<OT> War driveing for dollars....

koko koko1
Fri Aug 19 00:16:50 PDT 2005 

If this is the wrong list to bring this up on please let me know.  I would
love to hear any comments by those that work the floor, and those that
"manage" between the floor and the executives about how available technology
meets up with security.  This would include common sense security all the
way to protection of corporate or government information.   To my dismay, I
have found that younger people are not always necessarily adept with
technology.  The point has been driven home with one of my children.  When I
try to train and educate when they encounter a problem on my home network,
some want to learn, and some treat me like a pizza guy or a plumber.  "Fix
it and go away".  The exact same situation exists with some of our
executives.  10 years ago, I was hoping that as younger people accessed
technology, my security concerns would begin to go away.  I thought they
would understand more, realize the dangers etc.   Its worse than ever, with
PDAs, Blackberrys, accessing corporate/govt information from home, and so
on.  Its all out of the bag.  Most of the time, I feel that I'm fighting a
losing battle.  Education of the users is the ONLY hope, in my mind.  But if
they don't want to learn....  Sadly, most of them either don't have the
inclination to understanding the technology they are wielding, or they just
don't have the time.  They somehow believe that with all the packets
whizzing around the Internet, theirs won't be noticed.  Risk mitigation is
not a means to an end.  Or do I have a skewed perspective on all this?    

  _____  

From: linux-users-bounces at linux-sxs.org
[mailto:linux-users-bounces at linux-sxs.org] On Behalf Of Federico Voges
Sent: Saturday, August 20, 2005 7:39 PM
To: Linux tips and tricks
Subject: Re: <OT> War driveing for dollars....


Jerry McBride wrote: 

Not that I'm a hacker, black hat type, but just a curious guy...



I took my laptop to work this morning, running kismet. It scanned my path
all 

the way from home to workplace... some 20 odd miles. Along the way kismet 

detected 117 wireless installations. Imagine that... just a leasurely drive 

to work and I pass through 117 fields of opportunity.



The really shocking thing was that less than 20% used encryption and fewer 

than 10% used anything more than the default setup included with the
wireless 

device. Wow! 



Ten of the 117 detections were were using essid's that could be easily be 

identified with the names or operations of a business and were legitimate 

commercial operations. Which I contacted this afternoon, with five of them 

making arrangements for me to survey their wireless setups. 



The other five simply didn't believe me when I explained how I came to
contact 

them... It was like trying to explain how airplanes fly to someone that
never 

saw one.... Amazing.



Wow, it's a lot like taking candy from a baby....



  

That's nothing.... I work in the same building were the UK Labour Party had
their campaign HQ. One day, my boss (which also is the head of securtity for
the company), found an open wireless network (no WEP/WPA or anything). SSID?
LabourSecure! :)

Needles to say, he went down to the ground floor, introduced himself and
told them about his finding. They didn't fix that. After he came back, he
asked out netsec team to change our SSID (it used to be the company name). 

BTW: We use certificates on our wireless network (never managed to configure
xsupplicant to use PEAP on Linux)

Cheers.

-- 

Federico Voges.



Running: Mac OS X 10.4.2 (build 8C46)

Kernel:  8.2.0 Power Macintosh

Procesor: PowerPC G4 @ 1.67GHz

Uptime:   0:31  up 2 days,  4:38, 1 user, load averages: 0.79 1.14 1.05


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.linux-sxs.org/pipermail/linux-users/attachments/20050819/829b9171/attachment-0001.htm

More information about the Linux-users mailing list