Re: Wireless insecurity at NANOG meetings

[JC Dill <nanog () vo cnchost com>]

On 07:19 AM 9/23/02, Steven M. Bellovin wrote:

>>I can't say without a sniffer, but I'd bet that most NANOG participants are
>>doing the same: SSH or IPsec VPN's back to home (wherever that is).
>
>Experience doesn't support this, I fear.  How many passwords were
>captured last time?

Passwords to *what*?  Not all passwords need to be kept secret.  When I 
login to read slashdot, I don't much care if someone sniffs the username 
and password.  Just because a password was captured doesn't mean that 
knowing the username/password gives you access to anything special.

Going back to that lock and door analogy, it's like when you have a latch 
on the front gate.  It's there to keep the gate from swinging in the 
breeze, to keep dogs and kids who are playing on the street from aimlessly 
wandering into your front garden, etc.  It's no big deal if other people 
can figure out how to work the latch and get into my yard.

There are some things I keep behind latched gates.  Other things are kept 
behind a locked door with a simple doorknob lock (easily picked or 
forced).  Other things are behind a door with a deadbolt lock.  Other 
things are behind a combination padlock.  Some things are in a safety 
deposit box in the bank vault.  We don't need to keep all valuable things 
in the safety deposit box, and we don't need to lock down the WLAN at NANOG 
as if it were access to a bank's intranet.

jc