Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sydney Has 10,000 Unsecured Wi-Fi Points

samzenpus posted more than 3 years ago | from the throw-a-dart dept.

Australia 176

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

cancel ×

176 comments

Sorry! There are no comments related to the filter you selected.

Ah! (1)

crow_t_robot (528562) | more than 3 years ago | (#36797910)

No wonder they implemented a filter!

On the other hand.. (2)

cc1984_ (1096355) | more than 3 years ago | (#36797970)

Maybe they all 10,000 residents read Bruce Schneier's blog:

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html [schneier.com]

Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night :)

Re:On the other hand.. (1, Insightful)

hairyfeet (841228) | more than 3 years ago | (#36798304)

With all due respect to Mr Schneier', whom I respect greatly for his knowledge on security, I'd argue he is making a common mistake that could cost him dearly.....he is thinking rationally like a geek and assuming the world will think like him which sadly it rarely if ever does. His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it.

You see he thinks he can simply speak rationally to the cops and they will see their mistake and with a tip of their hat kindly go away. Bullshit. I have a friend in the state crime lab and even in a small state like mine you are looking at as much as a year and a half of backlog sometimes. Guess where you'll be while you wait for your confiscated machines to be scanned? Judges don't like handing out bail for anything like that for fear they'll be seen as soft on perverts.

So while I wish the world truly worked like Mr Schneier thinks it would, and hell maybe he is famous enough it might work that way, for most of us and probably himself as well betting the next couple of years of your life on it is foolish IMHO. This isn't rational times, there is a witchhunt going on where even the mention of that word can have you arrested. Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime. The same with the guy busted for writing his fantasies in his diary which his therapist had suggested. Hell depending where you are a crudely drawn Lisa Simpson cartoon could have you thrown in PMITA prison!

I would argue in such a hysterical climate that simply leaving your door open like that is inviting disaster. Mr Schneier talks about "people parking in front of his house but depending on where his AP is a cantenna could nail it from quite a distance away and he would be none the wiser. That is until he is face down with a gun in his back being held by the nice man with the riot gear on.

Re:On the other hand.. (0)

Anonymous Coward | more than 3 years ago | (#36798494)

His biggest risk is if someone uses his connection to look at child porn,

If someone accesses child porn from your IP and your WiFi is unsecured, it'll look better for you than if someone accesses child porn using your WiFi and it IS secured.

I'm with Bruce - I want there to be free WiFi in the world. The first step is making your own WiFi free. You can set rules and limits on it like blocking BitTorrent traffic and using a blacklist, and you'll still be doing people a favour.

I can only assume you're living in fear because you live in America.

Re:On the other hand.. (1)

BitZtream (692029) | more than 3 years ago | (#36798510)

You see he thinks he can simply speak rationally to the cops and they will see their mistake and with a tip of their hat kindly go away.

Its more likely that he's confident in his abilities and confident that he could convince a court of law that he is correct. Being that he and his company have been called on many times as expert witnesses in this sort of thing, I'd say he's probably got a good handle on what he can legally get by with.

Of course, I still think the open wifi is retarded for a number of reasons.

And you seem to think America is a gestapo police state already so this whole discussion is probably pointless for you, eh?

Re:On the other hand.. (1)

Lumpy (12016) | more than 3 years ago | (#36798542)

What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

Re:On the other hand.. (1)

PopeRatzo (965947) | more than 3 years ago | (#36798548)

Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime.

The fantasy that secured Wi-Fi spots are somehow "secure" is more dangerous than the possibility that your neighbor is looking a child porn via your access point.

By accepting that all Wi-Fi routers should be secure so nobody can use our access points to look at child porn, we're accepting the responsibility to always be a step ahead of motivated hackers and motivated perverts.

Open up the Wi-Fi. If a crime is done using a certain access point, then let law enforcement do their job and find the perpetrator. Let's not expect everyone who buys a wireless router at Best Buy to become a security expert and/or cop.

Re:On the other hand.. (0)

Anonymous Coward | more than 3 years ago | (#36798604)

Your fallacy is, that you think "law enforcement" would give a fuck about finding the actual perpetrator.
All they care about, is if it *looks* like he's caught. So any scapegoat will do. And since they are lazy, they will take the first scapegoat in line.
Which will be you with the Wi-Fi.
End of story.

Re:On the other hand.. (0)

Anonymous Coward | more than 3 years ago | (#36798550)

You probably missed this since it was below and after your post:

"Some of those might be intentional: I run an unencrypted wifi AP which is
bandwidth limited and routed through Tor as a public service. It is used regularly."
[http://mobile.slashdot.org/comments.pl?sid=2331432&cid=36797954]

Problem solved. No need for the defeatist attitude.

Google (1)

Anonymous Coward | more than 3 years ago | (#36797922)

This 'bunch of researchers' wasn't Google was it?

Re:Google (0)

Anonymous Coward | more than 3 years ago | (#36797946)

What? Wait.. What?? No. Why?

