Did anyone else catch the Warchalking story on Marketplace today?
I'm a bit puzzled that the approached it as a "hacking" story. They don't get it, either, I guess.
*sigh*
Posted by jzawodn at October 01, 2002 06:54 PM
*grumble* I missed it, and I normally listen to marketplace (left work early so wasn't driving home t the usual time).
It's online [1], fast forward to 22:18.
Whether it's hacking depends on your perspective, I suppose. Using surplus Internet bandwidth is one thing, but getting access to a corporate network from your van outside is a real problem that I never hear mentioned in these stories.
If a company installed a RJ45 Ethernet jack on the outside of their building, and people came by, plugged in their laptop, and checked their Yahoo! Mail, maybe that's just a nice company who believes in free access, etc. But what if someone ran a port scanner against all the computers inside while checking their mail? What stops them from doing something like that? How about all those Windows 2000 machines in the company with an "Administrator" account with no password?
Now take away the wires. The company didn't install the jack, so they don't know (though they should) that they're providing access to their corporate network to the outside. All their fancy firewalling doesn't mean anything; I'm browsing your network, and you don't know about it.
If you're running a WAP on a corporate network, you either set up the strongest encryption you can with tight security controls, or consider yourself having installed a bunch of Ethernet jacks on the outside of the building.
I'm all for free wireless access to the Internet (only!) within 802.11b-shot of libraries, post offices, or your local Starbucks (seems that like would be a pretty wide range in many cities), but exploiting corporate security problems so you can blog from a park bench is a little shady.
Warchalking just gives people a shortcut to know which companies have their pants around their ankles. The problem lies with the people running the wireless network. If companies don't like warchalking, they should leave the chalk up outside and fix the problem inside. The chalk will disappear on its own.
[1] - http://www.marketplace.org/play/audio.php?media=/2002/10/01_mpp
I heard it and was in it. It was pretty disappointing. I found it funny when they said "these probably appeals to the same people who think GNU/Linux is the best thing since sliced bread" like GNU/Linux was some evil thing.