RE: wireless woes in the triangle and beyond!

[Ron DuFresne <dufresne () winternet com>]

On Tue, 4 Jun 2002, Noonan, Wesley wrote:

> I have a buddy of mine in the UK who uses rogue AP's to access the net for
> free. He uses this thing he calls a "cantenna" (essentially he cracks open
> the card and wires it to a metal milk carton) to boost the signal and range
> so that he can hit any of a number of APs in the area. Swears by it as the
> "only way to access the net"...


Wireless is going to be a big problem at many sites for sometime for sure.
Rouge AP's should be covered in the sites security policy, as should all
wireless toys and trinkets.

Then again it seems the new nibda/code red issue of this summer is the M$
SQL prblem.  Scans from infected systems on ports 1433 1434 are increasing
at a dramatic pace this past week or two....

Thanks,

Ron DuFresne

> Wes Noonan
>
>
> > -----Original Message-----
> > From: Ron DuFresne [mailto:dufresne () winternet com]
> > Sent: Monday, June 03, 2002 22:12
> > To: vuln-dev () securityfocus com; firewalls () lists gnac net
> > Subject: RE: wireless woes in the triangle and beyond!
> >
> >
> >
> > Computerworld has run a story, seems the concern about CVS and petsmart is
> > not as worrysome for customer info, they only have their inventory exposed
> > <smile>:
> >
> >
> > -- here's the CVS/PEYsMART story
> >
> > http://www.computerworld.com/mobiletopics/mobile/technology/story/0,10801,
> > 71644,00.html
> >
> > As well as a really intereresting one on rogue APs:
> >
> > http://www.computerworld.com/mobiletopics/mobile/technology/story/0,10801,
> > 71656,00.html
> >
> >
> > Thanks to:
> >
> > Bob Brewin
> > wireelss reporter
> > Computerworld
> >
> > For the URLs posted above.
> >
> >
> >
> > I'll be posting a web page to highlight any insecured wep related customer
> > information issues folks find in their wireless mapping efforts.  We are
> > asking that if you find a company with insecure wiless setups, to verify
> > that they are indeed pushing customer related info out the airwaves.
> > Merely noting they are operating without wep enabled will not suffice.
> > Those that send info for posting to the page listed below can either have
> > that information posted anonymous or take credit for the information, just
> > include your wish in the e-mail you send.  Not asking to be given credit
> > and not asking to be anonymous will result in the information being posted
> > anonymously.
> >
> >
> > http://sysinfo.com/wirelessfewls.html
> >
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > _______________________________________________
> > Firewalls mailing list
> > Firewalls () lists gnac net
> > For Account Management (unsubscribe, get/change password, etc) Please go
> > to:
> > http://lists.gnac.net/mailman/listinfo/firewalls

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.