Warning on Unprotected Wireless Access (Case Study: Nova)

I read it in the Chinese papers (China Times and United Daily News) but here’s a link to the Taipei Times article that leaves out a lot of the details (http://www.taipeitimes.com/News/taiwan/archives/2004/07/16/2003179168)

I’m having a hard time understanding this whole topic but here’s my situation:

We went wireless about 9 months ago but a local guy came to our place and set everything up for us. He set it up so that I would automatically log onto a secure network (it reads “security-enabled wireless network”). There were always two networks listed, one Default (“Unsecured wireless network”) and the other.

Several months ago I started picking up another network, and then I got a fourth (I’m just guessing at why this is), then I seemed to be locked out of my security-enabled connection and started using the “Default” connection. I’ve never been able to get back onto the secure network. Should I worry?

I am using a firewall, somewhere… a freebie so I don’t even know how realiable it is. I think it’s a Windows firewall but not sure, I just know I’ve seen it.

Is it just a setting that I need to change in order to make my Default connection a security-enabled connection?

[quote=“braxtonhicks”]We went wireless about 9 months ago but a local guy came to our place and set everything up for us. He set it up so that I would automatically log onto a secure network (it reads “security-enabled wireless network”). There were always two networks listed, one Default (“Unsecured wireless network”) and the other.

Several months ago I started picking up another network, and then I got a fourth (I’m just guessing at why this is), then I seemed to be locked out of my security-enabled connection and started using the “Default” connection. I’ve never been able to get back onto the secure network. Should I worry?[/quote]
Forgive me for being paranoid, but I would hazard a guess that your network got hacked and taken over. The other networks are probably just your neighbors installing their own systems, but being locked out of your own is suspicious (unless you changed your settings by accident while trying to do something else).

The “secure” network stuff, last I heard, was nonsense, as the security was so weak that it could be broken with automated tools after a half-day of listening to network traffic. Supposedly there was a new standard coming out to fix this, but I never heard of it actually happening.

Disclaimer: I avoid wireless because of just such issues.

WEP is the old encrypted access wireless. It has 40-bit and 128-bit versions. The 40-bit can be cracked into in under a minute. The 128-bit version can be cracked into in a few hours. The problem with WEP is that it uses a straight key XOR algorithm, and such systems are vulnerable to analysis attacks where if you have enough traffic you can XOR key-aligned blocks against themselves to get most of the bits of the key over time. After watching enough traffic you will be able to deduce what the most likely key is. This is something that basic cryptography texts will tell you about and show how to crack in the first couple of chapters, but for some reason programmers keep using this method.

WPA is the new wireless encryption standard, but it has been slow to be adopted. Most 802.11b base stations don’t support it, and you often have to load new firmware on 802.11g boxes to get the capability. On the computer side you need XP with SP1 plus a separate WPA patch.

Other solutions involve having an open wireless connection that you must then run a VPN over to get access to the Internet or your company network.

Though not impossible, I’d find it kind of hard swallow as well.
I can’t think of too many admins who would be able to live with themselves if they ran such a network. Free or not.

I think that one should keep in mind that at times, there are far too many bored techies sitting around staring blankly at their screens at places like Nova. It wouldn’t be hard to detect a newly connected computer on a public network, and subsequently run a port scan and do what one will with/to a computer with no security on it.

It’s a little harder to find a computer over the internet, as ip ranges are far greater and more complex than that of private networks and hot spots.
When you are on a direct connection to the web there are far fewer hunters than prey. On a network like Nova’s, it could be the other way around.

WPA is secure, but there’s a really big issue about the need for using a long, not-easy-to-crack passphrase:

linuxinsider.com/story/32070.html

Happy winter solstice (this Tuesday),
Robert

“They’re just jealous because they don’t have three wise men and a virgin in the whole organization.”

  • Mayor Vincent J. `Buddy’ Cianci on the ACLU’s lawsuit to have a city nativity scene removed

[quote=“MaPoSquid”][quote=“braxtonhicks”]We went wireless about 9 months ago but a local guy came to our place and set everything up for us. He set it up so that I would automatically log onto a secure network (it reads “security-enabled wireless network”). There were always two networks listed, one Default (“Unsecured wireless network”) and the other.

Several months ago I started picking up another network, and then I got a fourth (I’m just guessing at why this is), then I seemed to be locked out of my security-enabled connection and started using the “Default” connection. I’ve never been able to get back onto the secure network. Should I worry?[/quote]
Forgive me for being paranoid, but I would hazard a guess that your network got hacked and taken over. The other networks are probably just your neighbors installing their own systems, but being locked out of your own is suspicious (unless you changed your settings by accident while trying to do something else).[/quote]

I was afraid you were going to say that.

Possible I changed a setting without realizing it. I’ll have our tech guy look into it (and pray that no one snagged my cc number!). Thanks, Squid!

[quote=“jlick”]WEP is the old encrypted access wireless. It has 40-bit and 128-bit versions. The 40-bit can be cracked into in under a minute. The 128-bit version can be cracked into in a few hours. The problem with WEP is that it uses a straight key XOR algorithm, and such systems are vulnerable to analysis attacks where if you have enough traffic you can XOR key-aligned blocks against themselves to get most of the bits of the key over time. After watching enough traffic you will be able to deduce what the most likely key is. This is something that basic cryptography texts will tell you about and show how to crack in the first couple of chapters, but for some reason programmers keep using this method.

WPA is the new wireless encryption standard, but it has been slow to be adopted. Most 802.11b base stations don’t support it, and you often have to load new firmware on 802.11g boxes to get the capability. On the computer side you need XP with SP1 plus a separate WPA patch.

Other solutions involve having an open wireless connection that you must then run a VPN over to get access to the Internet or your company network.[/quote]

:laughing: I think this reply was directed at me, but I’m not sure. Any chance we could get that in English?

When you buy a wireless access point and a wireless card for your notebook or desktop PC, it comes with some built-in encryption scheme.

WEP (Wired Equivalent Privacy) - this is the old standard. It’s pretty lame, and easily broken. Early WEP has 40-bit encryption, but was later improved to 128-bits. However, it can still be cracked, so everybody is moving to…

WPA (Wi-Fi Protected Access) - the new improved system, but you’d better come up with a good password at least 20 characters long, or else it can be cracked. Latest version is called WPA2.

short article:
broadbandreports.com/shownews/38450

If you’re buying new hardware (wireless access point and/or wireless card) make sure it has WPA2. As long as you use a long-strong password, it should be virtually unhackable.

cheers,
Robert

Maybe I’m slow, but how is this different from choosing a dumb password on any other type of password protected system?

Maybe I’m slow, but how is this different from choosing a dumb password on any other type of password protected system?[/quote]

While not claiming expertise in wireless networking or WPA, my guess is that a brute-force dictionary attack is easier with WPA because the wireless access point does not have a built-in delay between log-in attempts (or am I wrong about that?).

For example, with Linux and OpenBSD, any failed attempt to login (by giving the wrong password) causes a 1-second delay before you can attempt it again. On FreeBSD, there is no delay at first, but repeated attempts will cause the login to slow down. I have no idea what Windows does.

For a dictionary attack to succeed, you are going to need to run through thousands of login attempts before you hit the right one. A 1-second delay limits you to 60 attempts per minute - it would take forever to break into a Linux network with a dictionary attack unless your passwords are extremely weak.

Yuletide greetings, figgy pudding and all that,

  • Robert

I suppose another possibility is that you could just grab a bit of traffic and then brute-force trying to break that one bit of traffic until you get something recognizable. That’s probably what they were thinking.

brute force will hot work on a wpa protected network.

wpa uses a passphrase to log on the access point, but once the connection is established the new network key is used every couple of minutes to protect the dialog between the client and the access point.

Hi all,

Nice to meet you. First post here. Just ordered DSL from So-Net recently ($676/mo 2M), but it hasn’t been activated yet. In the meantime, I’ve been accessing the net from various cafes, etc. I notice when I try to login to an “unsecured wireless network” it warns me that information I submit could be monitored or something to that effect.

Just finished reading this thread, but I’m not really knowledgeable about computer security aside from knowing I should have a firewall and good anti-virus program. Judging by what’s been said though, I take it that I should avoid checking email, bank/credit card accounts, buying X’mas gifts online for people back home, etc while using an unsecured network? Or is it safe still as long as there’s the little lock icon in the lower right corner of the browser?

edit: Ugh, sorry for the bump of such an old thread. I did a search on “unsecured network,” quickly glanced at the date of one of the posts and assumed it was still current. I should have checked the year bit closer.