Re: I have been asked to leave the company for having spotted serious security breaches

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Stephen K. Gielda (steve_at_packetderm.com.bogus)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 18:03:24 -0500

In article <cu0cc4$ks4$1@nntp.itservices.ubc.ca>,
unruh@string.physics.ubc.ca says...
> "Some Bloke" <somebloke@that.uk.net> writes:
>
> >Agent C. . .
>
> >Yes, while I think that George may be a bit flippant about his approach,
> >there was another bloke he reminds me of back in the late 1930's who went
> >around warning about an attack on the US by Japan. His name was Billy
> >Mitchell and for his troubles he was court-martialed.
>
> >I think that you are being a bit too harsh on him. While he may be an
> >annoying little brat in your eyes, in my eyes I think that he brought about
> >what is a glaringly obvious problem to his superiors and they choose to do
> >nothing about it. In my estimation, his actions are commendable and while
> >his approach may appear a bit bratty, I think that the nature of the problem
> >he has discovered and his organization's failure to address the issue is at
> >stake.
>
> I took the bus in to the University yesterday, and while riding scanned
> with my laptop ( iwlist scan)
> Almost everywhere along the route I found between 5-11 listed wireless
> ports, and over half of them stated that they had no key.
> Some with business names listed (eg CUPExxxx-- for those not from Canada,
> that is a Union-- Canadian Union of Public Employees.).
>
> What astonished me was that I could detect all of these from a bus roaring
> by on the highway.
>
>
> >Maybe you should reconsider your chastizement of this lad.
>
> While his first post did make it look like he was somewhat obnoxious, it is
> hard to tell whether or not he had a legitimate concern. The proximate
> issue was the open wireless, which in itself is not necessarily a great
> danger. It depends on what is on that wireless.
> On considered reflection, I guess I would not want an open wireless at a
> school-- not that it is a real danger in itself if all critical parts were
> firewalled off from that wireless, but because of the danger that predators
> could use it to get at the kids. Having an open entry into a net where you
> know there are lots of andlots of kids does not seem like the safest thing
> to do.

The problem with this whole thread is that full details are missing.
Everyone sees "open wifi" and we all know that is a security problem, so
judgements are all being made from this point. However, there are
instances where open wifi is a good thing, and yes, even on college
campuses. If something is unsecured, and was done deliberately with the
understanding of the risks, then there is a reason for it. To then have
someone who knows a little about security start raising a huge stink
about it and bothering higher ups would be very annoying to anyone.

Picture this, you are tasked with creating a wireless "kiosk" where
anyone on any device, can connect to get to a directory. The design is
deliberately wide open, the net is segragated from anything important,
it's supposed to allow anyone within range to be able to connect. Now
someone who works for you tells you this is bad, that it's open. You
say you know and explain that it is deliberate. This person doesn't
like that answer, posts to usenet groups (extreme crossposts), and goes
over your head to complain to your bosses. Everyone involved is going
to tell this person to go look for another job.

I'm not saying that is the case here, but there are at least two sides
to every story and we are only seeing one.

/steve 

-- 
Check out Cotse's Privacy Watch.
A comprehensive information resource.
http://www.cotse.net/privacy/

Relevant Pages

  • Re: I have been asked to leave the company for having spotted serious security breaches
    ... > issue was the open wireless, which in itself is not necessarily a great ... Everyone sees "open wifi" and we all know that is a security problem, ... say you know and explain that it is deliberate. ...
    (alt.computer.security)
  • Re: I have been asked to leave the company for having spotted serious security breaches
    ... > issue was the open wireless, which in itself is not necessarily a great ... Everyone sees "open wifi" and we all know that is a security problem, ... say you know and explain that it is deliberate. ...
    (microsoft.public.pocketpc.wireless)
  • Re: WiFi at campsites
    ... haven't used the wireless card yet. ... With my new modem came a new agreement that only 5 family members can use my satellite. ... This at a place where free wifi was available at the lodge. ... Just begging for freeloaders if you leave an open wifi. ...
    (rec.outdoors.rv-travel)
  • Re: o2 customers risk prosecution due to security problem
    ... aware that o2 is supplying the routers and encouraging people to use them KNOWING there is a security problem. ... Yeah, I think they pushed out a password update using their TR069 platform - http://en.wikipedia.org/wiki/TR-069 ... We’ve found a new risk to your O2 Home Broadband Wireless Box, so we’ve set-up an extra password. ... Nothing else about your O2 Home Broadband service will change. ...
    (uk.telecom.broadband)
  • Re: Wireless at Osh
    ... They have wireless for their guests. ... Beware of ARP cache poisoning, ... Unless you are logging into a private VPN service through the open wifi ... connection they are not. ...
    (rec.aviation.piloting)