Okay, folks, it is time once again to review the state of today's wireless 802.11 (also known by the marketing term, WiFi) security. This has been documented time and time again, but it has recently became clear to me that it apparently isn't sinking in. One of my goals with this blog is to try and educate friends and family, so I thought I would write something up that is in plain English and implore you to think about your wireless situation at home.
I was recently on vacation in a small town in Idaho when I fired up my laptop and found no fewer then six wireless networks within range. A couple of things surprised me about this. The first being that there were six(!) networks in my immediate vicinity in a town with a population of 4,000. I am not used to seeing this kind of coverage in the smaller mountain towns that I've visited. The second, and probably more, surprising aspect of this was that all of them were secured! That's right, none of them were set to allow open access, nor did they have the all-too-familiar network name "linksys" or "default".
Unfortunately, they had all used WEP as the means for securing their network. This is horribly insecure and merely serves as a means to keep the honest people honest. Perhaps, that is all the owners were after, but I would like to encourage you to go a step farther in securing your own home network. It's really not that hard and will take 10-15 minutes, tops. If you haven't already, please read my post regarding the dangers of using WEP.
If you are still reading, then perhaps I've convinced you to convert your network from WEP or open to WPA. If that is the case, read on...
Lesson #1) Do not buy an access point (also known as "router", "wireless hub", or just plain "wireless"), take it home, plug it in, and just start using it. This is what we would call the "default" or open access. It comes with an instruction manual for a reason. Use it! :)
Next Lessons...
Friday, July 27, 2007
Friday, July 20, 2007
Why WEP Should Be Considered Bad Form
If you have a wireless network at home and you've either left it open (unsecured) or you have secured it using the WEP option, this article is for you. If you have wireless and you have no idea what the preceding sentence means, you need to read this and my follow-up entries on how to secure your wireless network.
If you think WEP is good enough for your wireless security, let me educate you on how incredibly simple it is to bypass. One would need the correct hardware (an Atheros based wireless card - $50), the correct software (available over the Internet - free), and be near enough to your wireless network to pick up a signal (also free). Once all three of these are in place, it takes less then an hour (in some cases, far less!) to come up with the password that you used to supposedly secure your network. At this point, they are on your network. Mostly, they will just be interested in accessing the Internet for free. Mostly. If this doesn't scare you, it should. If you have other computers on your home network that have your financial information on them, this should scare you very much. Kudos to you for choosing to secure your network instead of using the default "open" network. Unfortunately, using WEP isn't much better then just leaving your network open.
Perhaps you are one that doesn't care if someone else uses your network to access the Internet? While that is altruistic and very generous of you, it does leave you open to risks. For starters, most ISPs specifically forbid the sharing of your home Internet service in their terms of service. You can argue how the "Man" is trying to squeeze more money out of us all by doing this and you'd likely be right. But that doesn't stop them from disconnecting you if they feel that you've infringed on the agreement that you submitted to when purchasing their service. Furthermore, these types of companies believe that is a violation of federal or state laws and may seek action against you.
If the risk of the Man disconnecting you isn't enough, think about what kinds of bad things can be done online and will be traced back to your home address. Accessing child porn, probing government networks, and communicating with known terrorists are all things that will raise flags with your federal government and your ISP. From what I've read, it is a legal grey area on whether or not you could be held liable for this. (How believable is your defense of "It wasn't me. Someone must have used my wireless network.") Is it worth the hassle?
Now, I'm really not the doom and gloom type. The chances of this happening to you are small, but not impossible. If you live in a sparsely populated area, the chances of one of your neighbors wanting to break into your network to conduct malicious activity are slim. If it isn't one of your neighbors, but a stranger instead, then ideally you'd notice a car sitting out on your street with a person inside using a laptop. If you live in a larger city or a densely populated area, there are many more people available and interested in using your network. If you are in an apartment building, you would never even see that this is happening.
http://news.com.com/2100-1039-5112000.html
http://money.cnn.com/2005/08/08/technology/personaltech/internet_piracy/?cnn=yes
http://www.pcworld.com/article/id,122153-page,1/article.html
If you think WEP is good enough for your wireless security, let me educate you on how incredibly simple it is to bypass. One would need the correct hardware (an Atheros based wireless card - $50), the correct software (available over the Internet - free), and be near enough to your wireless network to pick up a signal (also free). Once all three of these are in place, it takes less then an hour (in some cases, far less!) to come up with the password that you used to supposedly secure your network. At this point, they are on your network. Mostly, they will just be interested in accessing the Internet for free. Mostly. If this doesn't scare you, it should. If you have other computers on your home network that have your financial information on them, this should scare you very much. Kudos to you for choosing to secure your network instead of using the default "open" network. Unfortunately, using WEP isn't much better then just leaving your network open.
Perhaps you are one that doesn't care if someone else uses your network to access the Internet? While that is altruistic and very generous of you, it does leave you open to risks. For starters, most ISPs specifically forbid the sharing of your home Internet service in their terms of service. You can argue how the "Man" is trying to squeeze more money out of us all by doing this and you'd likely be right. But that doesn't stop them from disconnecting you if they feel that you've infringed on the agreement that you submitted to when purchasing their service. Furthermore, these types of companies believe that is a violation of federal or state laws and may seek action against you.
If the risk of the Man disconnecting you isn't enough, think about what kinds of bad things can be done online and will be traced back to your home address. Accessing child porn, probing government networks, and communicating with known terrorists are all things that will raise flags with your federal government and your ISP. From what I've read, it is a legal grey area on whether or not you could be held liable for this. (How believable is your defense of "It wasn't me. Someone must have used my wireless network.") Is it worth the hassle?
Now, I'm really not the doom and gloom type. The chances of this happening to you are small, but not impossible. If you live in a sparsely populated area, the chances of one of your neighbors wanting to break into your network to conduct malicious activity are slim. If it isn't one of your neighbors, but a stranger instead, then ideally you'd notice a car sitting out on your street with a person inside using a laptop. If you live in a larger city or a densely populated area, there are many more people available and interested in using your network. If you are in an apartment building, you would never even see that this is happening.
http://news.com.com/2100-1039-5112000.html
http://money.cnn.com/2005/08/08/technology/personaltech/internet_piracy/?cnn=yes
http://www.pcworld.com/article/id,122153-page,1/article.html
Monday, July 16, 2007
Switching Cell Phone Providers, pt 2 (Coverage)
Okay, so I start researching Tmobile. First off, I need to learn about their coverage. I check out their website to see if they have a coverage map. I was impressed on two fronts. First of all, they offer a method to search on an address basis, so that you can drill down exactly. Secondly, they offer a view of how strong the signal is, not just whether or not there is one. I found this encouraging even if I might have a lower signal on a particular search. I like it when companies are just upfront about things.
My next dilemma is figuring out how to test the service without getting locked into a contract. (side note: I hate the fact that every company out there wants to lock you into a two year contract.) A friend of mine pointed me to Costco. Probably wouldn't have occurred to me to check there, but I swung by after work one day to take a look. They have a small kiosk where they offer phones and plans from multiple providers. The really cool thing about this is that they have worked out some deal with each provider where you have two weeks to change your mind and get out of the contract. This was my perfect solution!
Part 1, Intro | Part 3, Plan
My next dilemma is figuring out how to test the service without getting locked into a contract. (side note: I hate the fact that every company out there wants to lock you into a two year contract.) A friend of mine pointed me to Costco. Probably wouldn't have occurred to me to check there, but I swung by after work one day to take a look. They have a small kiosk where they offer phones and plans from multiple providers. The really cool thing about this is that they have worked out some deal with each provider where you have two weeks to change your mind and get out of the contract. This was my perfect solution!
Part 1, Intro | Part 3, Plan
Thursday, July 12, 2007
Switching Cell Phone Providers
I've been a customer of Cingular since the first time they were AT&T. I'm not particularly fond of the company, nor the service. What I do like is GSM and the cooler phones that are available for that platform. Well, in the US, if you want GSM, it's Cingular or Tmobile. I'd always been just satisfied enough with Cingular that I'd never bothered changing providers.
