Bruce Schneier Wants You To Steal His Wi-FiSecurity worries of an open hotspot are overblown... ( old news - 02:27PM Thursday Jan 10 2008) tags: business · wireless · bandwidth · securityWell-known security expert Bruce Schneier pens a piece for Wired News saying that he runs an open Wi-Fi hotspot at home (no access password, no encryption). He then runs through the traditional list of reasons why you should lock down access at home (child pornographers parked in your driveway, the RIAA suing you for your neighbor's piracy), and insists that the risks aren't all that great. He goes on to make this simple point: I'm also unmoved by those who say I'm putting my own data at risk, because hackers might park in front of my house, log on to my open network and eavesdrop on my internet traffic or break into my computers. This is true, but my computers are much more at risk when I use them on wireless networks in airports, coffee shops and other public places. If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter. And if my computer isn't secure on a public network, securing my own network isn't going to reduce my risk very much. Of course if you've got a neighbor who's using your connection to trade film torrents 24/7, or if you just don't want those dirty techno-hippies using your connection, keeping your access point locked down is probably your best bet.
Related:- Clearwire Shows Off Mobile WiMax In San Fran
- Wireless Broadband At 170Mbps
- Sprint Xohm Press Event October 8
- Monday Morning Links
- XOHM: P2P May Be Throttled
- Tuesday Evening Links
- AT&T: LTE Still 2-5 Years Off
- AT&T Kills Off $20 Unlimited Pre-Paid Data
|
page: 1 · 2  |
 
wruckman
Ruckman.net
join:2007-10-25
Northwood, OH
 ·RoadRunner Cable
| Hmmm Always secure your personal networks regardless of what some other fools do. Just because the airport leaves their WIFI open doesn't mean you have to leave your personal network and data at risk. And when you are on a open WIFI use a VPN and high grade encryption. Not too bright Bruce... | |
|  | 
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
 ·magicjack.com
 ·Verizon FIOS
·Vonage
| Re: Hmmm said by wruckman  :Always secure your personal networks regardless of what some other fools do. Just because the airport leaves their WIFI open doesn't mean you have to leave your personal network and data at risk. And when you are on a open WIFI use a VPN and high grade encryption. Not too bright Bruce... said by PeteC2 :...what's the point? It is easy enough to at least decently restrict access to your wireless broadband...so why the heck wouldn't you? What possible "good" would come out of not securing it? I have to agree with the both of you. What's the point of not securing it since securing it is so easy?
What if someone does sit outside of your home with a packet sniffer, or goes to websites deemed to be illegal?
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. | |
| | | 
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: Hmmm Wruckman, the quotation in the blurb has the answer for you:
quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless.
And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy.
I agree there can be good reasons against this - abusive users; ISP that charges by amount of traffic (or has caps). Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet.
The illegal-activity risk is the one which I don't think Schenier addresses adequately. He admits "investigation could be time-consuming and expensive... might have your computer equipment seized... you might end up being charged despite your innocence..." His only answers are that it's unlikely and that open wireless would be a good defense. | |
| | | |
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
·magicjack.com
·Verizon FIOS
·Vonage
| Re: Hmmm said by swhx7 :Wruckman, the quotation in the blurb has the answer for you: quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless. And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy. That's great of him, but probably against the TOS of his ISP. For me, I wouldn't do it because my neighbors are jerks, but that's different story for a different time.
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. | |
| | | | | | | | | cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| said by swhx7 :Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet. This is untrue. Programs like ettercap-ng can easily perform packet sniffing attacks against switched ethernet—even when the attacker is connected via a wireless access point. Managed ethernet switches (like this one) can recognize and block some of these these attacks, but I've never seen consumer grade gear that can do it. The problem can also be solved by placing the AP outside a properly configured firewall, but this is impossible with the all-in-one combination wired/wireless routers that most people use.
These kinds of attacks can pose a substantial threat to businesses that offer free wi-fi by just plugging in an AP into their existing wired network. Intruders can use this connection to attack wired devices, such as point-of-sale terminals, with ease.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? | |
| | | | |
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Re: Hmmm Would you explain more?
