I'm quite thankful for a few unsecure networks atm, although I always use WPA2 level encryption on any networks I set up, including those in PG's kind of situation.

No it doesn't, you have to switch on file sharing, then once you've switched on file sharing, to connect to it, you need to know the password for the account you're trying to access.

You'd like to thing so...What if someone finds an exploit that Apple/whoever haven't yet patched (because they don't know about it)?

If you share a lot of files around your home, you are likely to leave file sharing on all the time. Surely form there a hacker just needs to snoop the network, decrypt usernames and passwords and then they can access said Mac/computer? Also, many home users use the same usernames and passwords on all their home computers, so gain access to one may mean access to all the others.

+1

There are programmes that are readily available to detect wifi networks not broadcasting their SSID Clicky. Microsoft say it is highly recommended that you do not use non-broadcast (where Windows clients are used?) wireless networks.

Microsoft Technet article
Why Non-broadcast Networks are not a Security Feature

Wireless security consists of two main elements: authentication and encryption. Authentication controls access to the network and encryption ensures that malicious users cannot determine the contents of wireless data frames. Although having users manually configure the SSID of a wireless network in order to connect to it creates the illusion of providing an additional layer of security, it does not substitute for either authentication or encryption.

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

Therefore, using non-broadcast networks compromises the privacy of the wireless network configuration of a Windows XP or Windows Server 2003-based wireless client because it is periodically disclosing its set of preferred non-broadcast wireless networks. When non-broadcast networks are used to hide a vulnerable wireless network—such as one that uses open authentication and Wired Equivalent Privacy—a Windows XP or Windows Server 2003-based wireless client can inadvertently aid malicious users, who can detect the wireless network SSID from the wireless client that is attempting to connect. Software that can be downloaded for free from the Internet leverages these information disclosures and targets non-broadcast networks.

This behavior is worse for enterprise wireless networks because of the number of wireless clients that are periodically advertising the non-broadcast network name. For example, an enterprise wireless network consists of 20 wireless APs and 500 wireless laptops. If the wireless APs are configured to broadcast, each wireless AP would periodically advertise the enterprise’s wireless network name, but only within the range of the wireless APs. If the wireless APs are configured as non-broadcast, each of the 500 Windows XP or Windows Server 2003-based laptops would periodically advertise the enterprise’s wireless network name, regardless of their location (in the office, at a wireless hotspot, or at home).

For these reasons, it is highly recommended that you do not use non-broadcast wireless networks. Instead, configure your wireless networks as broadcast and use the authentication and encryption security features of your wireless network hardware and Windows to protect your wireless network, rather than relying on non-broadcast behavior.

Yeah, how simple. I'm sure there are thousands of people with the ability to do that!

I'm not anti-security at all, but I do think that an awful lot of people overestimate both the amount of hackers out there and the importance of the files on their computers. My computer certainly doesn't have anything that would be of the remotest interest to a hacker and given the effort it would take to break into it, I can't see them bothering.

So, I have to worry about a terrorist or pedophile coming to my little town, driving down my side street, ignoring all the other unlocked networks, looking for my WEP protected network, then park his car on my drive and proceed to hack it. Once done they then use so far unknown software to access a hole in Apples software to gain access to my Mac.

Would it not be easier for them just to break in whilst I was away?

How many of you have your computer and backups protected against a break in? Surely this is a far more credible threat?

Not even that, some person parking on the street near your house can normally pick up a signal, can then go and commit electronic crime without you knowing, he wouldn't need to 'look' for your network, hidden SSID or not they are easy to pick up, and WEP can be cracked in under 10 mins

Might be easier to break in, but the risk of getting caught is slim to none electronically

My PC is password protected on the admin account, any critical data is backed up online on encrypted servers and I use bitlocker on other drives for security as a little extra level

Security is all about persuading the criminal to try someone elses instead of yours, as ANY encryption can be cracked, but the effort & time makes the difference to a criminal hacking you or someone else

It just takes a teenager with an interest in this sort of thing...I know a few people at uni that probably did similar things back in collage.



Behind three locked doors (or one locked upstairs window) and then locked to the bed or other furnature....
It's often said that some security is worse than no security, it could make out that you've got something interesting to hide...

As I said above, a coupld of teenagers could be out on a jolly and give it a go, they may do nothing distructive, but would you like them looking around your computer?

(Sorry for spelling mistakes...No spell checker at work )

Well there I agree. If you are in student digs with dozens of WiFi signals and dozens of PC literate students near at hand I would probably not even use WiFi.

If I was a business that had secrets I would go for security and a bloody big fence.

For most people though it is very much a non issue.


I would guess that few of you even put a password on your screen saver let alone put you computer into a safe at night. Physical access to you computer is the real risk. How many break-ins are there each year? How many computers stolen? For that matter how many laptops left on the train? Once they have physical access they have everything they need and they don't have to do it from a big van with blacked out windows with all the neighbours watching. You think WEP is broken easily? You should try getting into a door with a Yale lock on it.

My computer locks itself fairly reguarly, and I lock my computer if my hands are off the keyboard for more than a few minutes (although that, I guess, is a habit picked up from working in far too many schools!). My Macbook's fitted with tracker-type software, and is fairly well locked down in terms of keeping data secure until the hardware can be recovered. Obv. some people will decide it's worth doing, but with the tracker they also have to want to grab the data pretty fast and then ditch it. If it's the hardware they're after I'm even more protected.

I was early for my dentist appointment this afternoon, so rather than reading the Swine Flu scare posters, I decided to have a play on my iPhone. I found they had a completely unsecure wireless network, probably to allow the dentists' computers to all communicate with the reception desk. If I had the right equipment and software, I would imagine that I could access patient data through this method, which is worrying.

Peter.

Did you tell them what you'd discovered? They should be warned about the potential danger.

Nah, he's going back tomorrow with the "right" software and get the pretty receptionists home 'phone number!

1. Innocent people have been shot and killed because they were suspected terrorists. It's not likely to happen to you, but why invite the risk?

2. I don't associate with known terrorists, but it's such an obvious thing to do I can't believe "they" would be so backwards as to not do it. *

3. Even if your Mac is entirely secure, the data you send and receive isn't. Perhaps your IM and email aren't the most secret information in the world, but why broadcast it for anyone to see?

I simply can't understand why someone wouldn't switch on the security. All you have to do is think of a password and type it in. Why would you not do that? Why oh why oh why oh why?

Do you leave the door unlocked too? After all, being burgled is a horrible experience but in such a nice location it could never happen to you.

:edit:* a quick search revealed plenty of evidence:


source: http://www.theregister.co.uk/2008/08/01 ... ist_email/


Source:http://www.wired.com/dangerroom/2009/01/open-wi-fi-is-f/

I believe aiding terrorism is an act of treason or some such? So yes, expect the boys around to shoot you any minute.

I don't think the bleach-blonde receptionists would even understand what a wireless network was!

I can almost understand that sort of practice five years ago, before mobile phones with Wi-Fi, but they should at least secure it with WPA2 and stop it broadcasting to every Tom, Dick or Harry.


I do quite like the blonde bombshell of a receptionist now you mention it

Peter.