[BLUG] ID theft via wardriving (URL) (fwd)

Beartooth karhunhammas at Lserv.com
Sat Aug 9 11:33:48 EDT 2008 

On Fri, 8 Aug 2008, Steven Black wrote:

> On Fri, Aug 08, 2008 at 10:54:48AM -0700, Beartooth wrote:

>> 	So for those of us who don't want to provide access to 
>> every stranger within reach, what protection is good?
>
> The current rage is WPA2[1] / IEEE 802.11i[2]. This is what IU 
> is now using with its "IU Secure"[3] SSID.
>
> [1] http://www.wi-fi.org/knowledge_center/wpa2/
> [2] http://en.wikipedia.org/wiki/IEEE_802.11i-2004
> [3] http://kb.iu.edu/data/awws.html (What is IU Secure?)

 	I contacted my ISP, who assured me at once that I can use 
WPA-PSK and the MAC address list simultaneously; this is the 
first I've heard of WPA2 -- I'll ask about that.

 	I don't remember if I mentioned that I'm on "wireless 
broadband," a new technology (iiuc) which started being rolled 
out a year or so ago. My transceiver, or whatever they're called, 
connects outside the house wirelessly to one on a water tower 
about a mile away; inside the house, it is modem, wired router, 
and when turned on wireless access point. It's a Netgear MBR814, 
a model sold only to ISPs. I don't know if it can be upgraded to 
WPA2, but will ask. I also don't know if it does encryption, but 
I do presume so; it's certainly claimed to be "safe," in some 
sense.

> The MAC thing can be used, but with programmable MAC addresses, 
> if that's the only security a person can snoop on your network, 
> pick up your MAC address and simply reprogram their MAC 
> address. Then they can surf your network and everything gets 
> logged as if it were you. (Perhaps they want to watch your 
> house a little to make sure they pick times where you won't be 
> home.)

 	That last would be an inconvenience for them; I've been 
fighting colitis for the last couple years, with the result that 
I go out seldom, unpredictably, and not for long.

> Not to mention, that with just MAC filtering, all your 
> communication continues to be in the clear, so in addition to 
> poorly protecting your network, it doesn't protect your data at 
> all.
>
> To an extent it is like most security. It doesn't need to be 
> perfect, it just needs to be good enough that the criminals 
> look elsewhere.

 	My thought exactly -- just like my precautions against 
burglary. As a long-time guns rights activist, as well as linux 
user and Net addict, I'm very familiar with that kind of 
thinking.

 	For the present passphrase, I settled on a line of 
poetry, with a nice jumble of capitalization, punctuation, etc., 
that my wife and I can both (hope to) remember. But if the 
Gibsonian random lines that Barry Schatz kindly pointed to* are 
usable, that must mean I need only c&p one into the router and 
each laptop, without need for memorizing -- right?

 	What about house guests? One laptop (a thinkpad T42 
running, alas!, XP) exists primarily to run proprietary topo map 
software which interfaces with my GPSs -- especially on a 
passenger lap in the truck, or on my own lap if I have a driver. 
The other (a T30 thinkpad, running Fedora 7) exists primarily as 
a guest room amenity for people who don't bring their own. 
Neither is in routine use in the house; so, most of the time, the 
wireless access point is simply turned off.

 	What of guests who do bring laptops? Will they be able to 
connect if I use a Gibson password?

 	Finally, my heartfelt thanks for all the discussion.

 	*(I've been subscribed to several lists at news.grc.com 
for umpteen years, and had never noticed the random password 
generator at grc.com.)

-- 
Beartooth Implacable, PhD, Neo-Redneck Linux Convert
What do they know of country, who only country know?

More information about the BLUG mailing list