Let's say Alice uses a wired desktop; her packets go to and from a switch/router and from there to/from internet. Bob with a laptop connects to an access point, the AP is connected to the same switch. How can Bob capture Alice's packets? Are you assuming a different topology? | |
| | | | | | cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| Re: Hmmm There are several ways an attacker could go about doing this, and the most common one is ARP spoofing. The Address Resolution Protocol (ARP) is the method that machines use to determine the exact layer 2 (ethernet/wifi) address to route IP traffic to. When Alice goes to send a packet to the internet, here is what happens:
•Alice's computer has an IP address of 192.168.0.2 and an ethernet address of 00:00:00:00:00:00. She's planning on sending a packet to 1.1.1.1, and because that address isn't on her local network she must send it to her router. She knows (from DHCP) that her router has an IP address of 192.168.0.1, but she doesn't know what ethernet address to send it to.
•Alice broadcasts a message to the entire LAN asking, "who has 192.168.0.1?" This is called an ARP request.
•The router responds with the reply, "I am 99:99:99:99:99:99, and I have 192.168.0.1." This is an ARP reply.
•Alice then addresses her packet to send to IP address 1.1.1.1 and ethernet address 99:99:99:99:99:99, and the router forwards it on to its destination.
The kicker is that ARP replies can be faked—if Bob can say that he has 192.168.0.1 before the router does, Alice's computer will think that Bob is the router. Most machines will even accept ARP replies at any time, even when they already have an ethernet address on file. (This is a feature, not a bug.) Since wifi and ethernet share the same physical addresses—again, this is also by design—this attack can be used on ethernet LANs from a wireless access point.
This is only one of several attacks against ethernet LANs, and the bottom line is this: Don't let machines on your LAN that you don't trust. Unless you can set up something like a Virtual LAN, don't even think about running an unsecured AP.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? | |
| | | 
Jerm
join:2000-04-10
Richland, WA
| Paranoia at it's best.
In my house I can pick up three or four different networks with my laptop. My own network is unsecured, but I watch the logs just to see if anyone logs on. The past couple years I've only found two or three times where someone logged on, and even then it was brief.
I have a 3' 24db parabolic grid antenna (2-6db is a "normal" antenna) in my attic with a 500mW amplifier (35mW is a "normal" wifi card) and with that combo I can pick up 48 different wireless networks! About half show up as unsecured. I think my own network is hardly a target to worry about in that case! | |
| | | |
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
·magicjack.com
·Verizon FIOS
·Vonage
| Re: Hmmm said by Jerm :Paranoia at it's best. In my house I can pick up three or four different networks with my laptop. My own network is unsecured, but I watch the logs just to see if anyone logs on. The past couple years I've only found two or three times where someone logged on, and even then it was brief. I have a 3' 24db parabolic grid antenna (2-6db is a "normal" antenna) in my attic with a 500mW amplifier (35mW is a "normal" wifi card) and with that combo I can pick up 48 different wireless networks! About half show up as unsecured. I think my own network is hardly a target to worry about in that case! I wouldn't go as far as saying it's paranoia. I just think it's an irresponsible message to send out to the casual reader.
Your network may not be the target, but someone else's out there might be.
There is too much trickery and theivery in the world these days as it is--I'm not going to give anyone (and I wouldn't recommend anyone) free access to my AP. Don't hurt yourself on your antenna. 
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. | |
| | 
wazhere2600
@rr.com
| You my friend live life with a false sense of security.
Any wireless connection (secured or not) can be accessed. The tools available for anyone even a Script Kiddie make it quite an easy task.
I agree with the first post that you need to secure your computer for all access points, airports and the like.
A very difficult task for you Windoze users
If you have good running firewall logging at your home network, in the event that someone does abuse your network (pedophiles,torrent users...) you can prove with the logs who had the ip and what they did.
To make it simple, it's not bad to secure your AP but dont think you are secure. SECURE YOUR DATA and PC. Ever heard of encryption for sensitive data. | |
| 
PeteC2
Ballad Of A Thin Man
Premium,MVM
join:2002-01-20
Bristol, CT
clubs:
 ·AT&T Yahoo
| I understand his contention...but... ...what's the point? It is easy enough to at least decently restrict access to your wireless broadband...so why the heck wouldn't you? What possible "good" would come out of not securing it?
I live in a fairly extensive apartment/condo complex, and I can pretty much instantly take a ride on any one of a 1/2 dozen or more unsecured networks, versus the three or four that are secured, right from my living room...if I drive around the complex with my notebook, we could multiply that several times over.
Perhaps their risks are not great, in fact, I am guessing that most of them will never even realize how "open" they are, simply because no one ends up taking advantage of that.
