Wireless Disconnects

The reverse actually if you think it through - move to a worse one. The crims don't burgle their neighbours (nothing ot nick), they come burgle in the nice part of town.

*shrug*. Or just a sense of privacy.
Reply to
Mark McIntyre
Loading thread data ...

On Thu, 20 Nov 2008 22:33:50 +0000, Mark McIntyre wrote in :

You know that ... how? USA Today? The Wire? "I think therefore I am?"

Surely you know it's not a privacy issue. Or do you actually believe in security through obscurity?

Reply to
John Navas

On Thu, 20 Nov 2008 22:25:31 +0000, Mark McIntyre wrote in :

I must be dense -- you'll have to explain.

You know this ... how?

FWIW, I based what I wrote on what local cops have told me.

I meant things like flat screen TVs.

The difference in difficulty is immaterial.

Reply to
John Navas

I learned to read about 40 years ago, and its stood me in good stead ever since.

The UK govt publishes maps of criminal activity by location. Various interested bodies publish reams of research on the same subject.

I'm in the UK....

Never heard of it.

You've lost me there, Rene.

Pejorative bullshit aside, its a fact that if they can't find you, they can't burgle you.

Security isn't a one-stop shop - putting a big padlock on and walking away - its a layered product which requires monitoring.

Reply to
Mark McIntyre

No arguments

Sorry, I'm all out of being nice tonight. I'd forgotten just how offensively annoying you were when you got started.

Uhuh, like between Snowdon and the Matterhorn you mean?

Reply to
Mark McIntyre

On Thu, 20 Nov 2008 23:11:59 +0000, Mark McIntyre wrote in :

Interesting, but not terribly supportive of your claim. (If you disagree, please feel free to be more specific.)

Daily Mail then.

It's still trivially cheap and easy for them to find you. Goggle "Wi-Fi Network Finder".

Minor obscurity isn't a useful layer. Worse, it may give a false sense of security.

Reply to
John Navas

On Thu, 20 Nov 2008 23:14:21 +0000, Mark McIntyre wrote in :

I didn't think so -- thanks for the confirmation.

Google "Wi-Fi Finder".

Reply to
John Navas

Well, if your bored and have nothing to do.

associated table

associated table

As Mark said there are many more available without having to ask your local Police Authority.

Reply to
LR

My local Police Authority map is not particularly good so I will provide a link to Cumbria police and the city of Carlisle, more misspent youth, where the information is a bit more detailed. As it says click on the Ward name in the list.

Reply to
LR

You asked me how I knew. I told you. Its hardly my problem you don't like the answer. You've been caught out. Oops.

Enough, no more, you're trolling again.

*spit*.

Rubbish.

Only to the clueless, of which group you seem increasingly to be one.

Reply to
Mark McIntyre

Translation: Navas won't admit he was wrong.

Google "digging a hole"

Reply to
Mark McIntyre

John, do you bother to lock your car when you park it? If so, why? If criminals really want it they'll steal it whether it's locked or not.

The idea is to make things harder for the criminal minded in hopes that they'll go find an easier target.

Can you just once admit you're wrong?

Jerry

Reply to
Jerry Peters

As an aside, that's a good show.

While I agree it's unlikely crims will go around wardriving to find burglary targets, I still find it a little *unnecessary* to deliberately reveal your location to all within your gear's range.

I could understand it if it were, say, a wireless security camera or some such, but for routers etc. in a home installation it's purely unnecessary. Businesses are also a different matter, and in quite a few business cases it may be a very good thing to reveal the location.

In a home security and personal privacy sense, though, keeping a little bit of mystery about oneself is never a bad thing :)

Reply to
David Fairbrother

I want to comment that you guys have done nothing to convince me of the value of your SSID obscurity =3D increased security argument.

Let me summarize your argument and see how it looks. If I understand it right, it goes:

1) I don't announce my name by SSID, therefore burglers (who approach my home while wardriving, one must assume) can't case my house as easily as they can for another potential victim who does use their name as SSID. 2) These portable wifi equipped burglers will tend to choose the house that announces it's name via wifi because, in their way of thinking,a guy who announces his family name will have more valuable stuff or easier to steal than the house next door which does not announce the family name via wifi.

To me, this is a big stretch.

Related assumptions or statements given to support above theory:

1) Announcing your family name (via SSID) will make it easier for a wifi-equipped burgler to know the length of your passphrase. 2) Length of wifi passphrase for home APs is considered by burglers to be indicative of total fencable value of household items for given house! Presumably the burgler's association has done studies comparing the extractable value of household goods as a function of wifi passphrase security and then published the conclusive results along with (a yet to be presented) technique that allows your sophisticated wifi equipped burgler to determine the passphrase length for the various houses in a given neigborhood.

Or maybe cracking passphrase length (using family name as a wedge), as well the antedotal evidence of higher value goods found in such houses, is simply common knowledge on the street. After all, with so many wifi-equipped/ wifi hacking home burglers running around these days, such information would get around.

Excuse my sarcasm, could't resist ! Just trying to make my point, though, not make anybody mad.

Here's what I think is really going on here; There are people who just generally feel that hiding as much as possible helps protect them from the dangers of the world. They are attracted to the idea and live by it. I've got friends who are like that and I see that it's not always tied to specific reasons, they just use this approach in general. It suits them.

Personally, I don't like to live that way and only use the security I'm convinced is necessary. Two different approaches to life, that's all.

In this case, those who are proposing this idea that SSIDing your name is risky are trying to justify their approach to life as being a rational decision when it's simply a general approach that they are into. Period. They don't like people to know anything more about them than absolutely necessary. Period. That's how they feel and it won't change.

Fine! To each his own. But when advising others, realize that you are suggesting what makes you FEEL secure, nothing more. Side effect; wireless networking is a bit more difficult in general to troubleshoot when working around such people.

I see Jeff and John's (and other's) approach as being " we are here on this forum trying to help things work better while advising people on real, known vulnerabilities when using wireless internet. Your average home user needs to know about how to avoid the known security issues and not have that displaced by known ineffective methods such as WEP, obscuring SSID, or using MAC filtering.

I hope this is not offensive or threatening, Mark. Appreciate your presence and experience as always!

Cheers, Steve

Reply to
seaweedsl

It doesn't matter whether it is the family name or not.

formatting link

Given that most people have a cell phone and many are equipped with wifi it doesn't take much to look at an SSID.

Many people do not change their SSID where I live and over 50% of them are prefixed "Sky--". In the UK we have started the transition to digital TV and a number of people have the Sky HD option

"Due to high demand for Sky+HD boxes, existing Sky TV customers may have to wait up to 9 weeks to be installed." so there is the possibility that anyone transmitting a "Sky--" SSID could have an HD TV to start with, I shall be anecdotal and say I know of at least 4.

One of the other odd things is that the majority do not run their routers 24/7 but switch them off when no-one is in the house.This I would consider more of a risk as they are indicating no-one is at home when their SSID is not present.

I would have appreciated the name and address approach a few years ago as I wouldn't have had windows smashed in place of my neighbour.

Reply to
LR

I think you're right, at least as far as my situation is concerned. I commented earlier in this thread that I don't have a problem with others putting personally identifiable information into their SSID but that it's not something I would ever do myself. I'd like to extend that comment and hopefully clarify it a bit by adding some other things that I don't do. I think this all fits in with your 'behavior' comments above.

In addition to ensuring I have a generic SSID, I don't have a brass door knocker on my front door that announces my family name. My neighborhood doesn't allow door to door salesmen, but still they come. I don't want them addressing me, my wife, or my teen children by name. I feel that would give them an (insincere) advantage.

I also don't have a big rock or other signage in my front yard that's emblazoned with my family name, although two of my neighbors do. I jokingly say that they must be very proud of who they are that they have to advertise their family name like that.

As a final example, I shred almost all mail and other paperwork that leaves my house, even the generic stuff. Part of the reason is simply prior military training, and the rest is simply a result of the world we live in today, where anything in your trash can is fair game as soon as you wheel it to the curb.

I can respect that. Obviously, I'm in the other camp. :)

-Char-

Reply to
Char Jackson

I think that it would be fairly easy to show that mail often includes a lot more information than your family name and that sophisticated criminals can use this for different social engineering crimes. Not burglary so much as identity theft, cc fraud etc.

So while we are in agreement that much of it is personal approach, I think that this activity can be readily supported by logic. That is to say not everything a secretive person does is likely to make a difference, but some stuff certainly DOES.

Reply to
seaweedsl

Quote from page: Chances are that if you own a wireless router which uses a default WEP or WPA key, such key can be predicted based on publicly-available information such as the router's MAC address or SSID. In other words: it's quite likely that the bad guys can break into your network if you're using the default encryption key. Thanks to Kevin, our suspicion that such issue exists on the BT Home Hub has been confirmed (keep reading for more details!). Our advice is: *use WPA rather than WEP and change the default encryption key now!*

Maybe I'm missing something, but this link seems to be showing how using default security settings on your router can leave you vulnerable.

If so, then I would say that is very much does matter whether it is the family name or not, if not means leaving the default SSID in place. In the sense that if you enter your name (or address or anything else) as SSID, then you are automatically removing the clue as to which router it is, thus helping increase security a tiny bit.

Certainly no one here would recommend leaving default passwords in place. Not at all the same thing as we are debating.

Had not thought of that. Considering I'm still on the trailing edge of cell phones, I forgot that wifi enabled phones are common. So yes, that means they don't need to be be wardriving to see an SSID, which was one of the first leaps of faith I was trying to make. But that's peripheral to the argument and does not get me past the next two or three leaps of faith! It cetainly does not imply that they will be able to determine passphrase length though, even if that WAS correlated to household contents value as proposed.

Important observations all, but still making a case for another issue entirely. You are providing supporting info for the common advice given here and elsewhere:

Be sure to change your router's default settings: SSID, wifi WPA security passphrase, router username and PW Taking those simple steps will avoid all above mentioned scenarios

As far as turning one's router on and off, ok, sure, whatever. Don't turn it off- maybe it will help trick people who are casing hour house into thinking you are home if they are doing a wifi based casing rather than simply watching you.

Again, another argument for another issue.

Don't understand this one. Are you saying that you believe that your windows were smashed in due to your SSID having your name and address?

Cheers, Steve

Reply to
seaweedsl

not.http://seclists.org/bugtraq/2008/Apr/0250.html>>

Yes, but why would you assume that the 'not' condition means leaving the default SSID in place?

Not really. The router's MAC address gives a more reliable clue than the SSID anyway. For example, I've been known to use the 'linksys' SSID on a Netgear router just to avoid teaching some old dogs new tricks. Not that I advocate that, of course.

Reply to
Char Jackson

seaweedsl wrote: >

Thats fine, because that's never been my argument.

Huh? You made that up. What /I/ said was showing yourself to be highly tech-savvy was a good way to make yourself a target.

I never said that either. I said that demonstrating high levels of technical sophistication is likely to indicate you have a high level of tech equipment.

I'd have been amused if your point had been valid... :-)

Interesting, but if that's what you think I believe, you're totally wrong. I believe that having effective security protects you from dangers. However I also believe that my private life is my own business, and I therefore don't go broadcasting chunks of it around at random strangers unless I think there's benefit (to me) in doing so.

Wrong. "more than I want them to", not "more than absolutely necessary".

Realise that Jeff and John's approach is also nothing more than what they FEEL is a good thing. There's no legal requirement, no absolute. Jeff's arguments are interesting but not compelling.

I agree re Jeff. I'd be more convinced about John if he didn't keep reposting common knowledge in an alarmist manner when there's a perfectly good wiki, and didn't absolutely refuse to ever admit he was wrong, even when he manifestly is and people post links to prove it.

I've not advocated obscuring the SSID, merely not making it your postal address. My own SSIDS are broadcast and are the highly inspired "MARKSNET" and "MARKSNET2" which clearly identifies my APs to my neighbours but is meaningless to strangers.

Back to my essential point, which is that security isn't a one-stop-shop. You don't just enable WPA2 and say "thats it, I'm secure". Each additional level of complexity makes it harder for the hacker, and slightly less likely he'll bother.

Reply to
Mark McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.