Re: Wireless security

On Sun, 25 Nov 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <l152j.23417$j7.443911@xxxxxxxxxxxxxx>, Timothy Murphy wrote:

Moe Trin wrote:

|> Timothy Murphy wrote:

so we are talking of someone in a car lurking somewhere in the
vicinity, choosing my computer system to break into,

Very little choosing about it - more random chance than anything.

But why would anyone go to the trouble?

Good question - perhaps they don't want to have "the guys in the
Black Helicopter Squadron" know they've been surfing pr0n sites
(or it just as easily could be Mommy, or the wife/husband), or maybe
they really do have something that could/would be illegal or might
embarrass them were it known they were doing so..

I don't know where you live,

Phoenix, Arizona, USA (about 360 miles/600 KM East of Los Angeles)

but it is quite a serious offence here (and everywhere in the EU, I
think) to break into a computer system.

It is a crime in many jurisdictions. But so is rape, murder, robbery and
hundreds of other specific crimes, and that doesn't seem to eliminate the
occurrence of such actions. With a casual look at Usenet postings, you'll
see exceptionally rare mention of arrest (and not even that many mentions
of actual 'conviction') for gaining unauthorized access to a computer.
Those that you do see are generally caught by pure chance, and (at least
the one's I can remember) are not the are not the 'bright' ones.

You mean some ten-year-old who can use any search engine?

Again, I very much doubt if there are any 10 year olds in Dublin
with the knowledge and desire to do this.

I suspect you may be a bit trusting - but I have no specific knowledge
either way. Looking at the headers for the last five days in the
newsgroup 'alt.internet.wireless', I don't see someone posting using a
'.ie>$' username, but that's not very meaningful given name munging.

I would say that there are far less than 1000 people in Dublin
with the ability to do this (most of them college students),
and of those less than a dozen would go round trying to break into
random computer systems.
And of those, 90% would choose a system with a large number of users -
a college system, in fact.

Which is so some extent normal (especially if there is a CS group),
but the home user is an easier target, and the chance of being caught
is nearly non-existent.

Say there are 2 million computers in Dublin.
The probability of someone trying to break into mine
I would estimate at less that 0.001% per year.
It's not worth worrying about risks that low.

Well, that 0.001% per year is twenty a year in that example, so the
'"dozen" times 10 percent' individual is active. ;-)

I regard most of the worry about WiFi security
as part of the general paranoia about security
which seems to have overtaken the world since 9/11.

Is that why no one is using the Berkeley 'r' commands (rsh, rcp, rlogin,
and so on) any more? Or could that general concern predate things a bit.

Rational security policy must take some account
of the statistical probability of hostile action.

If that action can be prevented (or at least the risk minimized) at no
cost, why not? Most "modern" systems come with SSL, which has virtually
eliminated use of 'telnet'. Likewise, most modern systems come with WPA
authentication capability. Why not use it?

Old guy
.