[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1084400183.26344.13.camel@Star.BerthoudWireless.net>
From: security at 303underground.com (Scott Taylor)
Subject: Wireless ISPs
All the latest key managing algorithms, the TKIP, CKIP+CMIC, WPA - they
all offer a huge improvement over static WEP keys. But not all client
devices support their features. Most of the wireless bridge devices that
customers are willing to buy support either no encryption or a static
WEP key. Try telling a customer they must buy a $500 cisco workgroup
bridge, plus $100 antenna, plus cable, plus installation... Just so
their device can authenticate with EAP. It doesn't work out so well. Its
enough to get them to drop $300 on a bridge with integrated antenna and
power over ethernet. Cheaper, easier to install, but no advanced
authentication possible. Its a good solid wireless link. Wireless is
inherently sniffable anyway, so its not a huge loss.
Most of these customers want to play their online games and download
their porn. The fact that its not encrypted is not a huge business risk.
Companies that do allow employees to connect to the corporate network
from home should insist on not just appropriate VPN software, but
require some degree of firewalling and virus policies on all computers
that can connect. To some degree I've seen or implemented such policies.
Businesses too lazy or incompetent to do so, well, thats their problem.
In the meantime I'll do my best to keep customers connected, offer
secure options whenever possible, and keep watch over the network as
spikes in usage have identified customers who had inadequate virus
protection, and their link was terminated until they took corrective
action. Aside from that, its a big nasty internet out there. And it'll
continue to be that way.
On Wed, 2004-05-12 at 11:13, Schmidt, Michael R. wrote:
> It is one part not knowing and one part training. And there will always be the people who are just plain and simple too stupid to deal with reality, that's where we get drug addicts, drunks and people smoking that last cigarette as the take their last breath... These people are taught, they have been told, but they still do stupid things. It's the nature of the beast people, get used to it.
>
> Sure a small child would drink bleach cause they didn't know better, but grown adults sniff glue and paint, someone somewhere they learned but what? It didn't take. People are sheep and need to be told what to do, deny it all you want but it is the truth.
>
> That's why we require responsibility - or at least registration before we let citizens do some things, like drive, like drink, how about getting on the net?
>
> How hard would it be to have a few companies start a "secure" Internet? All access is by licensed know individuals. No more hacking, no more slacking. If we don't know you, then you don't get access. If suspicious activity comes from you IP you get closed down till we know your machine is safe. That's where I'd go for all of my financial transactions. The Internet is the Wild West and I am only there because it is the only game in town. And think, with a "restart" it could be built right from the start.
>
> Come on people we let terrorists and criminals in on this thing voluntarily. How smart are we?
>
> Keeping my home network safe requires way too much freaking time - but since we are pioneers I am willing to take a few arrows, but someday this wild and wooly place will grow up, become civilized and you'll all start carrying a "Net" license in your pocket
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Valdis.Kletnieks@...edu
> Sent: Tuesday, May 11, 2004 6:05 PM
> To: Maarten
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Wireless ISPs
>
> On Wed, 12 May 2004 00:18:37 +0200, Maarten <fulldisc@...ratux.org> said:
>
> > Who, in their right minds, will read their email anyhow over an unencrypted
> > wireless link ? That's asking for trouble, ie. information-leakage.
>
> The 99.98% of *real* *users* who are so clueless as to not *know* that it's a
> bad idea. How many subscribers on this list? 30K, maybe? What percent of the
> several hundred million internet users is that, anyhow?
>
> Who, in their right minds, would drink bleach out of the bottle under the sink?
> Nobody - but the first thing most parents do is put a *lock* on that cabinet,
> or move the bleach, because we know that the toddler *isnt* in their right
> mind, and will need several years of learning before they are.
>
> The same exact logic applies when talking about users. They do things because,
> just like the 3 year old, they DONT KNOW ANY BETTER.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Scott Taylor - <security@...underground.com>
If I kiss you, that is an psychological interaction.
On the other hand, if I hit you over the head with a brick,
that is also a psychological interaction.
The difference is that one is friendly and the other is not
so friendly.
The crucial point is if you can tell which is which.
-- Dolph Sharp, "I'm O.K., You're Not So Hot"
Powered by blists - more mailing lists