Canadian TV, Computing and Home Theatre Forums banner

1 - 20 of 20 Posts

·
Registered
Joined
·
1,986 Posts
Discussion Starter #1
No password on your Wi-Fi? This nightmare could happen to you

It was 6:20 a.m. March 7 when he and his wife were awakened by the sound of someone breaking down their rear door. He threw a robe on and walked to the top of the stairs, looking down to see seven armed people with jackets bearing the initials I-C-E, which he didn't immediately know stood for Immigration and Customs Enforcement.
Now the question I have is if there are any instances of this happening in Canada? All the instances cited in that article are in the US.
 

·
Member #1
Joined
·
47,683 Posts
I would never knowingly allow my WiFi connection to be used by someone outside my home and follow the recommended procedures for securing my network. It's so easy so why take any unnecessary chances?

Even in my home, I use the guest network functionality. Normally its turned off but if someone were to come over that needed Wifi, I can just it on for the short term and turn it off when they leave. Really not necessary nowadays since most people have 3G smartphones.
 

·
Registered
Joined
·
57 Posts
And always use WPA encryption with letters and symbols in the password!
A quick search will reveal just how easy it is to crack WEP passwords. WPA is also possible if you are using common words or number combinations as a password.
I once read an interesting statistic on how many people tend to use their phone number as their wireless password.
 

·
Registered
Joined
·
8,310 Posts
^^^^
You can get a very secure password from www.grc.com. Click on Services > Perfect Passwords. I use the alpha-numeric passwords, as some devices choke on some puncuation characters. Here's an sample password from that site:

THslmX9wf6WALi1IdWqNkCgRWB5Fh3sJQubRPzmL4or2DjfHMliYPVCXGWHaaII

Try and guess that one! Also, the best encryption to use is WPA2.
 

·
Premium Member
Joined
·
6,432 Posts
^^^^
This is a nice password...but sure sucks when you forget where you wrote it down after trying to get back in your router. I have one that uses numbers and letters but is easy (for me:)) to remember.

When I install one for friends of mine, I tell them to use a phrase that only them would remember. I have used phrases like "until the age of 10 i used to chew my nails and that stopped when my mom bought me shoes". I don't think that would be too easy to crack.
 

·
Registered
Joined
·
10,007 Posts
I am always amazed at just how many Wireless Routers are wide open.

Last Fall, I drove from Wasaga beach into Owen Sound along Hwy 26. I had with me a Laptop running Windows XP and a program called Net Stumbler, that locates and records Wireless networks.

When I arrived in Owen Sound I was stunned to see something over 250 Networks and approaching 100 that had Zero encryption.
 

·
Registered
Joined
·
384 Posts
Am amaze at the number of wi-fi network period. About two year ago I could only see around four now I pick up about 15. It not so bad only one is wide open. I got to say when my DSL Modem died last month and I waited three days for the fedex guy to show up I was really tempted...
 

·
Registered
Joined
·
248 Posts
Static IPs

My wireless router has no encryption running, I set the router for NO DHCP and add a static ip to all devices I have that run wireless....also turn off the broadcast of the SSID is good....so if you want to use my wireless access you better know something about TCP/IP setups...

:cool:
 

·
Registered
Joined
·
833 Posts
BadLag Bad advice if you think that's secure. It would take someone with just a basic knowledge of sniffers and IP a matter of minutes to find and connect to your network and figure out your IP address range.
 

·
Registered
Joined
·
57 Posts
^^^^^

Easily hacked by running kismet. This will show the hidden SSID name, MAC of the router and clients, and IP addresses of the clients. Even with MAC filtering enabled, all that is required is for the intruder to clone one of the client MAC and force a disconnect.

With that setup you are more secure using WEP encryption because it will take a minute or two longer to log on.

To really be secure you need at least WPA encryption and a password like JamesK has given as an example. Even using a password phrase like "brown dog jumped over log" is vulnerable with a dictionary attack.

EDIT: Just noticed Grog posted at the same time.
 

·
Registered
Joined
·
135 Posts
while taking the bus home from work, I war drive with my itouch. I have as of yet never found an open wifi signal in my area. And there are lot of wireless signals.
 

·
Registered
Joined
·
98 Posts
Even WPA security has been compromised. Currently, only WPA2-AES is uncompromised. As for disabling DHCP over wireless and disabling SSID (name) broadcast, it's useless, as stated above. The SSID is continued to be broadcast so users may connect automatically. And it's easy to discover the IP address on the network by using a tool like Wireshark (also stated above, by using other tools). Every computer on a network broadcasts to discover which is the MAC address of the gateway so it may send data to it.

Reference: http://www.networkworld.com/news/2008/110608-once-thought-safe-wpa-wi-fi.html
 

·
Registered
Joined
·
259 Posts
It's ridiculous how fast the goalposts are moved with RE: to wireless security and encryption. Most of us at least have a working knowledge of this stuff but MOST people I encounter are clueless. It's not their fault they don't know how to lock down their wireless connections. Take a look at your router's settings and imagine someone with a basic computer knowledge trying to navigate that. I help some older people a lot with their computers and its a breakthrough when they learn how to create a shortcut let alone get into that stuff. And then they can get into trouble because some yoyo downloads crap/porn/whatever by hacking their WPA encryption? This is where I think the war on child porn (the one that is most frequently on the news) has got out of hand. They tried to nail some old guy and his wife here in Ottawa after someone used their connection for just this purpose. I get chills thinking about how this can be abused..since the cops don't really care that they smeared this guy..they just want that televised PR event showing what a terrific job they are doing keeping us safe from pornographers.

Technology has gotten way ahead of most average people and they are stumbling around in the dark thinking they are safe online. Now you need WPA2 to be TRULY safe. Til someone cracks that tomorrow? In the meantime, good intentioned people are getting scarred for life because some hacker can get around their defenses. We all know that the web in inherently insecure and probably always will be. But the guy getting his door kicked down thought he was going to be able to talk to his grandkids on the coast instead of some stormtrooper with an elevated sense of importance. Grrrrrrrr.
 

·
Registered
Joined
·
50 Posts
I don't think that armed stormtroopers invading a home in response a suspected non-violent crime is reason to take pains to secure my wireless router , I think it's a reason to loudly protest fascist police state tactics and wildly over zealous law enforcement techniques.
 

·
Registered
Joined
·
8,310 Posts
^^^^
Hah!

I got you beat! Mine would take about 52 tresvigintillion years! That's about 200 times longer than yours.

BTW, I wonder what they'll do with all the passwords they'll be able to collect? ;-)
 

·
Registered
Joined
·
846 Posts
Who know's or cares... maybe you'd trust Microsoft's tool instead security/password-checker lol.

I use LastPass on my browser and read that they may have been hacked last week which is more of a concern for me. But I would think their are bigger fish like Sony. The average guy has to worry more about his neighbors kid more than anyone else I would think.
 

·
Registered
Joined
·
24 Posts
How is "brown dog jumped over log" vulnerable? Sure it's made up of English words, but it's not a well known phrase, the attackers have no idea how long the passphrase is (anywhere from 1 to 63 chars), I just don't understand how a dictionary attack would work.
 

·
Registered
Joined
·
7,131 Posts
For starters it's all lower case English alphabetic letters which provides a relatively small set of characters to choose from. For another, it's all relatively short English words which narrows it down a very small set of predefined code words. For yet another, it follows the basic layout of English grammar which narrows the set of words even further. For even another, the phrase is not very long. Never mind that it sounds very similar to a well known phrase that would be one of the very early guesses by a well programmed cracking algorithm. This would be cracked easily by a determined attacker. Fortunately, most peoples' systems are not subjected to such attacks.
 

·
Registered
Joined
·
833 Posts
^^^^
BTW, I wonder what they'll do with all the passwords they'll be able to collect? ;-)
A dictionary attack is similar to a brute force attack except that they are working from a database of passwords. Some of these databases are millions of passwords that they collect using a variety of means. It doesn't seem that far fetched that some of these "test my password" sites are there primarily for that purpose. It costs next to nothing to throw up a website these days so it's not like it's a big effort or expense for them to do it. Also keep in mind that they have your IP address as well which may help narrow down your location, particularly if you use cable internet.

I know the risk is ultimately minimal but I still wouldn't trust handing over my password to some unknown website with unknown intentions. I know it's plenty complex without some site to tell me how many gazillion years it will take to crack.
 
1 - 20 of 20 Posts
Top