However, how many issues do you want to deal with? I would much prefer never to have to deal with that, and buttoning up your network, at least to a decent level, is just not that much work...
At least if I ever get hacked, I won't be kicking myself because I was too lazy to make at least a reasonable effort to protect myself.
--
...something is happening here but you don't know what it is...do you, Mr. Jones? | |
| 
aaron8301
I can't get myself to go away.
join:2005-01-03
Clarkston, WA
·CableOne
| He has a point If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter. And if my computer isn't secure on a public network, securing my own network isn't going to reduce my risk very much. I have to agree. It's like even if you have 3 deadbolts on your front door, you still have to make sure each one of your windows locks and that there is a deadbolt on the backdoor, not just a flimsy locking knob. Why secure your front door when someone can simply walk in the back?
I never understood why you'd have a deadbolt on one door but not the other, or why people use wireless security at home but don't worry about all the folders they have set to share when using a public wifi connection.
--
There comes a point in your life when you get tired of fixing everything and wiping everyone's ass. But it’s not giving up. It’s realizing that you don’t need certain people and the bullshit and drama they bring to your life. | |
| 
Cabal
Premium
join:2007-01-21
Boston, MA
| That's great, but... quote:
This is true, but my computers are much more at risk when I use them on wireless networks in airports, coffee shops and other public places. If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter. And if my computer isn't secure on a public network, securing my own network isn't going to reduce my risk very much.
There are plenty of people who don't travel with their computers and don't do a good job keeping them secure. For them (and I'm sure there's more than a couple out there) their router is their protection, and keeping their network locked down will do something.
--
Interested in open source engine management for your Subaru? | |
| B
Premium,MVM
join:2000-10-28
| So Misguided Bruce is an amazing security talent but sometimes his general public writing is misplaced.
For starters, he makes a false assumption that other people are just like him and use all their computers OUTSIDE the home or office, at public hotspots no less.
Most people I encounter NEVER move their computers out of their homes, usually because... they're running desktop PCs!
Further, his assumption that other people, those NOT security professionals, can "secure" their computers for both public WiFi and local network use is rather amazing. It's as if botnets never existed. As if everyone already had properly configured routers and updated OSes.
He tarnishes his reputation with these pieces, in my opinion.
-- B
P.S. WPA is "new"?
--
In a realm outside causality and function | |
| | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast Formerly ..
| Re: So Misguided said by B :Bruce is an amazing security talent but sometimes his general public writing is misplaced. For starters, he makes a false assumption that other people are just like him and use all their computers OUTSIDE the home or office, at public hotspots no less. Most people I encounter NEVER move their computers out of their homes, usually because... they're running desktop PCs! Further, his assumption that other people, those NOT security professionals, can "secure" their computers for both public WiFi and local network use is rather amazing. It's as if botnets never existed. As if everyone already had properly configured routers and updated OSes. He tarnishes his reputation with these pieces, in my opinion. -- B P.S. WPA is "new"? No his point is more people should be like him.
You guys don't really see his point of view here. And i can say I share his point. But I close mine up because I need my bandwidth.
In the real world the user should not be the "security force" but should be the person in the building.
As a sys admin and security oriented person I say he is spot on. The guy is right. Every system should be secured by default for the road warrior. There should be no excuses.
In my eyes the man makes a strong point and strengthens his rep. You shouldn't have to be a security guru. The OS should take care of that and you should just use it.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | B
Premium,MVM
join:2000-10-28
| Re: So Misguided said by BosstonesOwn :No his point is more people should be like him. You guys don't really see his point of view here. And i can say I share his point. But I close mine up because I need my bandwidth. In the real world the user should not be the "security force" but should be the person in the building. As a sys admin and security oriented person I say he is spot on. The guy is right. Every system should be secured by default for the road warrior. There should be no excuses. In my eyes the man makes a strong point and strengthens his rep. You shouldn't have to be a security guru. The OS should take care of that and you should just use it. I don't follow you -- what does "should be" and "shouldn't have to be" and "should take care of" have to do with... anything?
To any reader, technical or general, he is saying that WiFi security is overblown and he'd rather see everyone with wide open access points (apparently for his convenience and for the greater good). I see nothing in his article about how OS and application vendors should be securing things properly so WiFi security isn't so much an issue -- he's saying WiFi security isn't so much an issue right now, today, with the clueless users and leaky OSes and apps we have RIGHT NOW.
And so I think you're both wrong... Maybe we read different articles. 
-- B
--
In a realm outside causality and function | |
| | | | BosstonesOwn
join:2002-12-15
Everett, MA
clubs: | Re: So Misguided Maybe I took the article in a different view. | |
| Syian
join:2007-12-20
Gwinn, MI
·Charter Pipeline
| hm. local security > wifi security. always.
secure your personal machine before you start worrying about securing the wifi network....not that i'm saying it's a silly idea to secure your network, but, really, all of the WiFi security options available to the regular consumer market right now aren't nearly as secure as, say, setting up decent local security on the machine (for gods sakes, windows users, stop running your regular user logins as Admin... >--
--
i used to belive in people.
then i worked in telcom.
it burned out my naivety | |
| voyager6868
join:2003-01-29
Waterloo, ON
·Bell Sympatico
| Too Trusting I guess he forgets that there are some things you can't really control, like software bugs. If Windows or Linux or MacOS software or operating system has the right kind of bug then no matter how secure you try to make your system, it can still be hacked if you don't have a firewall.
Having a firewall adds an extra level of protection against these sorts of problems.
Maybe Bruce wrote his own OS and all his own software and is confident that it's 100% bulletproof? | |
| | voyager6868
join:2003-01-29
Waterloo, ON | Re: Too Trusting When I say firewall, I actually mean a router that has a firewall plus good wireless network security, etc.. | |
|
tmh
@comcast.net
| Securing your computer - yeah right If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter...
After many man-years of making Windows XP "secure", Microsoft is still issuing critical updates with mind-numbing regularity.
Good luck trying to make your computer "secure" with a few tweaks. | |
| mgbaker
join:2000-05-14
Charlotte, NC
·RoadRunner Cable
·Covad Communications
edit:
January 10th, @03:02PM
| Did Bruce brain fart? I think Bruce is one heck of smart guy, and I've been reading his stuff for years. However, while he has a point, I think it's an extremly bad idea to suggest folks not be concerned with securing their routers/networks. IMO, just dumb. I'm really surprised he wrote such nonsense. | |
| 
wesm
Wyvern.Org
Premium
join:1999-07-29
Saskatoon, SK
clubs:
| If I were single, sure... ...however, there's other people whose computers connect to my wireless network in my home (wife and kid's laptops stand out as nice examples), and when it comes to "security" vs "convenience," I can only lock their computers down so much before it becomes a pain for both of us. The home computing environment is not a corporate setting where users have to accept the security policies no matter what. Therefore, I do the best I can to make sure that viruses and spyware are prevented, but I also take the extra measure of locking the wireless network down tight.
If my network consisted solely of machines I use by myself, I would make my wireless network free and open. As it is right now, I prevent a lot of headaches by securing everything "reasonably well" such that it adds up to being secure.
--
Opinions expressed here are mine and not my employer's. This posting is provided "AS IS" with no warranties, and confers no rights. | |
| 
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| Security Idiot quote:
Well-known security expert Bruce Schneier pens a piece for Wired News saying that he runs an open Wi-Fi hotspot at home (no access password, no encryption).
Sorry, calling someone who advocates this sort of thing a "security expert" is like calling Britney Spears an expert at good parenting.
Running open wifi by choice is beyond stupid. This idea needs to be smashed into people's minds. Anyone who advocates otherwise, especially someone proclaimed to be a "security expert" by some, is doing the world a huge disservice.
--
Only SHATNER is Kirk. | |
| | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
| Re: Security Idiot said by pnh102 :Sorry, calling someone who advocates this sort of thing a "security expert" is like calling Britney Spears an expert at good parenting. Running open wifi by choice is beyond stupid. This idea needs to be smashed into people's minds. Anyone who advocates otherwise, especially someone proclaimed to be a "security expert" by some, is doing the world a huge disservice. I agree. Bruce can do what he wants for HIS network, but he shouldn't be advocating that as a a good idea for the millions of people out there that have to be browbeaten in to taking even the most basic security steps.
--
Internet News
My BLOG
My Web Page | |
| 
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
·Comcast
| My wireless is secure When I travel and want to use a wireless connection (like at the hotel), I bring along my Zyxel P-330W.