Well, that has now changed. It started a few weeks ago with a desire on my part to save some money and reduce a family plan with two lines down to just one line. I've also been doing more with SMS lately. Not so much to chat with friends, but more to use Google Calendar and Search. The one thing that I do like about Cingular is the number of retail stores in my area. I much prefer talking to someone face to face over sitting on hold with a call center.
Actually, I take that back, I would rather do these kinds of things online through the website, but I have just never had a good website experience with companies like Cingular, Qwest, or DirecTv when it comes to moves/adds/changes. So, long story short, I go into the Cingular store and am told that they cannot remove lines from a family plan. Yes, if I wanted to add a line, they can do it, but they cannot remove. Um... Okay, next question. I see a sign on the wall that says "Unlimited Text Messaging - $4.99". That sounds good to me, how about we add that? Well, turns out that Cingular has redefined the word "unlimited". In this particular context, it means unlimited messages to limited numbers. With my desire to use Google services, this doesn't help me. If I want true unlimited, it costs $19.99/month. Sorry, just too much money for me. I leave the store without making any changes, but determined to learn more about Tmobile.
Part 2, Coverage
Well, that has now changed. It started a few weeks ago with a desire on my part to save some money and reduce a family plan with two lines down to just one line. I've also been doing more with SMS lately. Not so much to chat with friends, but more to use Google Calendar and Search. The one thing that I do like about Cingular is the number of retail stores in my area. I much prefer talking to someone face to face over sitting on hold with a call center.
Actually, I take that back, I would rather do these kinds of things online through the website, but I have just never had a good website experience with companies like Cingular, Qwest, or DirecTv when it comes to moves/adds/changes. So, long story short, I go into the Cingular store and am told that they cannot remove lines from a family plan. Yes, if I wanted to add a line, they can do it, but they cannot remove. Um... Okay, next question. I see a sign on the wall that says "Unlimited Text Messaging - $4.99". That sounds good to me, how about we add that? Well, turns out that Cingular has redefined the word "unlimited". In this particular context, it means unlimited messages to limited numbers. With my desire to use Google services, this doesn't help me. If I want true unlimited, it costs $19.99/month. Sorry, just too much money for me. I leave the store without making any changes, but determined to learn more about Tmobile.
Part 2, Coverage
Saturday, July 7, 2007
OpenDNS
Ran across a service this week called OpenDNS. Basically, they offer to resolve names for anyone who cares to point to them. Pure and simple. That's just for starters though... They have done some really nifty tricks that I haven't seen done before in the DNS layer.
- They can fix basic typos in the web address of your browser. Yep, if you happen to screw up ".com" or ".org", the service will take a guess and redirect you to the most obvious root domain. I haven't yet tested the extent of this, but it is a clever trick. Yeah, it's not revolutionary, but still, it saves a few seconds.
- They claim to block phishing sites. This is probably a good thing, but frankly just not something I really need. If you're reading this and you, for some insane reason, click on any link that is sent to your email, then yes, you want phishing sites blocked. I wasn't able to determine from their website where they get the list of known phishing sites. My hunch is that it could be stale at any given point in time.
- They also block adult websites. This is historically a difficult thing to do as these websites come and go very quickly. It looks like OpenDNS has partnered with another company that reviews websites and maintains a blacklist. The really interesting thing about this feature is doing it with DNS. No proxy software to install only to have the teenagers work around it. No web filtering crap that tries to load into your browser. It's just simple and clean. An enterprising youth could likely still get where they wanted to go by running through a proxy server that isn't resolving against OpenDNS, but at least this keeps the honest kids honest.
- They do some other tricks with hostname redirection to provide the ability to do "shortcuts" in your web browser. Some may find this useful. I, personally, do not. Sites that I frequent enough to need a shortcut seem to find themselves in my Firefox history so I rarely type a full URL anyway.
Subscribe to:
Posts (Atom)
