Subject:I'm NOT making this up ...
Date:Thu, 3 Jul 2003 09:02:55 -0700
From:Steve Gibson <support@grc.com>
Newsgroups:grc.news, grc.news.feedback
Followup-To:grc.news.feedback
Folks,
One of the guys on a small private list I participate in, run by
a good friend of mine, Steve Bass, who runs the Pasadena IBM
Users Group (PIBMUG), shared this true story with us yesterday.
This is NOT an Urban Legend or Myth. This did not "happen to
someone a friend of mine knows", etc. This is 100% authentic.
It's also so wonderful that -- with his permission which I
subsequently received -- I am sharing it with everyone here:
>---------------------------------------------------------------
I received a service request last week from a San Marino
residential client that I hadn't seen in almost a year. He said
he was having minor problems with his old PC and two recently
added PC's and asked me to come over and clean things up. Upon
arrival he added that he had installed a wireless network about
six months ago and that it worked well but had frequent
dropouts.
While addressing the primary issues, I was surprised to see that
his network was named "apple-something" and no one in the family
seemed to know why. As an experiment, I unplugged the power
from their wireless base-station and, you guessed it, everything
kept working. They had been tapping into a neighbor's network
for over six months and didn't realize it.
Suddenly they remembered that the original name had "default" so
I reset everything to "default" and it worked great - until I
realized that I still hadn't plugged in their base-station.
They were now on a second neighbor's network. There's a lot more
to this but you get the point, lazy users, confusion, and a
complete lack of security.
BTW, I brought up the second neighbors' routers in my client's
browser and, since they hadn't changed the default login, was
able to look at all their settings. Of particular interest was
the DHCP table that showed twenty-five 25 assigned addresses.
The poor guy who owns the system is providing connections to
everyone on the block and is no doubt clueless as to why he has
such low bandwidth.
>---------------------------------------------------------------
Isn't that a hoot?!
What's NOT a hoot ... is wireless networking.
Wireless networking makes me extremely uneasy. I don't use it
and, despite the appearance of extreme convenience, I doubt I
ever will. It's too much like running a connection from your
network's hub or router out into the front yard with a sign
saying: "Come on over and plug in." There's little difference,
since a wireless network is broadcasting just such invitation.
It may be theoretically possible to make it safe, I'm not saying
that it's not. But it's also (obviously) theoretically possible
to make absolutely 100% bug-free software. But we all know how
unlikely and how apparently difficult that is. With code built
upon code built upon code, and few people writing anything from
scratch anymore, and with critical bugs being found it widely-
used core libraries, no rational personal who understands the
complex nature of security would trust wireless networking.
I don't, and my standing advice is: Use it if you really must,
but never trust it, and don't use it unless you truly would not
mind running a wire out into the front yard and offering to let
anyone who wants to plug-in and see what they can do on your
network.
--
________________________________________________________________
Steve Gibson |
