Many people know about Blogchalking. Some have even read the links and found that it came from hobos marking houses. This takes the idea and gives it a new spin - one that makes a bad situation worse...
Wireless is a technology in its infancy. The users think it's magic. Just turn the laptop or computer on and it's connected! (I've even seen wireless devices for the home in WalMart.) It's new and new technology is sexy. But new technology also has a risk involved.
When a new technology comes out, it goes through a number of phases. The first phase has an emphasis on making the concept work. All that matters is, "can we do this?" This is an important phase of development and it's where all the wonders of the Internet were born. Can we connect two computers? Can we connect multiple computers and make them talk to each other? Wow! This is so cool!
The next phase is inevitable. Once you "can do that," someone always comes along and tries to manipulate it. Gee, these computers can talk to each other. I wonder if I can imitate this and make it think I'm someone else. Mail can be sent from here to there - I wonder if I can intercept it? I wonder if I can mail from here and make it look like I mailed this from there? If you can make a script or a protocol, there's always someone who can play with it and make it do what they want instead of what you want. These are hackers (in the true sense of the word). They hack at the code, they hack at the protocol and see what it is and isn't capable of doing. Some of that is good -- when hackers alert the producers (and security people) of potential vulnerabilities and the vulnerabilities get fixed. But, not all use their abilities for good, and security is a vast and high-paced field.
As a technology matures, safeguards are put in place. Vulnerabilities get patched, and services get "locked down" with special configurations and safeguards. Wireless is not fully at that point yet.
Most of the focus for wireless security has been aimed towards securing the internal (corporate) network against intrusion. The most important asset on a corporate network is business information (which includes the customers' credit card information and other such nuggets). They have a head start in that area, since whatever Network Infrastructure they use already has matured to the point of integrating security measures. It is now up to the corporation to implement those measures and the internal network is secure.
The area which still needs much work is from the internal network to the Internet. There have been articles about drive-by hackers snooping around and breaking into networks and getting free Internet access on corporate wireless networks. And again, the focus has been on securing the data. The advances that have been made concern encrypting the data and insuring that the same data transmitted was the data that was received. It still doesn't address leeches on the network. All you need is a laptop with a wireless device and you'll eventually have Internet access on someone else's network. FREE. Well...free to them.
Regardless of the ethical issues - many people have a hard time mustering sympathy for large corporations with wireless access being "piggy-backed." They've got plenty of bandwidth. They've got plenty of money. So what? Well, let me bring it home to you...
Wireless catches on. You have it at work. Your local provider offers it to your home. You pay $50 to $100 per month (or more) for that access. It's nice and fast when you first get it. Then your neighbors find out about it. They go to WalMart and get a wireless device - and it works! OMG. They didn't even contact the local provider yet and it already works. This is almost as good as free cable tv! That stupid provider won't miss the extra money, since they're making plenty and have abundant resources. Wrong. What your neighbor has actually done (probably without knowing it) is piggy-back off your connection. And the provider isn't paying for the neighbor's free access - you are.
And someone in your neighborhood might even chalk your driveway. )( Free wireless access here. Not what you expected, is it? The rush to market with new devices is fueled by demand. The greater the demand, the more pressure there is to release a device (or piece of software) before it's ready. Technologies aren't ready until they're secure. We need to learn to make that part of the demand too. And we need to say this with our hard-earned dollars.
And don't get mad at the warchalkers. They're giving you a heads-up. You're the one who wanted the wireless access. They're just pointing out that you're not implementing it securely. Security through obscurity was never a good policy anyway.
Posted by BlueWolf on August 11, 2002 12:27 PM