[wsfii-discuss] poor WiFi encryption a security risk

Thu Sep 18 05:46:38 UTC 2008

Yes, exactly that. 

There are many open networks, and why that is I am not sure. Quite possibly part of the reason is that the commercial routers, which are dead simple for any untrained person to set up and run, do not 'insist' on using basic security. I am sure that this is due to the fact that older computers are more difficult to 'sign in' to secured networks, but it may also be due to a lack of consumer demand for security.

Now, security is for different reasons. If the paid access is expensive and capped to boot, then it is a simple matter of saving money. If the purpose is to run a quasi-commercial service, then also. But if the purpose is a community network, then it may be to identify and track member usage, or similar reasons. 

All too often, the reason is that paid ISP access is delivered with caps, which is pure and simple a restrictive practice, one that is unfortunately not recognised by most commercial regulators as such, since such matters are normally dealt with by technical regulators. 

Perhaps WSFII needs to take this on board and generate a public message to governments everywhere, appealing for stringent curbs on such practices. 

Along the way, such a message may also need to emphasise that the overall gain from open wireless networking (especially in underdeveloped economies, and within them, for economically disadvantaged persons, for whom the inability to use the Net because it is expensive, is part of the digital divide) mong is more than the security weaknesses (primarily that criminals can use open networks conveniently to send taunting, boasting or bragging emails) inherent.

 Vickram
http://communicall.wordpress.com
http://vvcrishna.wordpress.com

----- Original Message ----
From: wlanmac <wlan at mac.com>
To: Discuss list on the World Summit on Free Information Infrastructure <wsfii-discuss at lists.okfn.org>
Cc: AirJaldi Summit List <summit at lists.airjaldi.com>
Sent: Thursday, 18 September, 2008 10:19:20
Subject: Re: [wsfii-discuss] Fwd: [india-gii] poor WiFi encryption a security risk

It depends on what flavor of wireless security you are using. Though,
with so many open networks, I'm not sure it's worth going after the
secured networks unless the attacker it targeting someone specific.
Maybe terrorists are using the WiFi for it's convenience over sending
e-mails from hacked machines on the Internet :)

On Thu, 2008-09-18 at 08:37 +0530, Ramnarayan.K wrote:
> Hi
> 
> As many of you might be aware , in the recent few months wi-fi
> (specifically open and / or unsecure wifi networks) have got a lot of
> bad press becausesuch networks were used by terrorists to send emails
> before bomb blasts (in delhi / bangalore / ahmedadbad) So would be
> interested to hear what folks have to say.
> 
> am not an expert on w-ifi security but am wondering how difficult (and
> non traceable) would it be for a determined person using software that
> is readily available to take the next step i.e. break into a "secure"
> wi-fi network by listening in, capturing and analyszing  wi-fi data
> packets (which include login usernames and passwords) .
> 
> ram
> 
> ---------- Forwarded message ----------
> From: Arun Mehta <arun.mehta at gmail.com>
> Date: Wed, Sep 17, 2008 at 12:08 PM
> Subject: [india-gii] poor WiFi encryption a security risk
> To: india-gii at lists.cpsr.org
> 
> 
> should we, in our note, also point out that encrypting your WiFi
> communication is illegal unless you give government your key? Any down
> sides to making this argument?
> 
> Do our experts agree that 3g encryption levels, unlike gsm, are
> acceptable, http://www.comp.brad.ac.uk/het-net/tutorials/P10.pdf ?
> 
> Arun
> 
> http://www.telecomtiger.com/fullstory.aspx?passfrom=breakingnews&storyid=3886
> 
> Wi-Fi services under scanner again as Militants again use Wi-Fi spot
> to send email
> TT Correspondent |  New Delhi |  14 Sep 2008
> 
> The Wi-Fi services in the country are certain to face tough times
> ahead. First it was the Bangalore and Ahmedabad blasts where it was
> found out that militants had claimed responsibility for the blasts
> using an unsecured Wi-Fi connection of an American executive.
> 
>  Yesterday's Delhi blasts reveal that the same concept was used this
> time as well. The Indian Mujahideen claimed responsibility for the
> blasts using through an email sent through a unsecured Wi-Fi
> connection of Ms Kamran Power Private Limited in Chembur, Mumbai.
> 
> These incidences have put a question mark on the security features of
> Wi-Fi services.
> 
> While malls, commercial premises as well as Coffee shops are
> increasingly offering these services, the same is being done with
> little care for security aspects feel experts.
> 
> The scenario is only set to become more complex after entry of
> wireless broadband services through WiMAX and data services through
> 3G, say observers.
> 
> While internet cafes have been brought under the purview of law
> (atleast on papers) with identity cards and other details must before
> using the service,  Wi-Fi services have come in handy for the
> militants who now need to identify only an unsecured Wi-Fi connection
> to send their message across to agencies without the fear of getting
> traced.
> ____________________________________________________________
> You received this message as a subscriber on the list:
>    india-gii at lists.cpsr.org
> To be removed from the list, send any message to:
>    india-gii-unsubscribe at lists.cpsr.org
> 
> For all list information and functions, see:
>    http://lists.cpsr.org/lists/info/india-gii
> 
> 
> 
> _______________________________________________
> wsfii-discuss mailing list
> wsfii-discuss at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/wsfii-discuss

_______________________________________________
wsfii-discuss mailing list
wsfii-discuss at lists.okfn.org
http://lists.okfn.org/mailman/listinfo/wsfii-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/wsfii-discuss/attachments/20080918/ce517403/attachment.html>