Re:Google (0)

Anonymous Coward | more than 3 years ago | (#36798244)

No it was wigle.net

How many of those were buinesses..... (4, Insightful)

robthebloke (1308483) | more than 3 years ago | (#36797928)

.. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

Re:How many of those were buinesses..... (4, Insightful)

Cimexus (1355033) | more than 3 years ago | (#36797976)

That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

10,000 points in a city the size of Sydney is hardly that amazing though...

Re:How many of those were buinesses..... (3, Informative)

L4t3r4lu5 (1216702) | more than 3 years ago | (#36798162)

There's a service called FON [wikipedia.org] which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

More common in residential areas where there are no companies to be tied in with other subscribers.

Re:How many of those were buinesses..... (1)

Inda (580031) | more than 3 years ago | (#36798672)

I tried to connect to one of these.

1. They wanted 3.00 GBP for 24hrs surfing
2. They wanted 10.00 GBP for a week.

3. And this is a big three: They wanted CC information. There was no HTTPS; I knew the router was sat in someone's living room; alarm bells rang loud.

Sounds like a good idea, but in practice, barge-poles and all that stuff.

Re:How many of those were buinesses..... (0)

tagno25 (1518033) | more than 3 years ago | (#36798722)

I tried to connect to one of these.

1. They wanted 3.00 GBP for 24hrs surfing
2. They wanted 10.00 GBP for a week.

3. And this is a big three: They wanted CC information. There was no HTTPS; I knew the router was sat in someone's living room; alarm bells rang loud.

4. They want you to have a Fon router for free unlimited surfing

Re:How many of those were buinesses..... (1)

chrb (1083577) | more than 3 years ago | (#36798166)

So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

You mean clueless people like Bruce Schneier [schneier.com] ?

Re:How many of those were buinesses..... (2)

SimonInOz (579741) | more than 3 years ago | (#36798180)

Well, one of them might be mine. I run unencrypted WiFi - but try and actually connect, and you'll find I have a list of MAC addresses I accept, so you won't get a connection. And yes, I'm in Sydney.

Re:How many of those were buinesses..... (1)

Anonymous Coward | more than 3 years ago | (#36798242)

So you only intend on keeping out the morons who don't know about MAC logging & spoofing? I guess that's one way to do it.

Re:How many of those were buinesses..... (0)

Anonymous Coward | more than 3 years ago | (#36798246)

That's how I operate my network. Is it "secure?" No. I am wise enough to admit that I don't know how to keep a dedicated infiltrator off of my network so I'll settle for the most convenient method for keeping casual freeloaders off and call it "enough."

Re:How many of those were buinesses..... (1)

fnj (64210) | more than 3 years ago | (#36798248)

Because of course they can't sniff the list and clone the MAC address.

Re:How many of those were buinesses..... (1)

delinear (991444) | more than 3 years ago | (#36798258)

I'm no security expert, but my understanding is any time one of your accepted devices attempts to connect to your network, it happily sends its MAC address over the air in plaintext and anyone with a free sniffer can grab the legitimate address, spoof it on their device and connect. Good for keeping out casual traffic, but anyone determined to get access won't see this as a barrier, I guess it depends what your aim is though (maybe you're happy to share with people who are techie enough to bypass the MAC authorisation but not with the world at large).

Re:How many of those were buinesses..... (3)

Zouden (232738) | more than 3 years ago | (#36798260)

Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

You'd be better off using WPA - more secure, more convenient.

Re:How many of those were buinesses..... (1)

jones_supa (887896) | more than 3 years ago | (#36798352)

And even though no one would clone your mac addresses, aren't you worried of someone eavesdropping your connection in general?

Re:How many of those were buinesses..... (0)

Anonymous Coward | more than 3 years ago | (#36798636)

Yes, the massive risks inherent in someone sniffing traffic to and from Slashdot, full of information that is available in no other way except by going to http://slashdot.org/.

Oh, and let's not forget the elite hackers who have broken all the SSL algorithms, but can't find anything better to do with this exploit then sit outside some guy in Sydney's house and intercept his banking passwords so that they can steal the $300 dollars (Australian) that he has in the bank.

Re:How many of those were buinesses..... (2)

Bert64 (520050) | more than 3 years ago | (#36798596)

What about the traffic going over the network? That's now open to interception by anyone within range...
Also its not hard to spoof a MAC address.

Re:How many of those were buinesses..... (0)

Anonymous Coward | more than 3 years ago | (#36798294)

Arguably this is the fault of router manufacturers who typically have the wireless unsecured as a default setting. Basic level users have typically learned that in most situations, default settings are their safest options without more advanced knowledge and its just sad that routers are a glaring exception to this.

Re:How many of those were buinesses..... (0)

Anonymous Coward | more than 3 years ago | (#36798450)

So yeah it'll mostly be clueless people...

Or possibly people who are providing free WiFi as a public service? I'd do this myself, if I lived within WiFi reach of street level.

Re:How many of those were buinesses..... (3, Informative)

bemymonkey (1244086) | more than 3 years ago | (#36798018)

I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

Very unfortunate :(

Pubs (0)

Anonymous Coward | more than 3 years ago | (#36798502)

Yeah, I've been trying to get funding for my research project: finding unsecured Wi-Fi access points in pubs and bars.

