On Wed, Jan 18, 2006 at 02:25:56PM -0800, Hallam-Baker, Phillip wrote: > > Well, none of it's supported. Your statement above about > > informal measurements is support for your statement of 70% > > and indirectly of his. > > The figure came from a presentation at an (anti-) Internet crime > meeting. I do not remember the source. > > Although I do have similar concerns about figures like that being > repeated without verification it is certainly believable and compatible > with my own experience. I am being something of a stickler, which isn't your fault. I actually agree with the number's plausibility if it's a measure of networks run without any authentication at the link level. I certainly think the technology is much more insecure than it needs to be. > > > > Going from an open access point to anonymous criminal access > > seems much more implausible to me. There are all sorts of > > hurdles one could put up between "no link level protection" > > and "anonymous criminal access." But again, I'm wrong all > > the time and a citation for that much more damning statement > > would be very welcome. Without one I feel like I'm watching > > local news. > > As for the use made by criminals, that has been documented and the > frequency is increasing. In one case in Toronto a pedophile was caught > surfing the Internet from his car with no trousers on... We see quite a > few script kiddie level hackers using open WiFi connections. One pedophile: check. :-) I'm not sure that the pedophile surfing the net from his paid-for DSL line is any better from a societal perspective, but it might make prosecution easier. I think that predatory behavior does not come disproportionately from WiFi users who gain access through hacking open access points. I can't support that, but my guess is that people tend to stay out of public when committing acts they know to be frowned on by most. It certainly would have been the best interest of the fellow in your example to have been in private. The script-kiddie attacks on WiFi installations are much more on point, IMHO. That's a denial of service that is only possible because the securty system of the media was screwed up. It's much less melodramatic than the fellow wardriving with no pants, though. > It would not have been difficult to design WiFi in such a way that it > was secure by default. None of the mechanisms provided to consumers has > met that requirement. Secure design is usually difficult in my experience, but I agree that it's unfortunate that we didn't do better and haven't really done better. But the situation really is bad enough without adding half-naked pedophiles to the mix. -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
Attachment:
pgpTgaNRIwCiu.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf