[Rhodes22-list] WiFi security

Robert Skinner robert at squirrelhaven.com
Sat Dec 8 10:01:04 EST 2007 

Slim, et al.

Herb is dead on.  Everything he says is correct.  Lock up your WiFi.

Two more issues:

* Your ISP is in a position to log all accesses from your router into 
the Internet.  If someone joins your WiFi net and is going thru your 
router into the Internet, you could be blamed for whatever they access.

For example, the neighbor's nasty kid could send an 
email bomb threat to his school via your WiFi router.  
The address on the message would be yours.  You would 
have to prove that it wasn't you who sent it - 
difficult, if not impossible.

* Whoever owns the WiFi net you are joining when on the road can see 
everything you send or receive - incloding your passwords, if not 
encrypted.

For example, when you are in Podunk playing (insert 
name here), you slip over to a local Border's book 
store to do a little on-line banking.  Some savvy kid 
working at Borders has a sniffer (network analyzer) 
on the WiFi router.  It records all your 
transactions.  He can decrypt them later (if they 
are encrypted) at his leisure.

/Robert
-----------------------------------------------------------------------
Herb Parsons wrote:
> 
> OK, don't want to be one of those "the sky is falling types", and
> frankly the email below sort of got off topic a bit, but here goes:
> 
> If you set up encryption on your WiFi at home, you don't have to deal
> with the "hassle" of remembering the password. Most computers are (and
> those few that aren't can be) set to "remember" your password for any
> given SSID. I know that's probably Greek (maybe "geek"?) to you, but it
> basically means you won't have to remember the password just to use your
> WiFi.
> 
> I'm going to precede this by saying most of the warnings I'm about to
> give are "bad case" scenarios - definitely not "worst case", but they're
> not likely to happen. The number of people with all the right
> ingredients - skill to use your open system, desire to use your open
> system, and proximity to use your open system - is really probably
> pretty small; but then, do you REALLY want to take that chance?
> 
> Your cavailer attitude is because you don't completely understand the
> issue. First of all, you give a little away when you say "I do a little
> online banking". Your mistaken if you think that the worst they could do
> would be to transfer money from one account to another. With your bank
> information, they can theoretically get enough  to transfer money from
> your account to any account they want. It wouldn't be easy, but it could
> be done.
> 
> There are other issues though? Got any enemies? Shoot, you really don't
> even need enemies, just someone out to have a little "fun" could do it.
> Grab your system, put a few pics of naked little girls on it, then call
> in an annonymous tip to the authorities. That's not NEARLY as hard as
> the one listed above.
> 
> Don't think of it only in the context of them being able to look at (and
> use) the contents of your computer, think of as them being able to watch
> everything you do on your computer, and even "become you" on it.
> 
> Do you REALLY want that type of exposure?
> 
> BTW, being behind a router doesn't protect you from them. They're
> attaching to your wireless at the same point you are, on the same side
> of your router.
> 
> Securing the wireless isn't really hard to do. This site might help you
> http://www.jiwire.com/wi-fi-security-home-networks-1.htm (I linked to
> the pertinent part, but it wouldn't be a bad idea to read the whole thing).
> 
> Steven Alm wrote:
> ...
> > One issue is that I do indeed have an open WiFi at my home.  First, I don't
> > even know how to set it up with a password and second, I'd rather not have
> > to put in a password every time I go online.  My wife would also see that as
> > extra hassle.  And why should I worry anyway?  All anyone would find on my
> > computer is a sh*t load of music and a lot of pictures of boats, email to
> > you guys, and flight itinerary for my next trip.  The only thing even close
> > to being confidential is my folder where I keep info on my travel expenses
> > and other deductions.  Hardly worth anything to anybody but me.  I do a
> > little online banking and some bill paying but that's all encrypted and
> > password-protected.  I think the worst they could do would be to transfer
> > money from my savings to my checking.  I check with the bank periodically
> > and they have reported no Tomfoolery.  My apologies to anyone named Tom and
> > no implications are implied.
> >
> > The technology is bit over my head but since I use a router, doesn't that
> > keep me safe?  I have, on occasion, snagged some one's private WiFi signal
> > so I could get on line but it never took me to their computer.  Then again,
> > I'm no hacker and wouldn't know where to begin.
> ...

More information about the Rhodes22-list mailing list