USA Has More Open Wi-Fi Hotspots Than EU 274
Mark.JUK writes "Some 40% of wireless (Wi-Fi) Internet access hotspots in the USA are unlocked and do not require a security password, which compares with 25% in Europe; according to WeFi based statistics. Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked. Nice to see everybody taking security so seriously, then. It should be perfectly possible to 'share' Wi-Fi while using WPA or WPA2 security measures at the same time."
This isn't a bad thing. (Score:5, Insightful)
Good! The Internet was founded on free and open access.
For the first year or two I was using a (very limited) free dial-up shell. Otherwise I would have never been able to get online. I live my access point open, I've had hundreds of users over the last few months.
How secure is secured? (Score:3, Insightful)
One of the guys I work with used to be a "penetration tester" (paid/hired hacker ;) ) and still has an interest in the area. He showed us a map of his route to work after he drove in with an Eee with wifi and GPS attached. With a bit of representation help, Google maps and a bit of colour coding then there was a surprising amount of people using WEP. Technically that's secured, but realistically it is as good as open for anyone with about 2 minutes and the right app (saw it demoed on the same Eee).
Re:How secure is secured? (Score:3, Insightful)
One of the guys I work with used to be a "penetration tester"
Boy, you set the ball on the tee, now it's time for someone to hit it out of the park!
Re:What wired equivalent means (Score:4, Insightful)
But those two minutes for physical access a) require physical trespass, b) require you to be in a much riskier situation where you can get physically caught/trapped, c) tend to require more than 2 minutes because you've got things like locks on doors and d) require you to know where the router actually is.
By comparison, breaking WEP and hopping on a wireless network is simple, and how many people actually keep an eye on their router for rogue MAC numbers? Also, you do realise that MACs can be spoofed, so in the right situation you could potentially just usurp a machine or use the MAC of a real but currently disconnected one, right?
Population density is a plausible cause. (Score:5, Insightful)
More people who may hop on your network and negatively impact your performance would likely cause you to learn to secure things. We have a much lower average population density, so you are more likely to be able to remain ignorant (or just not care) and leave your AP open. If I have 4 people who can see my AP, they are much less likely to wreak havok on my quality of service than if I have 50. I would like to see stats on open AP% vs population density. Of course, the article may have this info. I didn't rtfa.
Relevance? (Score:3, Insightful)
The US also has more McDonalds, too. How is this even interesting?
Re:This isn't a bad thing. (Score:5, Insightful)
Great!!
When I travel, I want to be able to go into a coffee shop, get my espresso, and sit down and use my laptop on the internet without having to hand out credit card information or any other sort of credentials. I make a point of only frequenting businesses with open access points because I want to reward their community service. I recommend that others do the same!
And your point is? (Score:4, Insightful)
Mark.JUK said "Nice to see everybody taking security so seriously then." Is there something inherently wrong with an AP that is connected right to a DSL (or other) internet connection to provide free access in, say, a coffee shop, library, city park, airport, or other common areas? McDonalds, Barnes & Noble, and many airports (thanks Google!) are offering "free WiFi" - by definition these can't be "closed"...
There are "wide open" residential gateways, but that number is dwindling (at least in my experience).
I work in a school district and we offer WiFi in all rooms in every building, but we have two "SSID"s - one secured (with access to our internal network, for administrators and district-supplied laptops) and one public (with only filtered access to the public internet, no internal resources available).
I'm doing my part! (Score:4, Insightful)
"Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked. Nice to see everybody taking security so seriously..."
F U, I've been intentionally open since 2002 or so. (Basically, since I got it.) It's like, if you leave your lights on and windows open, someone can sit outside your house and read a book with the light you're giving off--OH NOES!
First of all, it doesn't cost anything to share a bit of WiFi. If someone happens to be driving by and needs it, they can park and use it. If a neighbor loses their connectivity for a day and wants to use mine, FINE, GO AHEAD--I won't even notice or care. Nor will my ISP.
Secondly: security? What security? I doubt there is a band of leet hackers hiding behind my fence trying to get financial data off my wife's laptop (hint: it's usually closed) or trying to pull my credit card number or bank login name as it whizzes by among gigs of other data. (Hint: you'll also have to crack HTTPS.)
You're worried about credit card fraud? Worry more about the 19-year-old you give your card to at a restaurant who disappears with it for a couple minutes. My family and I have had credit card info stolen and abused several times in the last decade and not once was the Internet involved, let alone hackers sitting outside our house at night doing MITM attacks. I'm more worried about an ACTUAL break-in (which I've also experienced) than a cyber one.
Re:Personnally (Score:3, Insightful)
Frankly, WEP and WPA2 are doing more harm to the innocent people who just want to use your connection to check email than to the people who are doing something illegal. A good lawyer could argue that your open access point weakens evidence based on IP addresses, because it decouples your IP address from your legal identity, but most innocent people would not be able to defeat WEP.
Re:Insecure? Who says? (Score:3, Insightful)
There are no "UK" or "US" rules. There are agreements between people and the businesses providing services to them. In my case, I'm complying with my agreement, and still would be if I lived in the UK and had the same contract.
Re:No wonder (Score:1, Insightful)
Agreed. Laws here are very undemocratic. Can't have open anonymous Internet access. That's not compatible with our government's fear of free speech. Lobbyism of the music industry and sheer incompetence of our judges top it off.
I'm Confused (Score:5, Insightful)
Nice to see everybody taking security so seriously then. It should be perfectly possible to "share" Wi-Fi while using WPA or WPA2 security measures at the same time.