Here's my budget:

Equipment: $300
Beer: $50,000
Gas: $0

To cut costs, we were planning on stag...walking from bar to pub.

It's tough out there! Can't get any funding!

But how many of these are intended to be public? (0)

Anonymous Coward | more than 3 years ago | (#36797930)

But how many of these are intended to be public access points?

News Worthy? (1)

moniker127 (1290002) | more than 3 years ago | (#36797948)

Honestly I don't think this will come as a shock to ANYONE who has a wifi enabled device. There are unsecured access points everywhere in any given metropolitan space. I can get wifi reception in most places of three forks montana, a town with a population of less than 2000!

Re:News Worthy? (0)

Anonymous Coward | more than 3 years ago | (#36798184)

UK here and I very rarely see an unsecured WiFi (that doesn't end up having some other security, such as linking you through to a gateway that requires a login, or being IP/MAC address restricted). I live in a pretty big city and work close to the UK's second largest city, I've seen maybe two or three unsecured access points in the last decade. Most people here get their modem/cable router from the ISP and they're always defaulted with at least WEP and these days almost always WPA. I guess in countries where the ISP doesn't provide a modem/router it's more common to see unsecured points, but 10,000 seems like a huge amount to me.

Hell we have a few thousand on campus (4, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#36797952)

We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

Re:Hell we have a few thousand on campus (0)

Anonymous Coward | more than 3 years ago | (#36798216)

Why web-only? IMAPS + SIP come to mind as being eminently useful for mobile users.

Re:Hell we have a few thousand on campus (0)

Anonymous Coward | more than 3 years ago | (#36798796)

About not being assholes: the "you agree to to this shit" web page and blocking non-http traffic are prime examples of making mobile web almost but not really work. At least I don't normally open my web browser when I use my device on the go -- weather applet, twitter app, facebook app, email, IM, calendar, maps... all those things break silently on your setup.

I've told my android device to forget several open wifi networks because they basically break my network connectivity -- plain 3G is a lot better than a half-broken wifi. This is what I'd do to your APs as well...

Some might be intentional (4, Interesting)

the_other_chewey (1119125) | more than 3 years ago | (#36797954)

Some of those might be intentional: I run an unencrypted wifi AP which is
bandwidth limited and routed through Tor as a public service. It is used regularly.

Also not covered will be those with open APs but additional authentification/encryption
layers, e.g. using a VPN.

Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
ones I've encountered over the last two years or so seem to fall into the categories above) -
WEP "secured" APs are another story however, there is still a worrying number of those around.
And I'm certain most WEP users are entirely unaware of their de-facto openness.

Re:Some might be intentional (4, Interesting)

chewedtoothpick (564184) | more than 3 years ago | (#36798034)

What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

Re:Some might be intentional (3, Interesting)

the_raptor (652941) | more than 3 years ago | (#36798082)

It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

The recent surge in stories about this "issue" is imo a reaction to such developments.

Re:Some might be intentional (0)

Anonymous Coward | more than 3 years ago | (#36798144)

"which is bandwidth limited and routed through Tor as a public service."

-1 Redundant

Not secure at all (0)

Anonymous Coward | more than 3 years ago | (#36797956)

Two things: - Even with encryption such as WPA/WPA2 the wireless networks are not secure unless the password is frequently changed, say, once a day or so. - At 100 meters range, given the right environment, you would be able to detect the signal from a wireless transmitter using a built-in laptop antenna. However, if the cracker would invest in a more powerful antenna, the antenna could be placed even further away from the transmitter and still be able to catch the signal. "And that kids, is why wireless networks are not safe."

Re:Not secure at all (1)

sqrt(2) (786011) | more than 3 years ago | (#36798064)

WPA has no structural flaws. It's as strong as the passcode you use. If I use a random 64 character passcode with a full alphabet (upper and lower case alpha, numerals, special characters) then I would comfortably give you until the heat death of the universe to crack it, that same password. It's not going to happen. You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

Re:Not secure at all (0)

Anonymous Coward | more than 3 years ago | (#36798290)

Yeah, here's an example of a random base-85 password for wifi purposes: O;dukCOTalqHp{+1K_N*b}m~0Vz,M/R*>[*ydk6@Pz~.rv%mQ.T8pz]SJ,@oIBb

People usually choose weak passwords because they want to be able to type them in manually, which is entirely stupid. At least go with a passphrase if you insist on doing that.

Re:Not secure at all (0)

Anonymous Coward | more than 3 years ago | (#36798330)

If I had any mod points left I would mod you up. WPA is very secure if you use a strong password that is 16+ characters in length. More so if you're using WPA2 in AES mode.

Re:Not secure at all (1)

wjousts (1529427) | more than 3 years ago | (#36798838)

You'd be better off kidnapping the owner and beating it out of them, that at least COULD work.

Or possibly not. I don't know about you, but I don't remember the 64 random characters in my passcode, and no amount of beating is going to make me remember. Of course, if you ask me where I wrote it down, that you could beat out of me, but it's on my desktop computer, and once you have access to that, all bets are off anyway.

This is news? (1)

rebelwarlock (1319465) | more than 3 years ago | (#36797962)

Sorry, I'm just not seeing how this would be news to anyone technically adept enough to be interested in reading slashdot. Unsecured wifi is a problem in every part of the world, from third world countries just learning to use it to the most advanced countries. Ten thousand is a big number, but it shouldn't come as a surprise to anyone.

Who cares (1)

tsa (15680) | more than 3 years ago | (#36797964)

So what? If you use an insecure connection you know you are vulnerable to people who like to read your email and see what websites you visit. And the owner of the connection risks getting all kinds of viruses for free, and people downloading pr0n and other stuff via her network. Who else but the two people I mentioned should care?

Monthly data quotas (2)

quantumphaze (1245466) | more than 3 years ago | (#36797988)

As an Australian I am quite surprised that the number is so high. Here it has been the norm for ISPs to tiered monthly data plans where you pay for how much you use. From cheap plans for $20/mo for a few GB aimed at old people who only forward on chain emails from 1997 right to 1TB plans for torrenting all that public domain and Creative Commons content. Once it's used up your connection is throttled to an unusable 64kb/s for the remainder of the month (though some ISPs sell data recharge things).

Unlike Americas "unlimited" one-size-fits-all these users are losing what they paid for. Why would people be so stupid as to let their neighbours use up their 25GB on their shitty Telstra plan? Is setting up WPA2 really that difficult? Can these people read an instruction manual?

I also find it depressing that WPS [wikipedia.org] even exists.

Re:Monthly data quotas (1)

delinear (991444) | more than 3 years ago | (#36798220)

Over here (UK) you can't even get a modem from an ISP that isn't defaulted to have WPA2 on (if you follow their wizard to set it up - and I have to assume anyone savvy enough to set it up without the wizard probably understands the risks or at least is making a conscious choice to go sans security). I'm more surprised that AUS ISPs don't have the same policy - the cynical side of me wonders if it's linked to the fact that they have data limits and sell extra data bundles, you're less likely to care about burning through data if your neighbour is paying (and most people don't know what X amount of GB equates to in page views/music downloads/video views etc), but more likely it's a support thing maybe, that modems with security enabled cost more to provide tech support when people set them up then forget their login details or something?

Open WiFi does not equal Internet Access (1)

Anonymous Coward | more than 3 years ago | (#36798030)

I run a open access Wireless AP, the SSID is "free wifi" and it redirects traffic to a local rickroll/nyancat video loop (randomizes each time)

Re:Open WiFi does not equal Internet Access (1)

jones_supa (887896) | more than 3 years ago | (#36798460)

Have people visited it?

Wait! (0)

Robod860 (974789) | more than 3 years ago | (#36798048)

Wireless networks are not secure even with WPA/WPA2, unless you feel like changing the password every other day. Even my grandma is sharp enough to follow the instructions on various youtube-clips for cracking WPA/WPA2..

It feels like all these wireless networks are just begging for someone to digging down a number of largers antennas/access-points around the city.. and start sniffing like crazy for passwords and credit card numbers. .. or maybe I'm just a paranoid fool for still using wires at home. :-p

Re:Wait! (1)

the_other_chewey (1119125) | more than 3 years ago | (#36798090)

Wireless networks are not secure even with WPA/WPA2, unless you feel like changing the password every other day. Even my grandma is sharp enough to follow the instructions on various youtube-clips for cracking WPA/WPA2..

Oh? Beyond brute-forcing with dictionary passwords? Mind providing a link to one of those videos?
I think I would've heard of WPA2 being broken, it being AES-based and all...

Re:Wait! (1)

BitZtream (692029) | more than 3 years ago | (#36798566)

You do realize WPA does on the fly rekeying ... RIGHT? The password changes over time automatically on its own, generally about once an hour ...

Even my grandma is sharp enough to follow the instructions on various youtube-clips for cracking WPA/WPA2..

Really? WPA2 eh? your grandma can do something no one else can do ... via non-existent youtube clips ... I am impressed.

Re:Wait! (0)

Anonymous Coward | more than 3 years ago | (#36798708)

The real vulnerability of WPA is not people who know nothing and just have it on by default, but the people who know enough to change the default password (which is usually "D35F18A5033B4D7" and is insecure, since it is the default) to something much more secure like "$NAMEOFCAT$FAVORITENUMBER" (which is much more secure, because it isn't the default and no-one else has that same password).

You can spot these networks pretty easily since the SSID is usually "MeAndMyCatsNetwork" instead of something like "AcmeISP-33749".

This is very sad (2)

gozu (541069) | more than 3 years ago | (#36798066)

There was a time when most WiFi hotspots were password-free and we could connect to the internet for free in most urban areas when we were travelling, with latencies and speeds that put 3G to shame.

Now, those times are gone forever. No more free internet for the casual user. No more sharing and love.

People like to talk about security but it's bullshit. We are not the winners in this ordeal. ISPs are. The security issues have an easy technical solution: The same one used by french ISPs to let its customers connect to other customer's WiFi.

They have a password-free Hotspot that sends you to web login and a separated, bandwidth-shaped VLAN for guests so they can't access network shares or do anything else.

R.I.P free WiFi. You will be missed.

Re:This is very sad (0)

Anonymous Coward | more than 3 years ago | (#36798318)

This is Australia we're talking about, though. Practically nobody except businesses and high-end consumers will have an unlimited connection or even a connection with a respectable amount of monthly downloads. For many people, random strangers going around town with their torrents going could easily be a tremendous inconvenience.

Re:This is very sad (0)

Anonymous Coward | more than 3 years ago | (#36798398)

I still get free WiFi in airports, McDonald's, and Starbucks off the top of my head.

My isp also supplies a few WiFi hotspots in high density areas.

Re:This is very sad (1)

jones_supa (887896) | more than 3 years ago | (#36798484)

The Finnish ISP Saunalahti had a "Wippies" project where you would get a free router and some cloud storage. The catch was that you complied to run a public wifi along your private network from the box.

Re:This is very sad (0)

Anonymous Coward | more than 3 years ago | (#36798578)

Agreed.

I am quite happy to have my neighbours share my wireless connection, which doesn't have a password. If everyone was rational about this there would be many more people sharing the cost or just letting others mooch. I don't really see the people upstairs as a security threat; they know where I live, I know where they live, they have a vested interest in not pissing me off, and besides they have easy access to my snail mail and my front door anyway, both of which are much better attack vectors if they want to frame me or defraud me. On other hand the mythical 'child porn user parked outside my house' has access elsewhere to much lower-risk anonymous connections to the Internet.

This idea is very threatening to ISPs though, since it could divide their revenues by anything between 2 and 10. So they put WPA etc as standard on their routers. This doesn't quite eliminate those users who have older routers, who can't be bothered or who actively turn off encryption. So they reinforce the message with FUD like this article.

Think about it - if WEP or no encryption is a massive security issue, what about routers with configuration/update interfaces that can be accessed from outside the firewall by anyone who knows where to look? Why isn't fixing these a priority for ISPs and router manufacturers?

Re:This is very sad (1)

ScentCone (795499) | more than 3 years ago | (#36798612)

Now, those times are gone forever.

And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight, knowing that the only people who might drive it off without talking to you would be your neighbors, who you know will return it with more gas in the tank than they found. Not only that, the days of leaving your home unlocked seem to be fading, too. It's almost like there actually are people out there who are untrustworthy, willing to rip things off, and not at all worried about what the consequences might be (for you) when they do something illegal. Shocking, I know.

The good old days when only techie nerds had wireless networks are long gone. It's population-wide, now, and is thus caught up in everything else that happens population-wide (like fraud, theft, casual abuse, and all the rest). If you're sad about this, then you're actually just sad about civilzation.

No password =/= unsecured (0)

Anonymous Coward | more than 3 years ago | (#36798072)

But how many of those 2.6% have MAC address filtering? No password, but if you try to connect it won't work. You're not encrypted, so your packets can still be sniffed. But if you just want to stop casual users logging on and stealing your bandwidth it's a perfectly acceptable solution.

Re:No password =/= unsecured (1)

Chrisq (894406) | more than 3 years ago | (#36798138)

But how many of those 2.6% have MAC address filtering? No password, but if you try to connect it won't work. You're not encrypted, so your packets can still be sniffed. But if you just want to stop casual users logging on and stealing your bandwidth it's a perfectly acceptable solution.

because it's impossible to to spoof a MAC address isn't it.

Re:No password =/= unsecured (0)

Anonymous Coward | more than 3 years ago | (#36798284)

Sure, I guess a psychic could divine a working MAC address.

Re:No password =/= unsecured (2)

Chrisq (894406) | more than 3 years ago | (#36798316)

Sure, I guess a psychic could divine a working MAC address.

Or a non-psychic could simply look for one that is currently used and being accepted. Ideally you would monitor for a while and find one that is switched off, but it seems to work (with a high error rate) if you spoof an existing MAC address even when its active.

Re:No password =/= unsecured (4, Interesting)

Lumpy (12016) | more than 3 years ago | (#36798608)

I do it easier.. I have a spare 54GL sitting at the peak of my attic without any internet on it broadcasting about 60 AP's that say... Linksys, netgear, dlink, etc all open and unsecured. The cool part is the AP sits on a metal plate SHIELDING it's signal from my home. you cant see the AP's it's broadcasting from inside the house. (Knowing how RF works is a good thing)

It had two effects.

1 - it chased all the neighbors away from the channel I have them all broadcasting on.
2 - it forced all the neighbors to actually configure their routers to not have the name "linksys, dlink, netgear....." and they added encryption as they all show locks now.

Works great, and I am sure I give the wardriving kiddies as well as leaches fits when they try to connect to them. the one real AP up there called "FreeWifi" is my throttled and filtered free wifi AP I provide. works great and last time I checked it was getting used at least 5 times a week. It times out and drops you to a capture page every 50 minutes to annoy the cheap neighbors trying to leach. And no it does not mess up my WiFi as I use the channel it's on. it's the quietest channel for 4 blocks around because of my broadcaster.

