On Wed, Jan 18, 2006 at 02:23:49PM -0500, Steven M. Bellovin wrote: > In message <20060118185700.GS96731@xxxxxxxxxxx>, Ted Faber writes: > > > > > >On Wed, Jan 18, 2006 at 10:30:31AM -0800, Hallam-Baker, Phillip wrote: > >> The result is that 70% of wireless access points are open and can be > >> used by Internet criminals to achieve anonymous access. > > > >Loaded statement? Check. > >Precise statement? Check. > >Supported statement? Hmmmm..... > > > > I'm not sure which part your claiming is unsupported; my own informal > measurements agree with the 70% number. I'm not at all convinced that > "Internet criminals" use such access points as a major means of access, > though. Well, none of it's supported. Your statement above about informal measurements is support for your statement of 70% and indirectly of his. "70% are open," meaning 70% of wireless (access points|networks) have no admission control at the link layer seems plausible, but there are lots of things that seem plausible to me that I'm wrong about later. Having a number and not even saying "Bellovin's measurements indicate" always tweaks my interest. Going from an open access point to anonymous criminal access seems much more implausible to me. There are all sorts of hurdles one could put up between "no link level protection" and "anonymous criminal access." But again, I'm wrong all the time and a citation for that much more damning statement would be very welcome. Without one I feel like I'm watching local news. The combination of a very provacative statelment "anonymous criminals access" and precise number makes me uneasy. After all <joke>90% of all statictics are made up</joke>. "An awful lot of access points can be used to anonymously get on the Internet for criminal purposes" doesn't concern me as much. But if you found a number somewhere, let me know where, too. A real study is valuable information; an uncited, incorrect (and I don't know it's incorrect) number is hard to kill. > However, Phillip's larger point -- that our security mechanisms and > products have lousy user interfaces -- is absolutely correct. It's a > major issue. I absolutely agree. -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
Attachment:
pgpFIN3byZg9o.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf