily. How smart are we? Keeping my home network safe requires way too much freaking time - but since we are pioneers I am willing to take a few arrows, but someday this wild and wooly place will grow up, become civilized and you'll all start carrying a "Net" license in your pocket -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Valdis.Kletnieks () vt edu Sent: Tuesday, May 11, 2004 6:05 PM To: Maarten Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Wireless ISPs On Wed, 12 May 2004 00:18:37 +0200, Maarten <fulldisc () ultratux org> said:Who, in their right minds, will read their email anyhow over an unencrypted wireless link ? That's asking for trouble, ie. information-leakage.The 99.98% of *real* *users* who are so clueless as to not *know* that it's a bad idea. How many subscribers on this list? 30K, maybe? What percent of the several hundred million internet users is that, anyhow? Who, in their right minds, would drink bleach out of the bottle under the sink? Nobody - but the first thing most parents do is put a *lock* on that cabinet, or move the bleach, because we know that the toddler *isnt* in their right mind, and will need several years of learning before they are. The same exact logic applies when talking about users. They do things because, just like the 3 year old, they DONT KNOW ANY BETTER. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Scott Taylor - <security () 303underground com> If I kiss you, that is an psychological interaction. On the other hand, if I hit you over the head with a brick, that is also a psychological interaction. The difference is that one is friendly and the other is not so friendly. The crucial point is if you can tell which is which. -- Dolph Sharp, "I'm O.K., You're Not So Hot" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Wireless ISPs, (continued)
- RE: Wireless ISPs Brad Griffin (May 11)
- RE: Wireless ISPs Brad Griffin (May 11)
- Re: Wireless ISPs D B (May 12)
- Re: Wireless ISPs Mister Coffee (May 12)
- Re: Wireless ISPs D B (May 12)
- Re: Wireless ISPs Scott Manley (May 12)
- Re: Wireless ISPs Mister Coffee (May 12)
- RE: Wireless ISPs Soderland, Craig (May 12)
- Re: Wireless ISPs Bruno Wolff III (May 13)
- RE: Wireless ISPs Schmidt, Michael R. (May 12)
- Re: Wireless ISPs Valdis . Kletnieks (May 12)
- RE: Wireless ISPs Scott Taylor (May 12)