It has a nice little feature which uses the wireless connection as the WAN adapter. My computer is hard wired to the LAN side. The firewall keeps all traffic out. | |
| 
Adam20
Premium
join:2007-07-19
Sarnia, ON | Oh My Not an open wireless network!!! top story news;) | |
| 
MoeDumb
"America Si, Obama No."
Premium
join:2002-09-23
|  How can the person who wrote that
This is how I protect my laptop.
There are several whole-disk encryption products on the market. I use
PGP Disk's Whole Disk Encryption tool for two reasons. It's easy, and I
trust both the company and the developers to write it securely.
(Disclosure: I'm also on PGP Corp.'s Technical Advisory Board.)
Setup only takes a few minutes. After that, the program runs in the
background. Everything works like before, and the performance
degradation is negligible. Just make sure you choose a secure password
-- PGP's encouragement of passphrases makes this much easier -- and
you're secure against leaving your laptop in the airport or having it
stolen out of your hotel room.
The reason you encrypt your entire disk, and not just key files, is so
you don't have to worry about swap files, temp files, hibernation
files,
erased files, browser cookies or whatever. You don't need to enforce a
complex policy about which files are important enough to be encrypted.
And you have an easy answer to your boss or to the press if the
computer
is stolen: no problem; the laptop is encrypted.
PGP Disk can also encrypt external disks, which means you can also
secure that USB memory device you've been using to transfer data from
computer to computer. When I travel, I use a portable USB drive for
backup. Those devices are getting physically smaller -- but larger in
capacity -- every year, and by encrypting I don't have to worry about
losing them.
I recommend one more complication. Whole-disk encryption means that
anyone at your computer has access to everything: someone at your
unattended computer, a Trojan that infected your computer and so on. To
deal with these and similar threats I recommend a two-tier encryption
strategy. Encrypt anything you don't need access to regularly --
archived documents, old e-mail, whatever -- separately, with a
different
password. I like to use PGP Disk's encrypted zip files, because it also
makes secure backup easier (and lets you secure those files before you
burn them on a DVD and mail them across the country), but you can also
use the program's virtual-encrypted-disk feature to create a separately
encrypted volume. Both options are easy to set up and use. (excerpted from Bruce Schneier's CRYPTO-GRAM, December 15, 2007)
--
"tick...tick...tick..."
»www.jtf.org/
| |
| grumpy3b
join:2001-12-11
Lompoc, CA
 ·Millenicom
·DSL EXTREME
| Darwin was right and we should let it happen... There is no such thing as a secure system if it has first, wireless and/or 2nd, connected to the outside world.
Part of the motivation for the article might be that even with full on consumer grade WPA enabled given enough packets can not a consumer grade wifi router be hacked? If you really want to get down to the nub, all locking down a wifi router does is eliminate the curiosity and accidental connection factors. A seriously motivated hacker sort can get in...eventually.
I can agree that it is silly not to lock down your system as much as possible but the only reason would be due diligence in case your neighbor's kid gets caught browsing porn using your open connection and you get sued...don't laugh it off, people today want to blame the rest of us for their kids misbehavior. Then again you might as well be held liable for leaving your keys in your car, having it stolen and used to rundown a bus-load-of-nuns. Same difference in my mind...same silliness.
Would it not also be negligent to enable WEP over WPA? WEP can be cracked in like what 30-secs?
I agree with his point that one needs to secure their own system. Problem is these days every bit of software wants full unrestricted access to phone home, xmit user stats or simply verify registration. How is a typical user to know when this is OK and when it's not? And really it is never OK as far as I am concerened. I could care less about protecting a company from their applications being pirated...that does not entitle them to access my systems anytime they want. But this is being built into almost all "upgrades/updates" of software these days. So how is a home user to secure a system that is built to bypass security? Even Sony tried to bypass the issue with their root-kits.
I guess what we all need to do is run everything from within a VPC session and run nothing directly within the OS. Until hackers begin to figure out how to crack out of the VPC environment.
Either that or back to sneakernet and DOS 3.11... I guess I kind of agree and disagree with him, you cannot herd cats and you cannot stop people from being careless or stoopid if you try to nanny them every step of the way. Darwin was right...but we are preventing natural selection and evolution by preserving the stoopid. | |
| 
jmycknshk
...bring your green hat
join:2004-07-02
West Chester, PA
| moronic... if i were his neighbor, i'd be locking him out of his network on a daily basis...just for kicks.
--
Blogging is fun... »techblik.blogspot.com
| |
| moschops
Premium
join:2003-12-20
Oakland, CA
| Glad I'm not the only one I read Bruce's Wired story before taking note of who wrote it and found myself thinking "this guy is WRONG", lets just say I was pretty shocked when I saw his name at the bottom...
Apart from all the other good comments made above, the one thing that really stood out for me was:
I remain unconvinced of this threat, though. The RIAA has conducted about 26,000 lawsuits, and there are more than 15 million music downloaders. Mark Mulligan of Jupiter Research said it best: "If you're a file sharer, you know that the likelihood of you being caught is very similar to that of being hit by an asteroid."
I'm sorry Bruce, but to cite that comment by Mulligan without pointing out how wrong it is, is just plain sloppy. 26,000 lawsuits out of 15 million downloaders (I don't know where that figure came from) is 1 in 576 and the ods of being hit by an asteroid are conservatively millions to one. Maybe if RIAA sued only one person per year that might be right, but as stated its clearly bogus - even subjectively the odds are just worlds apart and that statement is very misleading.
Basically by the figures he quotes you're ten times more likely to be sued by the RIAA for downloading than die in a car crash per year (approx 1 in 5000).
I hope hackers are lining up to download music outside his house... never mind those with kiddie porn and spam to share, at least until he posts a retraction or correction that is. | |
| mike12806
join:2007-08-28
Milton, MA
·Comcast
| VLAN Just do what I do, get a router that allows multiple but seperate SSID's with VLAN's, then if you want, offer up one SSID for internet access but have it partitioned off from your intranet. Great for visitors or other people in my house who want internet but I dont want on my network. | |
| | grumpy3b
join:2001-12-11
Lompoc, CA | Re: VLAN that's NICE...shows how out of touch I am since retiring from network design. That is VERY cool. It has to be easier then setting up limited user accounts for visitor's unless absolutely needed. | |
| 
root9
join:2005-04-08
Kitchener, ON
·Bell Sympatico
| Security Expert? Hahaha Bruce, you must be slightly misinformed.
You forgot to mention that in North America alone identity theft is between 8 to 24 Billion dollars per year. The number of kids getting lured outside their homes is rising. Threats from kids on kids is rising as well. Maybe you missed the number of deaths, rapes and abuses in North America due to this. Corporate theft and intruders to privacy is skyrocketing.
And you call yourself a security expert? Ha!
Just at home we have as basic security:
Internet coming in => high speed high security firewall box => hardened Linux firewall / router / Tarpit => custom security WIFI router [which visitors may use only after passing security checks] => another security hardened box => then and only then a secured LAN.
Still, about once to 4 times a year my expert buddy nukes at least one of my boxes and leaves his personal message on desktop. In most cases all Windows boxes.
For traveling we only use Linux Live CD's with encrypted HD's, secure router then hardware firewall to boot.
Thanks for your opinion. If you ever come and ask for a job at my business be sure get your kick before being thrown out on your ass for even suggesting such idiotic ideas.
Moral of the facts: Use as much security as possible!
To add:
Let's not forget to use personal and public rotating proxy servers, encrypted chats and all communications for that matter, never use Windows as personal or private communications or to keep important information on, never do internet banking unless it's fully encrypted.
It's none of ISP's, Government's, or anyone else's business what a person does! | |
| |
alienman
@pacbell.net
| Re: Security Expert? Dude,
Your way too paranoid and probably draw more attention to yourself than most people want.
If I hide my valuables behind fort knox, people will look at fort knox and say "boy with that security, there must be something good in there, I'm gonna break into it".
If I hide my dirt collection behind fort knox, people will still look at fort knox and say "boy with that security, there must be something really good in there, I'm gonna break into it".
Moral of the story, use massive security to protect your best interests and prized possessions. Use common sense for most everything else.
Common sense says you lock your car when you get out of it. Months ago, I forgot to do just that. The next morning, I came outside to find that someone rummaged through my car, took an almost empty pack of smokes, and 27 cents in change, left $6000 worth of stereo equipment and everything else. Moral for me, lock my car. I decided it was better to let the car do that automatically, so I changed the alarm to auto-arm, instead of passive alarm. I get out of the car, forget to lock it, and in 30 seconds it auto locks.
The only problem is when you lock your keys in the car with this approach, which happened a few times in the beginning after setting it to auto-lock, but I got used to ensuring that I had them on me before the door was closed.
I agree in part to the reasons behind what Bruce is probably saying, but use common sense. The average person should not be leaving their router unlocked. However, truthfully, I see no reason to use anything beyond WEP. Your talking about WIRELESS here. Anything that is transmitted in the air is also able to be captured by unwanted devices and hackers. It might take them longer to figure out how to get in, but eventually with enough work they will get in.
In your case, you open yourself up to people breaking in just to prove that your "hot shot secure" network is just paranoid delusion about how secure you can really be. | |
| | |
root9
join:2005-04-08
Kitchener, ON
·Bell Sympatico
edit:
January 11th, @02:26PM
| Re: Security Expert? This debate can go on forever so I'll make it simple.
Internet was rejected by US DOD for it's insecure nature and given to Universities and public to share knowledge for all mankind. You put it on the net and it's free for all ,, unless you secure it properly.
Enter the "idiot intruder" and all was still good till Microcrap got on Net. Now all hell broke loose: vulnerabilities, Bots, spyware, worms, reporting appz, malitious code etc.
As a Network & Systems Analyst, business owner / repair person I see most of them every day. If an OS or software can't provide basic personal security it's crap.
With server capabilities of present OS's and today's WIFI it's easy to infiltrate any Win box out there without add-on comprehensive security, then get at a secure box.
I've had some idiots drive by and break into a WIFI I was testing and messed up close to $100,000 in home equipment. Lucky I called my biker buddies and they caught them. Punks were made to fix all damages and then some. I can tell ya that they will never do it again
Using a tarpit has given us insight into demographics of attackers. Most are US companies, US government, SPAM mafias, US based gangs, Oriental / Russian / African gangs follow, and kids that don't know better. I have a dumb server for those as well.
I have left my good car unlocked in my driveway. I also stuck a knife under the drivers seat pointing up. You can imagine what happened. I've left my bike there as well ,, with buddies pitbull and rottie unleashed.
We have also tracked ripoffs to their destinations and charged them. We run a high speed WIFI for Free and with triple encryption as long as you belong. To date Rogers, Sympatico and Telus are pissed due to us providing good security for neighbourhood and PC's. And because we share TBs of security video and other files of our hood. They have been trying to shut us down for yrs.
To date we have cleaned up 3 US based gangs out of our hood. We have even caught banks trying to look into PPL's boxes, stopped over 100 kids from being abducted, teens from ending up as hookers, lots of small businesses from being nuked, etc. etc. And this an average area of town.
And you tell me to use common sence and where Bruce is coming from? I think your philosophy is slightly flawed. I / we will use all the security that can be. With today's kind of intruders you need to. Anyone in our area with unsecured box is automatically warned, educated and or nuked. If you want we'll be glad to send the gangs and problems your way.
The only reason this is being posted from a crappy Sympatico account is due to us testing it and getting information on them about ripping PPL off. | |
| cabetcl
Premium
join:2003-01-08
Millington, NJ | I also don't use password or encryption (WEP) The reason I don't use encryption is because of its overhead. So instead I use Mac filtering. you tell the AP what mac addresses it will talk to. This will prevent other people from using your internet. | |
| | Renthal
join:2005-10-16
Otterbein, IN
| Re: I also don't use password or encryption (WEP) MAC authentication should be used in conjunction with other forms of wireless encryption and not alone. MAC addresses can easily be spoofed. All it takes is a quick sniff of your wireless AP with a functional wireless client attached. All one needs is a couple beacons from the wireless client. Spoof the client MAC address and you're connected.
I was going to recommend a dual radio AP with VLAN, but it's already been recommended. It's possible to take it even a step further and limit bandwidth on the open node. | |
| | |
Anon users
@anonymouse.org | Re: I also don't use password or encryption (WEP) "Feel the force!!!", Bruce, why are you asking people to lower the defence??? | |
| |
DRM Killllller
@alphared.com
| said by cabetcl :I use Mac filtering. you tell the AP what mac addresses it will talk to. MAC address filtering is the lamest security you can use. If you feel more secure with MAC address filtering, you should do as Bruce says and leave your AP open. At least then you would know that your fucked. | |
| | | cabetcl
Premium
join:2003-01-08
Millington, NJ | Re: I also don't use password or encryption (WEP) Humm, good to know. Thanks for the info. I'm now activating WEP.... | |
| | | |
|
|
