Protected WLAN

Sun May 22 14:05:11 UTC 2011

On Sat, 2011-05-21 at 20:48 -0500, Mikkel L. Ellertson wrote:
> I like defense in depth - you have to crack the first layer before
> you find out about the second layer. This may even give me time to
> fix the first layer, depending on how long cracking the second layer
> takes.

And therein lay a problem:  Some people assume that cracking through one
layer will take time, and they'll notice it and be able to respond, or
it'll take too long and the miscreant will abort.  The reality is that
it may take no time, and you may never notice.

Any time I see someone saying they turned off their firewall to get
something working, I cringe.  They seem to expect that they'll be fine
doing that, yet were absolutely sure that they needed it on the rest of
the time.

You can get a random attack at any time, and some ISPs will tell you
that they can see continuous sweeps of their IP addresses probing for
something to play with.

It took all of four seconds for a friend of mine to get hacked when he
first logged on with WindowsXP (via a USB ADSL modem, where there's
virtually nothing between modem and computer system).  And what got him
(I can't recall any more, it was years ago) couldn't be removed by his
anti-virus software, so he had to reformat and re-install.  Around an
hour or so later, he reconnected, and got hacked again in just a few
seconds.  I laughed so hard it hurt.

> Actually, the first layer of defense is ... After that, it gets easy -
> you have access to the Internet, and a couple of my printers. Or you
> can go to work on cracking the security of the machines on the
> network.

When my friend first got a laptop he took me out wardriving.  It was
surprising how many unsecured networks were around.  And, now, you have
people with wireless printers that can be directly accessed.  It did
amuse us that it would be possible to print something on their printer,
and they'd never know how or why it printed what it did.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.