> From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On > Behalf Of Ted Faber > On Wed, Jan 18, 2006 at 02:23:49PM -0500, Steven M. Bellovin wrote: > > In message <20060118185700.GS96731@xxxxxxxxxxx>, Ted Faber writes: > > > > > > > > >On Wed, Jan 18, 2006 at 10:30:31AM -0800, Hallam-Baker, > Phillip wrote: > > >> The result is that 70% of wireless access points are > open and can > > >> be used by Internet criminals to achieve anonymous access. > > > > > >Loaded statement? Check. > > >Precise statement? Check. > > >Supported statement? Hmmmm..... > > > > > > > I'm not sure which part your claiming is unsupported; my > own informal > > measurements agree with the 70% number. I'm not at all > convinced that > > "Internet criminals" use such access points as a major means of > > access, though. > > Well, none of it's supported. Your statement above about > informal measurements is support for your statement of 70% > and indirectly of his. The figure came from a presentation at an (anti-) Internet crime meeting. I do not remember the source. Although I do have similar concerns about figures like that being repeated without verification it is certainly believable and compatible with my own experience. > Going from an open access point to anonymous criminal access > seems much more implausible to me. There are all sorts of > hurdles one could put up between "no link level protection" > and "anonymous criminal access." But again, I'm wrong all > the time and a citation for that much more damning statement > would be very welcome. Without one I feel like I'm watching > local news. As for the use made by criminals, that has been documented and the frequency is increasing. In one case in Toronto a pedophile was caught surfing the Internet from his car with no trousers on... We see quite a few script kiddie level hackers using open WiFi connections. It would not have been difficult to design WiFi in such a way that it was secure by default. None of the mechanisms provided to consumers has met that requirement. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf