Schneier on Security

Bruce temporarily forgot that with fame comes a nice big bullseye target...

I do the same thing. Originally I got turned onto the idea in my younger years when I was somewhat more active in the underground and the **AA lawsuits were at their peak (plausible deniability and all that jazz), but I don't really do any pirating now since I've got a steady cashflow and can buy most of what I'd want. So now it's really just on principal. I have no qualms against using others wi-fi when I'm not home, so why should I mind someone using mine?

Oh, yeah, same dealy with my uber-secure anti hacking network. Any hack attempts are met by mouth breathers in meat space. Or something. Yeah.

> University of Cambridge security expert Richard Clayton also questioned the
> assumption that unsecured networks were necessarily insecure.

I understand what Clayton was trying to say, but either he didn't express himself well to the author or the author's slant is odd.

Absolutely you should assume that something that isn't secured is insecure. That's pretty much the a definition of "insecure". The question is, "does it need to be secured in the first place?"

Hehe, yeah, maybe not a "secure" statement to make, of course, we all know that there is no real "security through obscurity". ;-)

Personally, I stick to WPA, if friends come over, I either hand them a network cable, setup their laptop for my WPA, or just temporarily make it an open access point. Not as convenient as your method, but a better situation for me 90% of the time.

Max thought the night-time hack at the Schneier's place would be a safe caper, but that was before he spotted the security cop riding a bull mastiff, blond hair blowing in the wind, and noticed the blue-and-white sign wired to the cyclone fence, "Guard dude on doggy."

Obviously, I'm not an unsavory man. Do have a bitey dog tho' ;-)

The for-the-record-statement ist dangerous, too. >Hey, Bruce claims he has "an ultra-secure wireless network that automatically reports all hacking attempts"! Let's hack it!<

Well, I used to run my WiFi wide open, but now my cable modem's revised ToS prohibit it. And our ever useful Congress wants to pass laws making it a crime. Joy!

Perhaps it's time for some civil disobedience? Like the tinted front windows on my truck...

So, what happens when someone does something throughly illegal while using your WiFi, and the authorities come and blame you?

Even if you manage to prove your innocence, the victims might sue you for enabling the criminals and helping them get away with it!

I have been working on a second wireless network with the first being fairly secure and the new one open to those around me. I have some firewall rules to prevent outgoing spam but other than that it is free to use.

@arl

I'm doing basically the same thing. I've got a more secure wireless network for those computers I authorize, and a rather insecure network for guests / neighbors. Yeah, it costs twice the amount for wireless access, but it's damned convenient.

Has anyone *ever* done something thoroughly illegal using open wireless? Seriously when?

@Schneier: "For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs."

Does not seem realistic - your bark is worse that your bite. If you said instead that the unsavory men had Humboldt squids that squirted ink on demand, no one will dare venture near your unsecured network.

I tend to agree that wireless encryption is not so useful, since practically all private data tends to get encrypted at the application layer (smtp/tls, imaps, ssh, https, and so on).

But I don't agree that anyone should be able to use the network bandwidth that I pay for. It's a scarce resource, for one thing. In addition, any dubious network activity is going to be traced back to my IP address, which makes me responsible for any virus or scam or illegal download facilitated by my wireless network --- as I should be.

What I would like to have, and don't see anywhere on the 802.11 horizon, is some kind of secret-based HMAC authentication, like the kind in OpenVPN, but for wireless. Something that can't be spoofed, by wireless ethernet clients lying about their MAC addresses. If I have a guest, I can just generate a new secret for them, and expire it when they leave.

@Ian Woolard

Technically, if you download a copywrited work without permission on a public wireless network, you are doing something illegal on that network.

I notice you use "thouroughly" to qualify "illegal", by which I assume you mean to exclude crimes for which a victim is difficult to find (or at least sympathise with). However I assure you that this possibility gives admins of open wireless networks the heebie-jeebies. At the University where I work, the fear of drawing down the ire of the RIAA is not taken lightly.

"Firstly, I don't care if my neighbors are using my network."
Until your neighbor kidss start clogging up the uplink by offering their k3wl warez on some peer-to-peer network.

I've implemented a simple fix:
Bought two access-points: One open, one closed.
The former one doing traffic-shaping.
If friends come by, I plug in the open one.

Linksys, D-Link, Netgear and alike love my solution too: if everyone would do that, their profits would double ;-)

Maybe Bruce will be an early advocate of PERM:
http://swing.cs.uiuc.edu/projects/perm/

He might advocate Fon as well.

http://en.fon.com/

Reading the article linked, I thought: well, they forget something important: secure against what? If I don't want to prevent anyone from using my network, why call it "insecure" if it works as intended? I just don't get it. I mean: one could say that a network, that is open by intention is (at least in terms of confidentiality and integrity) secure by definition: what I don't trust in can not bite me surprisingly.

I wonder if Bruce uses Blowfish for encrypted air-traffic, or if he prefers Twofish ;)

But as jmc pointed out, the ultra-secure ersion is also dangerous. So the best solution seems to make it seem normal and uninteresting, something like:
I have a painfully slow wireless network with standard security settings and an average firewall. Oh, and it isn't connected to the internet or any other computers. ;)

I do the same thing. In fact my SSID is my street address (it would be 110SmithComeAsk if I lived at 110 Smith Street). I don't mind if my neighbors or their guests occasionally sponge off my internet access.

I take a few precautions to make sure my lan is not too exposed (passwords on shares, for instance) and I realise it is good practice anyway to make sure that your network isn't "crunchy" with 100% of your security outside of your lan.

That said, I would love a (~$50) router that could set up separate networks for wireless and wired clients and refuse to route between the two... I realise I could do so by buying two routers, but it would be nice to have it all in one box...

@Carlos

Ian used thoroughly in paraphrasing the man's use of it a few comments up.

Hack Bruce?

Come on ... we all know his Admin Password is "Squid123"

:-P

I didn't mind my neighbours using my open wireless hub, until they started hogging all the bandwidth and I couldn't do anything that I wanted. It got so bad that it became a denial of service attack. Cue lockdown.

@Ian Woolard

Well there are cases where people have been caught downloading child pornography, which is pretty illegal, using open wireless connections.
http://news.zdnet.com/2100-1009_22-5112000.html

Can't blame you, there really isnt a wireless connection secure enough these days. The biggest issue with it these days goes along with laptop security because when you have access to a network its fairly instant access to the files within the laptops connected to it.

Remote laptop security is the best way to prevent data loss because it allows you to access and encrypt files from other computers with the same encryption program.
http://www.essentialsecurity.com/howitworks_laptop.htm

yeah that's what i do too- mine was open and free for years- and i have in turn used others' connections-
user-level encryption to me is the only way to really secure things, so i don't care-
everything i do that is sensitive is done over ssh or ssl, and my boxes are locked down

Bruce, how do you secure transactions across your unencrypted wifi? Personally, I don't use WPA because my housemate's handheld doesn't support it, but instead use OpenVPN for all traffic between my box and the firewall, to stop it being sniffed.

So Bruce, have you been 'owned' yet?

At least you didn't say, "Bring it on."

While the script-kiddies who churn out form-letter phishing attempts probably wouldn't figure it out, a more capable hacker/cracker would look long and hard at that statement and likely determine that a) it's not worth the risk, and b) the network is open because everything else is secure.

Not to mention which, I wouldn't be surprised if Bruce's WiFi is monitored by Counterpane.

It's largely the clowns in Washington who believe secrecy = security.

It's a honeypot suspended over a trapdoor full of crocodiles }:)

@ Ian Woollard
"Has anyone *ever* done something thoroughly illegal using open wireless?"

Have you ever done something illegal or questionable via your exisitng network, and used an open WiFi access point as a "plausible deniability" excuse to cast "reasonable doubt" and blame on persons uknown ?

For the people who would see that as a thrown gauntlet, would cracking your network really be any less fun of a challenge than cracking one of your computers? I would think denying that you have any computers at home would be a better strategy. :-)

I think his password is Squid-Billies06 :-)

I'm really tired of people who speak of un-encrypted Wifi as if it's this evil thing. This guy talks as if I've left the contents of my bank account sitting on my front lawn.

I use end to end cryptography when I want my connections to be secure. Anything less is as good as nothing, IMHO.

I am happy that I can now proudly say that my WiFi network is as secure as Bruce Schneier's. Thanks, Bruce. :)

Mine's open, but I live in the boonies on a dead end road and my nearest neighbors on both sides are much older and don't own PCs. Plus they're hundreds of feet away.

I also run AirSnare to monitor unknown MAC addresses accessing the network. In the year it's been running, I haven't had a single report.

http://home.comcast.net/~jay.deboer/airsnare/

@metapundit: get a wrt54gl and put openwrt (http://wiki.openwrt.org) on it and you can configure the internal vlans however you want and apply different security configs to them. Takes knowing some linux, but the wiki has good docs even if you don't know... and if you don't know, you should learn :)

I used to have my wireless network open as well, with my street address/name as the network name. At some point I became worried about lack of IP addresses, enabled WEP, and haven't bothered to re-disable it after I got a NAT.

These days I have something called FON (http://www.fon.com/), which is a community for sharing WLANs between participants for free (non-participants pay 2EUR per day I think). You can also get from them a preconfigured WLAN router which is cheap (subsidized). Personally I still use my old access point though, because it doesn't have a login procedure.

@OH,metapundit: The new FON firmware (which I haven't tried yet) is supposed to provide two SSIDs, one for local users in your household and the other for other "foneros" to use. That could be an easier alternative to OH's suggestion.

@Bruce:

Just use a better WLAN cable and your network is secure forever ;)

Any wardrivers that print statistics will deny they ever accessed the networks they investigated since then there is a different set of law at work. You are then actually accessing other people's computers instead of saying if it is open or not. People can get angry if you access their computer (protected or not) without their permission, and police will make it hard for you.

Being a security expert comes with being targeted.
Prof. Adi Shamir has removed his homepage from Weizmann Institute after being hacked one too many times by script kiddies, simply since the computer maintenance team there does a lousy job. So you have hacked into an ill protected web site, yeay for you..

You got fame, Bruce. Your image is in the current episode of Everybody Loves Eric Raymond, on Linus' t-shirt: http://geekz.co.uk/lovesraymond/archive/highbrow-my-culus

@Bruce

According to researchers at Indiana University,

"A large percentage of Wi-Fi networks are 'horribly insecure'"

However they also found that,

"People just really don't care about Wi-Fi security, and open Wi-Fi at home is a nice big target,"

Read more at,

http://news.zdnet.co.uk/internet/security/0,39020375,39277577,00.htm

Bruce, you should put a challenge/response system on your network. They can use it free, but have to type in word X on page Y of (one of your books) to connect.

My network's pretty secure - for some reason the range is ridiculously small, so anyone wanting to use it would literally have to be in the same room as me and the router... which I think I'd notice :-)

Regarding unauthorized WiFi activity on an insecure LAN, here is a BBC news article that claims "Such a defence would hold little water as the person installing the network, be they a home user or a business, has ultimate responsibility for any criminal activity that takes place on that network, whether it be launching a hack attack or downloading illegal pornography." http://news.bbc.co.uk/1/hi/technology/4721723.stm.
I don't know what the American legal stance is but I find the BBC's interpretation of UK law pretty harsh.
Get a new router with AES suppot now!

How would you restrict net access on your wireless network by MAC address? Unless the initial connection is somehow encrypted, a wardriver could simply watch an authorized computer connecting and spoof their MAC address.

There are, I grant, dozens of ways to ensure that only an authorized computer gets access; however, they'd most of them require a separate application that authenticates each connection within a certain time limit else drops the connection; it would not be handled automatically. However, the builtin protocol seems to be quite insecure.

No, it's true. I've used Bruce's wifi many times for my nefarious schemes. It is wide open, and fast, as well -- Bruce didn't skimp on the bandwidth.

It's a spammers and crackers dream, and you can use it as well. Just park by 1060 W. Addison, Chicago, IL and connect to the "twofish" SSID.

Have fun, kids, and say hi to Jack and Harry for me.

I attended a talk on wifi security at Defcon, as one of the presenters was a friend of mine. Afterward during the Q&A session, the speakers were asked about how they secure their wifi APs. One guy said that he lives out in the country and has a 30-06, another said he just used WPA (or WPA2 or WEP, I forget), and my friend stated his was wide open and the SSID was "freeporn". So, apparently, people don't care about wifi security, unless they're making a point of how bad it is empirically.

I encountered so many incompatibilities between OSes, cards, and the AP that I don't bother with wifi encryption. Makes it easier for guests that way too.

Hacking attempts?
What about sniffing attempts on the information beam you _SEND_ through the walls and into the open?

As for open access points and "illegal", my ISP's terms of service prohibit sharing my internet connection, a common clause. So music, movies, and certain photos aside, an open access point may not be against criminal law, but if discovered could well result in civil action by your ISP.

I allready bugged neighbours by using net send to point out to them that they have the freebee virus.

net send * Hy nice wireless network you've got there, seems i'm on it now.

Always a good joke, be amazed to see how quickly the thing is encrypted after this.

It won't be too long before wireless phone carriers start offering roaming on WiFi access points, specifically home-based routers. Pairing a handset to a WPA protected access point could be challenging. It'll be interesting to see how this works itself out.

is "ultra-secure" an articulable technical standard higher than "secure", or just snake oil?

"ultra-secure", if used properly, equals "unusable without extremely painful procedures that people will make jokes about in years to come"

Kudos, Bruce!

Some of these people, sheez. Heaven forbid anyone provide anything for free in this country.

Maybe I missed it, but no one mentionned the privacy issues with an open Wifi network.

Anyone with a Wifi card in monitor mode could spy on me. Okay, my mail/credit card/etc are only used on secure connections, but it still don't like it that people know which sites I visit.

Also a hacker could use Cain to do ARP spoofing on an open Wifi network. Works really well. Very useful for all kinds of real life MIM attacks.

Uhmmm... Outlook Express and others send smtp passwords sent in plain text by default.

Unencrypted WiFi is like leaving the deadbolt on your front door open, but locking the handle lock and the screen door lock. They are all there for a reason.

Best SSID (besides my ultra-profile-lowering, secret-ain't-tellin' ya one) : TestVirusHive"

Probably is just me, but I'd think the refutation would just make cracking Bruce's network exactly the kind of challenge hackers enjoy....

Reminds me of Bruce's SMTP server. People used to write and tell him he was an idiot for specifying the software version in the HELO response. So he changed the response to state some ridiculously early (and open) version of Sendmail. So they started writing to tell him he was an idiot for running a vulnerable version of Sendmail.

I have yet to need to lock down the wireless but do watch the DHCP and make sure that my guest are the only ones using it. In the few times I peeked at the traffic from unknown users, it is usually cnn.com and the like. Pretty easy to measure risk when watching. If someone became dependent on my wireless, then I would lock it down or knock on the right door.

There are, as well, a great number of community wireless network projects out there based upon sharing your WiFi AP.

Check out muniwireless.com

Personally, I think securing a personal WAP is unnecessary, unless you have a problem with people using excessive amounts of your bandwidth.

Think about it.

If you have a WAP, you are 99.99% likely to connect to your WAP with your laptop.

If you have a laptop, you are 99.99% likely to connect to WAPs other than your own (hotels, conference centers, various corporate LANs, etc.) on a very high frequency.

How worried should you be about securing your own wireless network if you routinely connect to wireless networks that you have no control over?

If you're sending unencrypted doodahs over your personal WAN and relying on your WPA, WPA2 or whatever for security, do you actually change to encrypted protocols when connecting to WAPs other than your own?

At Blackhat 2005 Airgo proudly announced they were providing their routers for the wireless network. They touted their new "unbreakable security" and challenged the audience to hack it.

Of course there was no wireless access at Blackhat 2005 after that.

@pat calahan:
"how worried should you be about securing your own wireless network if you routinely connect to wireless networks that you have no control over?"
did you get security confused with reciprocity? your question sounds similar to "how worried should you be about picking up a hitchhiker if you routinely hitchhike?"
the real gut-check is whether you would trade stocks in your brokerage account or do sensitive emails over someone else's wireless network. i don't, because i'm just a little paranoid. maybe that's due to my ignorance relative to technological cognoscenti, but nothing fuels paranoia like ignorance.

Maybe already said, maybe not in these words:

If your connection isn't secured, or the thing is open 4 all, you can track it, log it, do whatever is possible, but if some dude decides to attempt to hack some server through your connection, you are being held account for, because it came from your address, through your router. You can log it, blog it, and analyse the thing, but if they are very smart, you'll only track and log hot air.

It has happened with myself, i had my wireless setup at home, and some dude decided to use my open connection at that time to send spam, my internet account was blocked for 2 weeks by my provider because of that. My own fault they said, i am responsible of what happens. Since that day i never use wireless connections anymore.

Well, I have both an open wireless network (physcially segmented from my LAN) and a closed wirelss network (on my LAN) in my office, on the theory that the open network is a) quick to get visitors on and b) the casual person wanting to steal some bandwidth will go for the safe open one.
Of course, in my heart, I know that really I should only have the open, disconnected network and make everyone VPN in, but if I go around saying things like that I'll get appointed Network Security Officer for my company, and I certainly don't want that.

I used to leave my wireless open, mostly on principle, partly out of laziness.

Then I read a newspaper story about a guy caught driving slowly up and down a street, with pants at his ankles, surfing child porn on someone's open connection. You don't want that to be your connection - if he doesn't get caught doing it, the feds show up at your door...

I said "That was the story I was waiting for" and secured the network. I keep auth info posted on my refrigerator for visitors.

I have my wlan attached via a crossover cable directly into my linux firewall box (a pc). It runs wep for basic security, but as it's only an old aironet (pre-cisco) ap, it's only got weak encryption. My firewall is set up as a 3-legged firewall/router, and I have rules which restrict traffic coming from/to the wlan to a list of my own wireless cards. Of course, this is not the ultimate in security, because the wep could be cracked quite easily, but then the attacker would have to work out I was using mac-address filtering, and then, work out which mac addresses I've authorised, then spoof that. The filter will effectively prevent any unauthorised cards from talking to anything other than another card on my wlan - no internet or lan. If you sniffed the network, after cracking the wep key, you could obviously 'just' spoof the mac address of any other devices that were already attached. If I were to have a visitor with a laptop who wanted access, I'd just flip them a spare wifi card and the wlan credentials.

To boot, all my machines (laptop/desktop) run linux, so I'm not *too* worried about getting hacked/virused/wormed - I just have a healthy level of paranoia ;-D

The point of security is two-fold: a) make it obvious that something is not public; and b) to make it hard for someone to get around the protection. I believe this does both. It's more secure than the lock on my front door, or my windows, which all have security bolts. Cracking my household security only takes a brick - but anyone would be hard put to argue that was accidental - same goes for my wlan; I've made reasonable effort to secure it, and anyone who doesn't respect that has intentionally "broken in".

Good afternoon Mr. Schneier,

I came across your blog this afternoon, in a 7/7 search. I work for www.madrid11.net. We are a non-profit organisation devoted to increasing the dialogue, awareness, and debate surrounding issues of terrorism and counter-terrorism. We are a newly budding site, part of Open Democracy.

I think your voice would be a valuable addition to our website. I would like to invite you, and others who might be interested, to check us out, and to please post any thoughts or comments you may have.

This week’s featured debate discusses the merits and set-backs of citizens’ networks in defending against terrorism, and our editor, Peter Neumann, enters his most recent blog entry on the counter-terrorism progress of the British government.

If you like our site, I encourage you to visit us often. Also, you may consider including us on your website as a link, www.madrid11.net/buttons (for icon links), should it interest you.

Thanks you for your time.

Sincerely,

Jesse Brown

I think the implications of unsecured wireless networks are often misunderstood as purely a risk to data confidentiality. The risk of data theft doesn't concern me as my PCs are sufficiently protected and the value of any data on them is low. However, the prospect of landing up in court / jail because someone in another flat uses my broadband for illegally downloading copyrighted material (or child pornography as Ian Wollard worryingly suggests) is a real concern. I wonder how easily such a claim could be repudiated in court? Of course, significant personal damage could easily arise even if you could demonstrate your innocence.

Mr. Schneier:

Though you may regret your statements, reading your article on Wired (http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110) definitely brought a contrasting light to a seemingly obvious topic. It encouraged me to engage in some thought to remind myself why, after all, I do secure my wireless networks. I also commented on your article on my computer security course's blog (http://cubist.cs.washington.edu/Security/). Sometimes arguing for the extreme opposite is a healthy reinforcement for sound practice.

-Kris

Dude!

"Defense in depth?" Why would you NOT close an opening that you CAN close?

Not to mention, the blogosphere is now going nuts with "Schneier runs his wireless wide open, you should, too!"