I leave my WiFi unsecured because I'm a nice guy (2)

jampola (1994582) | more than 3 years ago | (#36798092)

I had a spare AP, so I decided to leave it open for the public to make use of my internet during the day. The AP is on a manual time switch (you know, the one that plugs into the wall) so it switches the AP on at 8am, switches off at 5. Real technical stuff I know but seriously, what's the deal with all the press surrounding unsecured wifi nextworks? Is it still 2005? Even if people have encryption or mac address filtering, it's not going to make the world of difference? If someone wants something other than internet, I'm pretty sure 9/10 of those people know how to crack a wifi password or spoof an mac address. I think the important question is, how many people leave the default router password as the same? or how many un-patched windows/mac pc's are sitting behind that router?

Re:I leave my WiFi unsecured because I'm a nice gu (1)

bloodhawk (813939) | more than 3 years ago | (#36798392)

It isn't about not wanting to be nice, nowadays when police kick the door down first and ask questions later you don't want to be in a position where the local pervert has an easy route to browse his kiddie porn through YOUR network. Even if you can later prove it wasn't you the hassle and trouble involved is just not worth the risk. Even when most use crap security there generally is no point to breaking it as there is nearly always some other moron that leaves theres open. Even from my living room where I am typing this I can see 11 AP's, 2 of which are completely open.

Re:I leave my WiFi unsecured because I'm a nice gu (1)

jampola (1994582) | more than 3 years ago | (#36798456)

Nono, I understand but since I live in Thailand (and not in the US), they've pretty much blocked everything already! Plus, even in Thailand, they do a little bit of investigation before actually throwing someone to the ground and hand cuffing them!

Cheap Jerseys From www.buy-cheapjerseys.com (-1)

Anonymous Coward | more than 3 years ago | (#36798150)

The National Basketball Association (NBA) is NBA Jerseys the pre-eminent men's professional basketball Cheap Jerseys USA league in North America. http://www.buy-cheapjerseys.com/ It consists of thirty franchised member clubs, of which twenty-nine are located in the United States and one in Canada. It is an active member of USA Basketball Replica Jerseys Was (USAB),[1] which is recognized by the International Basketball Federation as the National Governing Body (NGB) for basketball in the United States. The Cheap NBA Jerseys is one of the four major North American professional sports leagues, Cheap Jerseys which include Major League Baseball (MLB), the Wholesale Jerseys For National Football League (NFL), and the National Hockey League (NHL).
            Need More Information For Football Jerseys,Welcome Visit To http://www.buy-cheapjerseys.com/

Not so accurate (0)

Anonymous Coward | more than 3 years ago | (#36798154)

I really doubt the number cited here. Having travelled to Sydney many times on business, I can say clearly that open wireless is hard if not impossible to find. What's probably happening is that the access point has no password, but to access the internet, a login page needs to be used. Invariably, these are pay for services.

Note that it seems in Australia, sites require a user to accept T&C's before using the network, specifically stating they won't use it for downloading Child Pornography. As such, the direction seems very much to use captive portals, rather than just username / password logins.

Re:Not so accurate (1)

BitZtream (692029) | more than 3 years ago | (#36798592)

You traveled to Sydney many times ON BUSINESS ... and didn't experience a lot of the open wifi access points that are located in RESIDENTIAL areas ... shocker ... really

Unless you happen to be doing business in someones house, then your experience has no reason to match with these results.

Two words... (1)

pipedwho (1174327) | more than 3 years ago | (#36798170)

Plausible deniability.

Re:Two words... (1)

Jeff DeMaagd (2015) | more than 3 years ago | (#36798520)

Unfortunately, the pendulum of "justice" is that you're liable for wrongdoing on your connection. So if someone accessed child porn on your unsecured network, you're going to go through a big headache defending yourself.

Which is somewhat karmic given that a lot of geeks defend hacking, that anyone with their door unlocked deserve to be robbed, i.e. the liability for poor or non existent security should be on the owner, not the hacker. Now we're seeing exactly that, the tables have now turned to what geeks in the past want.

Your decision what world we live in (1)

jabberw0k (62554) | more than 3 years ago | (#36798562)

I refuse to live in a world where Americans need "your papers please" or where our police are thugs. I refuse to be bullied by the TSA. It is our choice what world we wish to live in. If you give in, you give up; That way lies fear, depression, and death. I live in the same bright world that Ronald Reagan spoke of, a city on a hill....

Sky Is Not Falling (1)

retroworks (652802) | more than 3 years ago | (#36798194)

So, evidently, Sydney has too many secured wifi points, right? 2.6% unsecured is less than the percentage of people with no financial information or anything interesting enough to steal... grandparents who don't do banking online are buying wireless laptops. Possibly, 2.6% of Sydney wifi administrators are confident of their ability to monitor access to their networks. If the ISPs take over the anti-virus implementation, as they are starting to do in the USA, the only problem would be lost business to the ISPs.

Hmmm.

Re:Sky Is Not Falling (0)

Anonymous Coward | more than 3 years ago | (#36798292)

I hate to further the environment of fear, but just because you only use the internet to check TV listings or find store opening times, doesn't mean you have nothing worth stealing. The fact that you have bandwidth is enough for some people - particularly those who would love to use the unsecured connection for criminal activity with virtually no way to trace it back to them.

What would be nice is some kind of public OpenID equivalent (maybe requiring a credit card to set up so there's some way to tie it to a specific person) and allowing access to users with an account. That way you get free WiFi when you're away from home, the philanthropic get to donate some bandwidth, the criminal element are put off because it's tracable (and there would have to be some way to exempt the WiFi owner from responsibility). I think BT is trialling something similar but only for its customers.

Why would you think that? (0, Interesting)

Anonymous Coward | more than 3 years ago | (#36798198)

I know all about security an I leave my network unprotected, on purpose, so other people can use it if necessary. If you know about security, then you also probably know that setting passwords on wifi won't guarantee you security anyway. Anything you want to e secure should be done over ssl, ssh, or VPN.

Another thing to mention, even if you use Ethernet, your data can be sniffed off the network as soon as it hits the ISP anyway if its not encrypted.

Re:Why would you think that? (1)

BitZtream (692029) | more than 3 years ago | (#36798630)

If you know about security, then you also probably know that setting passwords on wifi won't guarantee you security anyway.

IF you knew about security you'd knew that stopped being true 6 years ago.

Anything you want to e secure should be done over ssl, ssh, or VPN.

Really, so AES used for SSL, SSH or your VPN (assuming it does use something at least as powerful as AES) is somehow different than AES used in WPA2? Please enlighten me on how, I write this sort of software for a living, I'd leave to learn something new that no one else has ever heard of.

Another thing to mention, even if you use Ethernet, your data can be sniffed off the network as soon as it hits the ISP anyway if its not encrypted.

Unless of course, you're using SSL or some other for of encryption for your data ... and either way, broadcasting on an unencrypted wifi network is more like shouting your data at the top of your lungs in the middle of the street and then bitching that someone else heard it, where as a wired connection is more like a personal message sent through the mail. One is FAR more likely to cause you problems than the other for a number of reasons.

3... 2... 1... (1)

_0rm_ (1638559) | more than 3 years ago | (#36798208)

LAWSUIT!!!

Buenos Aires (1)

Anonymous Coward | more than 3 years ago | (#36798222)

I would say Buenos Aires probably has ten times that many unsecured wifi spots and we are actually proud of it.

So what? (2)

magloca (1404473) | more than 3 years ago | (#36798224)

I'm all for security and strong passwords and all that, but so far, no one has been able to give me a good enough reason for me to bother with "securing" my wireless network.

People can sniff your passwords! -- I don't send them in the clear; I use SSH and SSL for everything.

You'll get viruses! -- I don't trust my network; I treat it as part of the public Internet and use sensible firewall settings.

People will use your bandwidth! -- I don't care. My bandwidth isn't capped.

People will use your connection for child porn and you'll be sent to Gitmo! -- This is the only argument I've heard that has at least some semblance of relevance. It's still pretty weak, though. If it were true, cafes, hotels and similar establishments would find themselves in hot water all the time and I have never heard of such a case.

What else is there?

Re:So what? (0)

Anonymous Coward | more than 3 years ago | (#36798266)

I'm all for security and strong passwords and all that, but so far, no one has been able to give me a good enough reason for me to bother with "securing" my wireless network.

People can sniff your passwords! -- I don't send them in the clear; I use SSH and SSL for everything.

You'll get viruses! -- I don't trust my network; I treat it as part of the public Internet and use sensible firewall settings.

People will use your bandwidth! -- I don't care. My bandwidth isn't capped.

People will use your connection for child porn and you'll be sent to Gitmo! -- This is the only argument I've heard that has at least some semblance of relevance. It's still pretty weak, though. If it were true, cafes, hotels and similar establishments would find themselves in hot water all the time and I have never heard of such a case.

What else is there?

I think you'll find that in Australia bandwidth caps are the norm, so most people won't open up their wifi for that reason. If my connection was uncapped, i would open it in a heartbeat.

Re:So what? (1)

trust_jmh (651322) | more than 3 years ago | (#36798400)

What else is there?
The contract with ISP forbids it.
My ISP is one of the best in the country, unlimited and without traffic shaping. It does come with the condition of only to be used by my household.

Re:So what? (0)

Anonymous Coward | more than 3 years ago | (#36798602)

I'd hate to be your friend/acquintance.

i can picture it, a nice sunny saturday, we have decided to go fishing, and i wish to send an email to my wife, but whoops, you wont quite let me use your wifi, seeing as how im not part of your household!

It's the right thing (0)

Anonymous Coward | more than 3 years ago | (#36798270)

So only 10,000 follow Bruce Schneier's advice:

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

9 unsecured networks? (1)

flimflammer (956759) | more than 3 years ago | (#36798306)

FTA: "In total, 382 networks were detected with 2.6 per cent operating without password protection."

So, out of all the networks they tested, only 9 networks we unsecured? I don't think this small a pool is very significant statistically. There could be a number of reasons for those 9 people to be operating a wifi without a password. It isn't necessarily just being "uninformed"

Re:9 unsecured networks? (1)

For a Free Internet (1594621) | more than 3 years ago | (#36798406)

PENUS! hahahaha

Re:9 unsecured networks? (0)

Anonymous Coward | more than 3 years ago | (#36798732)

Myself and every other self respecting nerd I know runs an open AP just to be nice to their community. 2.6% sounds about right.

Big Whoop (0)

outsider007 (115534) | more than 3 years ago | (#36798312)

My mother has 10,000 unsecured wifi networks. Big whoop.

My Wireless Is Open, feel free to (ab)use it. (2)

xiando (770382) | more than 3 years ago | (#36798348)

I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard. 5) Postcard is now sent through the postal service. Now, the postcard transport to the post office IS secure, it's in a safe, nobody can read it, it's all good and super secure. The security breaks somewhat when the postcard is delivered to the post office, just like your "secure" wireless data connection is somewhat broken when it reaches the Internet, but.. people seem to like this kind of security. If you really want security then you need end-to-end encryption like SSL and https. My view is that thinking wireless "security" gives you much real security is just dump. It does prevent people from using your wireless, and that's about it. I don't mind, fetching a web page used close to zero percent of my bandwidth anyway.

Er... (1)

ledow (319597) | more than 3 years ago | (#36798358)

Just because they were "open" doesn't mean you could actually do anything with them.

I used to have a wireless network where all the clients were software-firewalled and the only traffic accepted over the wireless interfaces was VPN traffic to a server also on the wireless network (and that interface similarly firewalled). Hell, you didn't even have DHCP service on that interface.

So a million people could "join" my wireless network but:

1) None of them could talk to each other.
2) None of them could talk to the Internet.
3) None of them could talk to my computers.
4) None of the traffic they could potentially sniff with a "promiscuous" sniff of the network was at all useful or revealing to them.

But it meant that the wireless negotiation was quick and easy (I've had no end of problems with WPA2 gear just dropping off the network when a WPA, WEP, or open network on the same hardware works just fine all the time), nobody had to remember silly passwords, I could use client-keys long before WPA allowed you to do such things and it was impossible to make me join an "alternate" network with the same SSID and pretend to be my home network.

Just because there was no WEP/WPA password doesn't mean there was no security, or that it wasn't intentional (e.g. public wifi access points), or that it even connected to another computer at all - let alone the Internet. I'm not saying that there weren't people with stupidly insecure connections but a scary number means nothing without justification:

How many of the "secure" stations actually had quite a weak password (e.g. same as the SSID?)?

How many of the insecure stations would route to the unmodified Internet at all (upside-down-ternet actually gives you scripts to mess with people who access your wifi without the right credentials - like turning web images upside down, or redirecting them to pictures of kittens)?

How many of them would let you connect but would only allow access to a single MAC (which isn't "secure" as such, but a damn sight better than nothing)?

How many of them were actually fake honeypots deployed to catch people's details because they were stupid enough to log in on unknown, insecure networks?

Scary numbers sell headlines. I'd want facts, considering that for many years I didn't trust WEP or WPA with my networks and so only deployed them as a hindrance to eavesdroppers, not an actual security layer - because everything was VPN and treated as an "unsecured" connection. People who came to my house could never work out why, when they connected with the advertised password (if any), they couldn't actually do anything even once connected.

Shift your worldview (0)

Anonymous Coward | more than 3 years ago | (#36798388)

Networking is not a resource to be conserved, it's value increases the more it is used, in contrast to most things in human experience.

RAH

probably the same (1)

FudRucker (866063) | more than 3 years ago | (#36798410)

in any big city, try NYC or LA, or Detroit or Chicago, or any of the other big US Cities = full of inept people that bought PCs & laptops all connected via unsecured wifi because it is easier than running Ethernet cable all over the house

In other news (1)

hellop2 (1271166) | more than 3 years ago | (#36798476)

Computer Hackers Running Rampant Ruse of Running Runtimes

On online newspaper has broken the story that the majority of computer terrorism happens because of downloading executables and running them. "This results in the innocent user being asked why they were running TransvestiteIslamicHookers.avi.exe."

An internet security expert from PMITA University in Melbourne, Greg Markovy, said downloading executables could attract attacks on any devices on the same network, leading to the loss of personal data, such as bank statements and credit card numbers. ''The likelihood that the executable will be used by someone else is high,'' he said. Hackers can turn home computers into robots, using them to send spam and attack other computers."

Nicolas Awhole, a law lecturer at Queensland University of Technology, said that if an unauthorised user illegally downloaded copyrighted material, it could be traced back to the network owner. ''It could be quite difficult to prove that it wasn't in fact you,'' Dr Awhole said.

Dr Awhole gave one final reminder: "Remember, anyone at any time can accuse you of anything, write hate speech on your wall, send an envelope with your return address, or hack into your computer. It's up to you to prove your innocence."

Free Public WiFi (1)

rainmayun (842754) | more than 3 years ago | (#36798586)

I wonder how many of them are Free Public WiFi [lifehacker.com] .

Choice of words (0)

Anonymous Coward | more than 3 years ago | (#36798826)

Is the Wi-Fi unsecured or open?

Is the land preserved or undeveloped?

The wording itself automatically influencing opinions before the conversation even begins.

With everything we know.... (1)

wjousts (1529427) | more than 3 years ago | (#36798856)

What Slashdot users know != what the general public knows.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?