I take security very seriously, so my machines are properly secured for direct access to the Internet, and my important machines are behind their own firewall.
I must be missing something about WPA or WPA2 -- how can you make your network show up without the little lock icon when a stranger passes by, so they know they can log in?
Why would I want to encrypt the channel, anyway? As soon as the comm hits the Internet it hops nodes I don't control. If I want it secure, I had better be using an encrypted channel at a higher layer. Admittedly, I could transfer sensitive files in the clear on my own network, but why? I use SCP for everything, which is easy (easier, IMO, than GUI) and it is a good habit to get into.
Which all is to say: I think the "WPA/WPA2 == security" thing is a bad meme. Good security starts above the network layer, and generally can end there. Meanwhile, securing all our Wi-Fi nodes kinda sucks in terms of making the network universally pervasive.
Free the APs, secure the machines and processes.
Re:No wonder (Score:3, Insightful)
Stop with the OMG NOT SECURE WIFI crap, please. (Score:5, Insightful)
I must rant ...
I'm rather sick of hearing 'OMG NOT ENCRYPTED' or 'OMG USES WEP INSTEAD OF WPA' when talking about WiFi.
If you're talking about it while using a wifi hotspot, then you're just a fucking moron without even the slightest clue.
No one gives a fuck about your data. They aren't sitting at an airport trying to gather sensitive information. You know why? BECAUSE ANYONE WHO HAS SENSITIVE INFORMATION IS USING ENCRYPTION FOR ALL THEIR CONNECTIONS NOT JUST WIFI. It doesn't freaking matter if the wifi is sent in the clear, their actual session to their file server, mail server or web server is going to be encrypted via SSL or over a VPN.
Any half way competent admin treats wifi as an external network, regardless of encryption used on it, even their own internal wifi networks.
So fucking WHAT if your Starbucks wifi is clear text? You're upset because you're sending it over the air without encryption, but you're fine with the fact that it travels all over the Internet with no encryption? You're afraid someone at the airport may snoop you via wifi, but you don't care if they snoop you via the lan the wifi connects to? You somehow think that because it requires a password, that all the other people that have the password somehow can't see what your sending?
If its public, you're retarded for encrypting it or worrying about the encryption. Everything you're going to do that needs security has a different, BETTER way of handling security and encryption than ANYTHING wifi has to offer.
You don't need to 'share' wifi and use 'wpa or wpa2' at the same time, just fucking make it clear text and stop acting like its 'super secure' when its not. If anyone can buy in or someone easily get your wifi key than your encryption is 100% pointless. Wifi passwords are only useful as a limited effectiveness way of preventing people from using your bandwidth, thats it, nothing more.
Anyone who thinks they are 'secure' because of wifi encryption is just ignorant. Theres no reason for a hotspot to be encrypted, its there to be shared.
And for fucking reference, a hotspot is a place that allows random people to connect. Your WAP at home isn't a freaking hotspot, its just a wireless router. You don't have a hotspot in your home, Starbucks has one, McDonalds has one, the Airport has one. You have a WAP.
So you know why there are a lot of unencrypted hotspots? BECAUSE ITS RETARDED TO DO IT ANY OTHER WAY, the only reason it gets done other ways is shear ignorance and paranoia because of other twits on the Internet that scream OMG ENCRYPTION ENCRYPTION ENCRYPTION!@$!@%$!@%.
Re:And Many wifi open hotspots are secure. (Score:3, Insightful)
Back a few years ago when I built a giant faraday cage around my house--they said I was crazy. The homeowner's association sued me, my wife left me, the mental health people wouldn't let me see the kids, and I lost my job after extolling the virtues of the faraday cage to all the other employees at every opportunity.
But, in the end, I showed them! Now they see I wasn't so crazy. My house has the most secure wifi on the block!
Re:This isn't a bad thing. (Score:3, Insightful)
Re:This isn't a bad thing. (Score:3, Insightful)
If I didn't have a bandwidth cap I would leave mine open.
I blame the greedy telcos.
Re:This isn't a bad thing. (Score:3, Insightful)
But what would be the point? You need encryption at the application layer, since after the router it's all cleartext otherwise, so if WPA2 isn't being used for access control, what would it gain?
Re:This isn't a bad thing. (Score:4, Insightful)
This. For a local wireless network, what exactly are you worried about? People driving by and using a bit of free access to check email is no big deal. Even if they're making mischief trying to frame random people for child porn, it's unlikely they'll hit you up when they have to be physically near your place to pull it off. It's not like general perimeter security, where you have to be worried about automated scripts even if nobody is directly targeting you.
If somebody is really abusing your bandwidth, then handle that on a case-by-case basis. Otherwise, WEP/WPA just cuts into your local throughput and makes it inconvenient for guests to connect.
Re:Insecure? Who says? (Score:3, Insightful)
I disagree with your assessment. The risk is so tiny that the severe penalties don't even register for me. Should the improbably happen, I think I'll be remembered as the guy who cooperated with the police to investigate his neighbor.
Ask 1000 regular computer users about MAC spoofing (Score:2, Insightful)
For 99.9% of the population it is not only non-trivial, it is in fact impossible because they lack not only the tools to do it, but also the knowledge that it can be done.
Obviously we can do this, but if you really understand security you know about security landscapes. You know that keeping 99.9% of potential users/abusers is better than nothing, by about 99.9%. So no, it is not reasonable to say that MAC filtering is roughly the equivalent of no security at all.