Bruce Schneier, the security guru and internet sensation, has been suggesting that people unlock their wireless networks. Given the constant and well-justified anxiety that exists about computer security, it is unconventional advice. That said, he argues effectively that the risks are fairly limited and that it is a neighbourly thing to do. Who hasn’t benefitted once or twice from the availability of an open wireless network? They were invaluable during my early weeks in Ottawa: allowing me to access Craiglist, Google Maps, and other vital apartment-hunting data while I was out there searching.
I am going to try leaving my wireless network open for a couple of weeks. If it doesn’t seem likely to burst my 200GB monthly bandwidth cap, I will leave it that way indefinitely. Hopefully, it will transpire that others have done the same when I start hunting around for a quieter flat in a more interesting neighbourhood this spring.
See also:
Let my packets go!
Secrets and Lies
Schneier on Security: Stealing WiFi Access
Schneier on Security: Schneier Asks to Be Hacked
Schneier on Security: Wi-Fi Liabilities
Schneier on Security: Wi-Fi Eavesdropping
Schneier on Security: Securing Wireless Networks with Stickers
Schneier on Security: Security Risks of Airplane WiFi
Schneier on Security: WiFi Tracking
Schneier on Security: WiFi Driver Attack
Schneier on Security: Stealing Free Wireless
Why it’s good to leave your WiFi open
By Cory Doctorow on If you don’t like something change it
Bruce Schneier has a wonderful essay up on Wired explaining why he runs an open wireless network at home — and how that fits in with security. I’ve run open wireless networks since the late 1990s (in five cities in three countries) and I’ve never encountered the problems that everyone says are inevitable — network contention, crap from my ISP, busts for the child-porn my neighbors are downloading from my network.
Instead, I’ve provided network access to innumerable people — people like me: I can’t count the number of times I’ve had my ass saved by an open wireless network at the right moment (e.g., in good time to help me look up directions, a phone number, or flight details). I figure the more open wireless I provide to the world, the more people I’ll turn on to providing their own open wireless access, and the more open WiFi I’m likely to find.
I called in to CBC Radio’s Spark to defend *using* unlocked wifi and got criticized by all the other callers…although I was only operating under the assumption that no one would do so intentionally.
Very generous. Where in Ottawa do you live, again?
Padraic,
I can understand the skepticism of others. I am heeding Schneier’s advice and running it open for a while. Naturally, I am tracking what happens across my network.
We will see how sensible it proves in retrospect.
What’s wrong with organizations like Free Toronto WiFi, where you are asked to leave your internet open, but people can access it only at the cost of revealing some personal information in an account. Their usage can be traced, presumably for the purposes of preventing abuse.
Tristan,
It doesn’t sound like anything is wrong with that. People really worried about abuse could set up monitoring systems on their home networks.
It is easy enough to use a Mac program like Eavesdrop to watch the traffic on your wireless network. Anything not encrypted comes up as clear as day.
Security Expert Leaves His Own Wi-Fi Network Wide Open
By Glenn Fleishman
I don’t advise opening your home network because securing your desktop computers and even laptops is so much of a hassle most of the time, that simply disabling local network access—over which more attacks can be launched because many firewalls consider the local network a trusted network and lower their defenses—is the lowest-hanging fruit for average users’ protection.
Whose bandwidth is being given away?
Why it’s good to leave your WiFi open
Posted by Cory Doctorow, January 10, 2008 10:18 AM | permalink
Instead, I’ve provided network access to innumerable people — people like me: I can’t count the number of times I’ve had my ass saved by an open wireless network at the right moment (e.g., in good time to help me look up directions, a phone number, or flight details). I figure the more open wireless I provide to the world, the more people I’ll turn on to providing their own open wireless access, and the more open WiFi I’m likely to find.
Bruce Schneier Has An Open Wi-Fi Network
from the share-and-share-alike dept
If you’re a complete networking neophyte (not that many of those probably read Techdirt), you should probably get some advice from someone more technically savvy about good Internet security practices. Actually, you should do that whether or not you choose to open your wireless network. But on the list of potential network security threats, an open wi-fi network is probably pretty low on the list.
Open wireless. Oh my.
I don’t have a DHCP server running, so anyone who wants to use my wireless needs to configure a static address on the correct subnet. I’m happy to do this for guests who don’t know how, but drive-bys are strictly on the do-it-yourself system.
There are few forces more powerful
than geeks desperately trying to get
internet in a new apartment.
WPA cracked in 15 minutes or less, or your next router’s free
They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? “Inconceivable!” those hypothetical security experts would say — but they’re about to get a lesson from WiFi wizard Erik Tews. He’ll be giving a presentation next week at the PacSec Conference in Tokyo, describing the “mathematical breakthrough” that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes.
“As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: ‘The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.’ While some people may like having an open WiFi AP its interesting to see that the Police also feel that ‘Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'”
The Electronic Frontier Foundation is stepping up its open wireless campaign, which encourages people and businesses to leave their Internet connections open to the public, and offers advice on doing this safely and sustainably. As EFF points out, most WiFi networks are latent for most of the time, and there are a million ways that leaving your network accessible to passersby or neighbors can really help out, from emergency access during disasters to the urgent need to send an email, look up a phone number, or check directions. EFF’s Adi Kamdar writes,
KRACK! Wifi’s go-to security, WPA2, is fatally flawed, and will probably never be patched in many places
US CERT has privately circulated an advisory warning key stakeholders about the imminent publication of Key Reinstallation Attacks (KRACK), which exploit a heretofore unknown flaw in the WPA2 wifi security protocol, allowing attackers to break the encryption and eavesdrop upon — and possibly inject packets into — wireless sessions previously believed to be secure.
The bug was discovered by Mathy Vanhoef and Frank Piessens of KU Leuven, who hinted at their findings during a presentation at last summer’s Black Hat in Las Vegas; they are presenting their expanded findings this morning at the ACM Conference on Computer and Communications Security in Dallas, and have made further details available at krackattacks.com.
—
New KRACK Attack Against Wi-Fi Encryption
Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks