If I tell my WEP key to a friend at my place who has a PC , would that 
give him access to the files on my Mac?

On Sat, 14 Mar 2009 09:12:40 -0400, Robert Montgomery wrote
(in article <c3Oul.16692$Db2.11015@edtnps83>):

> If I tell my WEP key to a friend at my place who has a PC , would that 
> give him access to the files on my Mac?

No.


-- 
email to oshea dot j dot j at gmail dot com.

Robert Montgomery <info-block@northern-data-tech.net> wrote:

> If I tell my WEP key to a friend at my place who has a PC , would that
> give him access to the files on my Mac?

No, that would let him use your internet wirelessly. To give someone
access to files on your Mac, you have to turn on file sharing and give
them your user password, too. Depending on which Mac OS version you're
running, you'd separately have to enable Windows sharing.

-- 
<http://designsbymike.net/shop/mac.cgi> Mac and geek T-shirts & gifts
<http://designsbymike.net/shop/prius.cgi> Prius shirts/bumper stickers
<http://designsbymike.net/shop/dance.cgi> Ballroom dance shirts & gifts

In article <1iwkapz.crpcf110lui4gN%mikePOST@TOGROUPmacconsult.com>,
 mikePOST@TOGROUPmacconsult.com (Mike Rosenberg) wrote:

> > If I tell my WEP key to a friend at my place who has a PC , would 
> > that give him access to the files on my Mac?
> 
> No, that would let him use your internet wirelessly. To give someone 
> access to files on your Mac, you have to turn on file sharing and 
> give them your user password, too. Depending on which Mac OS version 
> you're running, you'd separately have to enable Windows sharing.

Wouldn't File Sharing give him access to the Shared folder and the 
Users' public folders even without the password?

-- 
It's now time for healing, and for fixing the damage the GOP did to America.

In article <michelle-344E85.07283514032009@mara100-84.onlink.net>,
 Michelle Steiner <michelle@michelle.org> wrote:

> In article <1iwkapz.crpcf110lui4gN%mikePOST@TOGROUPmacconsult.com>,
>  mikePOST@TOGROUPmacconsult.com (Mike Rosenberg) wrote:
> 
> > > If I tell my WEP key to a friend at my place who has a PC , would 
> > > that give him access to the files on my Mac?
> > 
> > No, that would let him use your internet wirelessly. To give someone 
> > access to files on your Mac, you have to turn on file sharing and 
> > give them your user password, too. Depending on which Mac OS version 
> > you're running, you'd separately have to enable Windows sharing.
> 
> Wouldn't File Sharing give him access to the Shared folder and the 
> Users' public folders even without the password?

But File Sharing isn't on by default.  And you typically don't put 
anything in those folders unless you WANT others to have access to them.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Barry Margolin <barmar@alum.mit.edu> wrote:

> > Wouldn't File Sharing give him access to the Shared folder and the 
> > Users' public folders even without the password?
> 
> But File Sharing isn't on by default.  And you typically don't put 
> anything in those folders unless you WANT others to have access to them.

The Shared folder in Users is for access by multiple users on the same
computer, and things often get placed in there without a user realizing
it. That's where the GarageBand demo songs are installed, for example.

-- 
<http://designsbymike.net/shop/mac.cgi> Mac and geek T-shirts & gifts
<http://designsbymike.net/shop/prius.cgi> Prius shirts/bumper stickers
<http://designsbymike.net/shop/dance.cgi> Ballroom dance shirts & gifts

In article <barmar-90FFC2.11454014032009@mara100-84.onlink.net>,
 Barry Margolin <barmar@alum.mit.edu> wrote:

> > > No, that would let him use your internet wirelessly. To give 
> > > someone access to files on your Mac, you have to turn on file 
> > > sharing and give them your user password, too. Depending on which 
> > > Mac OS version you're running, you'd separately have to enable 
> > > Windows sharing.
> > 
> > Wouldn't File Sharing give him access to the Shared folder and the 
> > Users' public folders even without the password?
> 
> But File Sharing isn't on by default.  And you typically don't put 
> anything in those folders unless you WANT others to have access to 
> them.

True on all counts. I was trying to point out that you don't have to 
give anyone your password to share files that you want to be shared.

-- 
It's now time for healing, and for fixing the damage the GOP did to America.

In article <c3Oul.16692$Db2.11015@edtnps83>,
 Robert Montgomery <info-block@northern-data-tech.net> wrote:

> If I tell my WEP key to a friend at my place who has a PC , would that 
> give him access to the files on my Mac?

BTW: WEP is easy to crack - if you can change to WPA or WPA2

HTH

Marc

-- 
remove bye and from mercial to get valid e-mail
<http://www.heusser.com>

In message <marc.heusser-55DC8A.01225415032009@news.uzh.ch> 
  Marc <marc.heusser@byeheusser.commercialspammers.invalid> wrote:
> In article <c3Oul.16692$Db2.11015@edtnps83>,
>  Robert Montgomery <info-block@northern-data-tech.net> wrote:

>> If I tell my WEP key to a friend at my place who has a PC , would that 
>> give him access to the files on my Mac?

> BTW: WEP is easy to crack - if you can change to WPA or WPA2

WEP is the pig latin of security.  Would you encode your bank account
info in pig latin?  No?  Well then, don't use WEP either.



-- 
Wally: That's my nickname, "Waly" with one el. 
Dilbert: Who calls you that?
Wally: Most people, they just don't realize it.

Mike Rosenberg wrote:
> Robert Montgomery <info-block@northern-data-tech.net> wrote:
> 
>> If I tell my WEP key to a friend at my place who has a PC , would that
>> give him access to the files on my Mac?
> 
> No, that would let him use your internet wirelessly. To give someone
> access to files on your Mac, you have to turn on file sharing and give
> them your user password, too. Depending on which Mac OS version you're
> running, you'd separately have to enable Windows sharing.

So I don't have to worry about other people in nearby apartments 
freeloading off of my Internet signal that I'm paying for?

Robert

In article <Cu2El.21281$Db2.3058@edtnps83>,
 Robert Montgomery <info-block@northern-data-tech.net> wrote:

> So I don't have to worry about other people in nearby apartments 
> freeloading off of my Internet signal that I'm paying for?

That's not "accessing your files," that's sharing your Internet 
connection. If they have your password, WEP or WPA or whatever, then 
yes, they can "freeload off of" your connection. That's what the 
password is for, to be given to those you want to share with. If they 
don't have a password, they can't share (although WEP is notoriously 
easy to crack).
-- 
Suddenly he realized that he was alone 
with a giant halfwit on a dark deserted street.
  -- Chester Himes

In article <Cu2El.21281$Db2.3058@edtnps83>,
 Robert Montgomery <info-block@northern-data-tech.net> wrote:

> Mike Rosenberg wrote:
> > Robert Montgomery <info-block@northern-data-tech.net> wrote:
> > 
> >> If I tell my WEP key to a friend at my place who has a PC , would that
> >> give him access to the files on my Mac?
> > 
> > No, that would let him use your internet wirelessly. To give someone
> > access to files on your Mac, you have to turn on file sharing and give
> > them your user password, too. Depending on which Mac OS version you're
> > running, you'd separately have to enable Windows sharing.
> 
> So I don't have to worry about other people in nearby apartments 
> freeloading off of my Internet signal that I'm paying for?
> 
> Robert

Well, WEP is readily cracked but if your neighbors are not too tech 
savvy, you should be OK.  You might consider stepping up to WPA or WPA2 
network security.

-- 
Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3  7BDA 71ED 6496 99C0 C7CF

On Sat, 11 Apr 2009 11:15:46 -0400, Robert Montgomery wrote
(in article <Cu2El.21281$Db2.3058@edtnps83>):

> Mike Rosenberg wrote:
>> Robert Montgomery <info-block@northern-data-tech.net> wrote:
>> 
>>> If I tell my WEP key to a friend at my place who has a PC , would that
>>> give him access to the files on my Mac?
>> 
>> No, that would let him use your internet wirelessly. To give someone
>> access to files on your Mac, you have to turn on file sharing and give
>> them your user password, too. Depending on which Mac OS version you're
>> running, you'd separately have to enable Windows sharing.
> 
> So I don't have to worry about other people in nearby apartments 
> freeloading off of my Internet signal that I'm paying for?
> 
> Robert
> 
> 

WEP can be cracked in under 5 minutes. Real pros can crack it in less than 2. 
I think that the record is under 90 seconds. 
<http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is much  
harder to crack.

-- 
email to oshea dot j dot j at gmail dot com.

J.J. O'Shea 
> WEP can be cracked in under 5 minutes. Real pros can crack it in less than 2. 
> I think that the record is under 90 seconds. 
> <http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is much  
> harder to crack.

You failed to say that only a few people in the world--a handful of
hobbyists and a handfull of pros--know how to break WEP. The remainder
couldn't break WEP in the age of the Universe. The odds against one's
neighbors being able to break WEP are astronomically high. Indeed,
there are are so many open networks in apartment buildings that the
odds are that one's neighbors don't /know/ about WEP or WPA or don't
know how to implement it.

Davoud

-- 
usenet *at* davidillig dawt com

On Sat, 11 Apr 2009 15:28:07 UTC, Warren Oates 
<warren.oates@gmail.com> wrote:

> In article <Cu2El.21281$Db2.3058@edtnps83>,
>  Robert Montgomery <info-block@northern-data-tech.net> wrote:
> 
> > So I don't have to worry about other people in nearby apartments 
> > freeloading off of my Internet signal that I'm paying for?
> 
> That's not "accessing your files," that's sharing your Internet 
> connection. If they have your password, WEP or WPA or whatever, then 
> yes, they can "freeload off of" your connection. That's what the 
> password is for, to be given to those you want to share with. If they 
> don't have a password, they can't share (although WEP is notoriously 
> easy to crack).


But if someone has your WEP key (or WPA, WPA2, etc), they are 
essentially INSIDE your network.  Makes it easier for someone to 
attempt to break into your computer, since they are inside the NAT 
firewall you should have between your computer and the internet.

On my personal system, I have 3 incoming ports open, limiting attack 
vectors like file sharing.  SSH, which goes to my Linux system  (just 
one account allowed, and it isn't root), an opensource VPN system 
(which if I need I will connect via SSH first, and startup), and HTTP 
(to my Linux box, and right now it is unused).

I use the SSH to get to my Mac's remote sharing.  I ssh in from my old
Windows laptop, redirecting X, then run vncviewer to the Mac from 
there.  That way I don't have VNC running in the clear, and I can 
compress the data using SSH.

On Sat, 11 Apr 2009 18:38:34 UTC, Davoud <star@sky.net> wrote:

> J.J. O'Shea 
> > WEP can be cracked in under 5 minutes. Real pros can crack it in less than 2. 
> > I think that the record is under 90 seconds. 
> > <http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is much  
> > harder to crack.
> 
> You failed to say that only a few people in the world--a handful of
> hobbyists and a handfull of pros--know how to break WEP. The remainder
> couldn't break WEP in the age of the Universe. The odds against one's
> neighbors being able to break WEP are astronomically high. Indeed,
> there are are so many open networks in apartment buildings that the
> odds are that one's neighbors don't /know/ about WEP or WPA or don't
> know how to implement it.
> 
> Davoud
> 

I can accept that there are probably not a large number of people who 
understand the principle in breaking it.  But don't tools like this 
circulate among the hacker (in the bad sense) community so even people
who don't understand it can still use it.  "Script Kiddies".

In article <KIRoJuEXw9g9-pn2-T3D1crEHQlwH@localhost>,
 "Kevin K" <kevink4@gmail.com> wrote:

> On Sat, 11 Apr 2009 18:38:34 UTC, Davoud <star@sky.net> wrote:
> 
> > J.J. O'Shea 
> > > WEP can be cracked in under 5 minutes. Real pros can crack it in less 
> > > than 2. 
> > > I think that the record is under 90 seconds. 
> > > <http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is 
> > > much  
> > > harder to crack.
> > 
> > You failed to say that only a few people in the world--a handful of
> > hobbyists and a handfull of pros--know how to break WEP. The remainder
> > couldn't break WEP in the age of the Universe. The odds against one's
> > neighbors being able to break WEP are astronomically high. Indeed,
> > there are are so many open networks in apartment buildings that the
> > odds are that one's neighbors don't /know/ about WEP or WPA or don't
> > know how to implement it.
> > 
> > Davoud
> > 
> 
> I can accept that there are probably not a large number of people who 
> understand the principle in breaking it.  But don't tools like this 
> circulate among the hacker (in the bad sense) community so even people
> who don't understand it can still use it.  "Script Kiddies".

What's the chance that your neighbors are "among the hacker community"?  
I guess it depends on your neighborhood.  I've heard people talk about 
war-driving, looking for open WiFi signals.  But there are millions of 
streets in America, and how many war-drivers?  What's the chance they'll 
ever be on your street?

I'm not saying that you should use WEP if you can easily upgrade to WPA.  
But if you have some reason to use WEP (an old router or wireless game 
adapter that doesn't do WPA), I don't think you're taking an 
unacceptable risk.

-- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

In article <grqeu802j9c@news7.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

> WEP can be cracked in under 5 minutes.

OP: Try Kismac if you want to see for yourself.
Easy Mac user interface for cracking WEP.
Use of weak encryption is strongly discouraged because it gives a false 
sense of security.
802.11i (WPA2) is a good standard, use this if you can.
WEP was broken from the start, security experts were absent from the 
specification. See wikipedia for a good start:
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
http://en.wikipedia.org/wiki/WPA2#WPA2


HTH

Marc

-- 
remove bye and from mercial to get valid e-mail
<http://www.heusser.com>

On 4/11/09 2:38 PM, "Davoud" <star@sky.net> wrote:

> You failed to say that only a few people in the world--a handful of
> hobbyists and a handfull of pros--know how to break WEP. The remainder
> couldn't break WEP in the age of the Universe. The odds against one's
> neighbors being able to break WEP are astronomically high.

No, the odds are that almost anyone who wants to can break WEP. All it takes
is the ability to search out and download a tool that already embodies the
"how-to." It is not necessary for the attacker to understand the technical
aspects.

The odds of someone in range of your signal wanting to break into your
network is a different question.

Alos, the risk is not just someone freeloading on you connection. If
something illegal was done through you ISP connecting, you could be in the
uncomfortable position of explaining how this happened.

On Sat, 11 Apr 2009 14:38:34 -0400, Davoud wrote
(in article <110420091438349784%star@sky.net>):

> J.J. O'Shea 
>> WEP can be cracked in under 5 minutes. Real pros can crack it in less than 
>> 2. 
>> I think that the record is under 90 seconds. 
>> <http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is much 
>>  
>> harder to crack.
> 
> You failed to say that only a few people in the world--a handful of
> hobbyists and a handfull of pros--know how to break WEP. The remainder
> couldn't break WEP in the age of the Universe. The odds against one's
> neighbors being able to break WEP are astronomically high. Indeed,
> there are are so many open networks in apartment buildings that the
> odds are that one's neighbors don't /know/ about WEP or WPA or don't
> know how to implement it.
> 
> Davoud
> 
> 

Sigh. See, for example, 
<http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-
networks.html> or <http://digg.com/apple/WEP_Hacking_with_KisMac_in_10mins> 
or 
<http://www.askstudent.com/hacking/how-to-crack-a-128-bit-wep-key-using-os-
x/> or, for the lazy, you can watch a YouTube video of the procedure here 
<http://www.youtube.com/watch?v=Y5Oy_aOyl98>.

Anyone who really wants to crack WEP and has access to the Internet can 
download tools to do it by simply doing a Google search, such as 'WEP crack 
mac'. Once they have the tools they can crack WEP inside of 5-10 minutes, 
depending on the quality of the keycode. Yes, a pro would do the same thing 
faster and wouldn't need to do a search first, but _anyone_, anyone at all, 
who can use Google can crack WEP on the first try using nothing but easily 
downloadable and completely free tools.

If you use WEP you might as well not have a security key at all. Anyone who 
wants to can crack it, so all you'll be doing is keeping out those who don't 
want to come in... and having no encryption will do that, too.

-- 
email to oshea dot j dot j at gmail dot com.

On Sat, 11 Apr 2009 15:31:03 -0400, Kevin K wrote
(in article <KIRoJuEXw9g9-pn2-T3D1crEHQlwH@localhost>):

> On Sat, 11 Apr 2009 18:38:34 UTC, Davoud <star@sky.net> wrote:
> 
>> J.J. O'Shea 
>>> WEP can be cracked in under 5 minutes. Real pros can crack it in less than 
>>> 2. 
>>> I think that the record is under 90 seconds. 
>>> <http://www.theregister.co.uk/2007/05/15/wep_crack_interview/>. WPA is 
>>> much  
>>> harder to crack.
>> 
>> You failed to say that only a few people in the world--a handful of
>> hobbyists and a handfull of pros--know how to break WEP. The remainder
>> couldn't break WEP in the age of the Universe. The odds against one's
>> neighbors being able to break WEP are astronomically high. Indeed,
>> there are are so many open networks in apartment buildings that the
>> odds are that one's neighbors don't /know/ about WEP or WPA or don't
>> know how to implement it.
>> 
>> Davoud
>> 
> 
> I can accept that there are probably not a large number of people who 
> understand the principle in breaking it.  But don't tools like this 
> circulate among the hacker (in the bad sense) community so even people
> who don't understand it can still use it.  "Script Kiddies".

Oh, yes there are. KisMac, for example, is free and easy to download. You can 
get it from <http://kismac.en.softonic.com/mac>. Or you can find it here 
<http://www.macshadows.com/forums/index.php?showtopic=8641>, scroll to the 
end and use one of the links there.

Anyone who thinks that this stuff is hard to get or to use is living in a 
dream world.

-- 
email to oshea dot j dot j at gmail dot com.

On Sun, 12 Apr 2009 10:52:49 -0400, Bob Haar wrote
(in article <C6077881.450A99%bobhaar@comcast.net>):

> On 4/11/09 2:38 PM, "Davoud" <star@sky.net> wrote:
> 
>> You failed to say that only a few people in the world--a handful of
>> hobbyists and a handfull of pros--know how to break WEP. The remainder
>> couldn't break WEP in the age of the Universe. The odds against one's
>> neighbors being able to break WEP are astronomically high.
> 
> No, the odds are that almost anyone who wants to can break WEP. All it takes
> is the ability to search out and download a tool that already embodies the
> "how-to." It is not necessary for the attacker to understand the technical
> aspects.
> 
> The odds of someone in range of your signal wanting to break into your
> network is a different question.

Correct. Most people don't want to do this kind of thing. On the other hand, 
war-driving exists. If _I_ wanted to do something I thought might attract 
attention from the wrong people, I'd not do it when connected to one of my 
networks. No, I'd find someone else's network. And a WEP setup wouldn't do 
more than slow me down.

> 
> Alos, the risk is not just someone freeloading on you connection. If
> something illegal was done through you ISP connecting, you could be in the
> uncomfortable position of explaining how this happened.
> 

There was this gentleman in Texas who had a WEP-'protected' network, and who 
returned from a trip to Colorado to find the Feds raiding his place. It turns 
out that it was a very good thing for him that he could prove that he'd been 
in Colorado 'cause the Feds had tracked down someone who'd posted kiddie porn 
using his IP... but only, it turns out, when he was out of state. It seems 
that someone who lived in his building had cracked his WEP key and made heavy 
use of his network when he was away, such heavy use that the bad guy didn't 
do it while he was at home for fear of being detected. (Yes, I have an app 
which monitors network traffic through my router, so yes I'd notice if 
someone was using my connection to upload or download a lot of stuff...)


-- 
email to oshea dot j dot j at gmail dot com.

J.J. O'Shea:
> >>> WEP can be cracked in under 5 minutes. Real pros can crack it in less
> >>> than 2. 

Davoud:
> >> You failed to say that only a few people in the world--a handful of
> >> hobbyists and a handfull of pros--know how to break WEP. The remainder
> >> couldn't break WEP in the age of the Universe. The odds against one's
> >> neighbors being able to break WEP are astronomically high. Indeed,
> >> there are are so many open networks in apartment buildings that the
> >> odds are that one's neighbors don't /know/ about WEP or WPA or don't
> >> know how to implement it.

KEVIN K:
> > I can accept that there are probably not a large number of people who 
> > understand the principle in breaking it.  But don't tools like this 
> > circulate among the hacker (in the bad sense) community so even people
> > who don't understand it can still use it.  "Script Kiddies".

J.J. O'Shea:
> Oh, yes there are. KisMac, for example, is free and easy to download...

> Anyone who thinks that this stuff is hard to get or to use is living in a 
> dream world.

And anyone who thinks that a significant number of people - their
neighbors - _want_ to get or use such software is living in a paranoid
world.

Davoud
Closed networks, WPA2

-- 
usenet *at* davidillig dawt com

In article <gs00ju216h9@news5.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

>
> Correct. Most people don't want to do this kind of thing. On the other hand, 
> war-driving exists. If _I_ wanted to do something I thought might attract 
> attention from the wrong people, I'd not do it when connected to one of my 
> networks. No, I'd find someone else's network. And a WEP setup wouldn't do 
> more than slow me down.
> 

   But my neighbor's open system would get them to leave me alone since 
they wouldn't even need to break it. (g).  

> > 
> > Alos, the risk is not just someone freeloading on you connection. If
> > something illegal was done through you ISP connecting, you could be in the
> > uncomfortable position of explaining how this happened.
> > 
> 
> There was this gentleman in Texas who had a WEP-'protected' network, and who 
> returned from a trip to Colorado to find the Feds raiding his place. It turns 
> out that it was a very good thing for him that he could prove that he'd been 
> in Colorado 'cause the Feds had tracked down someone who'd posted kiddie porn 
> using his IP... but only, it turns out, when he was out of state. It seems 
> that someone who lived in his building had cracked his WEP key and made heavy 
> use of his network when he was away, such heavy use that the bad guy didn't 
> do it while he was at home for fear of being detected. (Yes, I have an app 
> which monitors network traffic through my router, so yes I'd notice if 
> someone was using my connection to upload or download a lot of stuff...)

-- 
If you're going to sin, sin against God, 
not the bureaucracy; God will forgive you 
but the bureaucracy won't.
  --Hyman G. Rickover 

In article <110420091438349784%star@sky.net>, Davoud  <aaa@bbb.ccc> wrote:
>
>You failed to say that only a few people in the world--a handful of
>hobbyists and a handfull of pros--know how to break WEP.

Knowledge can be and has been encapsulated in software.  Which means a
handful of hobbyists, a handful of pros, and a whole boatload of
script kiddies can break WEP.
-- 
It's times like these which make me glad my bank is Dial-a-Mattress

On Mon, 13 Apr 2009 15:01:27 -0400, Davoud wrote
(in article <130420091501251426%star@sky.net>):

> J.J. O'Shea:
>>>>> WEP can be cracked in under 5 minutes. Real pros can crack it in less
>>>>> than 2. 
> 
> Davoud:
>>>> You failed to say that only a few people in the world--a handful of
>>>> hobbyists and a handfull of pros--know how to break WEP. The remainder
>>>> couldn't break WEP in the age of the Universe. The odds against one's
>>>> neighbors being able to break WEP are astronomically high. Indeed,
>>>> there are are so many open networks in apartment buildings that the
>>>> odds are that one's neighbors don't /know/ about WEP or WPA or don't
>>>> know how to implement it.
> 
> KEVIN K:
>>> I can accept that there are probably not a large number of people who 
>>> understand the principle in breaking it.  But don't tools like this 
>>> circulate among the hacker (in the bad sense) community so even people
>>> who don't understand it can still use it.  "Script Kiddies".
> 
> J.J. O'Shea:
>> Oh, yes there are. KisMac, for example, is free and easy to download...
> 
>> Anyone who thinks that this stuff is hard to get or to use is living in a 
>> dream world.
> 
> And anyone who thinks that a significant number of people - their
> neighbors - _want_ to get or use such software is living in a paranoid
> world.

Laddie, all it takes is _one_ such neighbor. Just one. I _know_ that there 
are people out there who drive around looking for likely victims. It's called 
'war driving'. In the recent past, one such individual has been arrested near 
me, and at least three others have been caught in this county and the next 
one over. It ain't paranoia when they really are out to get you. But, by all 
means, use WEP yourself. Odds are that you will not be targeted... but as I'm 
using WPA, odds are that soft targets, such as _you_, will be targeted before 
someone tries to crack my networks. Having people like you around helps to 
protect my networks. Thanks for the assistance.

-- 
email to oshea dot j dot j at gmail dot com.

On Mon, 13 Apr 2009 15:12:45 -0400, Kurt Ullman wrote
(in article 
<kurtullman-F47C91.15124513042009@70-3-168-216.pools.spcsdns.net>):

> In article <gs00ju216h9@news5.newsguy.com>,
>  J.J. O'Shea <try.not.to@but.see.sig> wrote:
> 
>> 
>> Correct. Most people don't want to do this kind of thing. On the other 
>> hand, 
>> war-driving exists. If _I_ wanted to do something I thought might attract 
>> attention from the wrong people, I'd not do it when connected to one of my 
>> networks. No, I'd find someone else's network. And a WEP setup wouldn't do 
>> more than slow me down.
>> 
> 
>    But my neighbor's open system would get them to leave me alone since 
> they wouldn't even need to break it. (g).  

Yep. Crackers go for the low-hanging fruit first. Around here, the lowest is 
the McDonald's about 2 miles away, and the airport about five miles away. 
Both have totally unsecured wireless access points. There's one guy in the 
neighborhood who has an unsecured net, or did until Someone broke in, changed 
his router password, changed his WinBox's login, sorted his porn into 'lame', 
'lamer' and 'lamest', and turned on WPA... and didn't leave him the access 
key. (No, I didn't do it. I'd have erased his hard drive.) I suspect that 
certain people would call that guy paranoid, now that he's locked down his 
system with WPA, MAC address screening, no SSID, etc., etc., etc...(He paid 
me to max his security out...)


-- 
email to oshea dot j dot j at gmail dot com.

In article <gs05u401bhq@news5.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

> certain people would call that guy paranoid, now that he's locked down his 
> system with WPA, MAC address screening, no SSID, etc., etc., etc...(He paid 
> me to max his security out...)
 Is the SSID worth the extra effort both to hide it and then find it 
again if you want to add a computer? I have WPA but haven't done much 
else.

-- 
If you're going to sin, sin against God, 
not the bureaucracy; God will forgive you 
but the bureaucracy won't.
  --Hyman G. Rickover 

In article <130420091501251426%star@sky.net>, Davoud <star@sky.net> 
wrote:

> And anyone who thinks that a significant number of people - their
> neighbors - _want_ to get or use such software is living in a paranoid
> world.

[music ON, followed by voiceover]

Well, it's only paranoia if there's nobody there,
     nobody there, nobody there.
Yes, it's only paranoia if there's nobody there,
     nobody there aaaat allllllllll.

And there's *ALWAYS* *SOMEONE* there...

[special effects OFF]

In article
<kurtullman-95F843.16150013042009@70-3-168-216.pools.spcsdns.net>, Kurt
Ullman <kurtullman@yahoo.com> wrote:

>  Is the SSID worth the extra effort both to hide it and then find it 
> again if you want to add a computer? I have WPA but haven't done much 
> else.

wpa or wpa2 with a good passphrase is all that's needed.  the rest is
trivial to circumvent.

Fred Moore wrote:
> In article <130420091501251426%star@sky.net>, Davoud <star@sky.net> 
> wrote:
> 
>> And anyone who thinks that a significant number of people - their
>> neighbors - _want_ to get or use such software is living in a paranoid
>> world.
> 
> [music ON, followed by voiceover]
> 
> Well, it's only paranoia if there's nobody there,
>      nobody there, nobody there.
> Yes, it's only paranoia if there's nobody there,
>      nobody there aaaat allllllllll.
> 
> And there's *ALWAYS* *SOMEONE* there...
> 
> [special effects OFF]

As a good friend used to say, "Even paranoids have enemies".

-- 
john mcwilliams

Remember to pillage *before* you burn.

In article 
<kurtullman-95F843.16150013042009@70-3-168-216.pools.spcsdns.net>,
 Kurt Ullman <kurtullman@yahoo.com> wrote:

>  Is the SSID worth the extra effort both to hide it and then find it 
> again if you want to add a computer? I have WPA but haven't done much 
> else.

Good strong password and WPA is all you need. Hiding your SSID is 
totally meaningless and actually causes more harm than good; MAC 
spoofing/screening is also useless.
-- 
Suddenly he realized that he was alone 
with a giant halfwit on a dark deserted street.
  -- Chester Himes

In article <0027f163$0$14584$c3e8da3@news.astraweb.com>, Warren Oates
<warren.oates@gmail.com> wrote:

> Good strong password and WPA is all you need. Hiding your SSID is 
> totally meaningless and actually causes more harm than good; MAC 
> spoofing/screening is also useless.

hiding the ssid causes no harm.

In article <gs050401acn@news5.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

> On Mon, 13 Apr 2009 15:01:27 -0400, Davoud wrote:
> 
> > J.J. O'Shea:
> >
> > > Anyone who thinks that this stuff is hard to get or to use is living in a 
> > > dream world.
> > 
> > And anyone who thinks that a significant number of people - their neighbors 
> > - _want_ to get or use such software is living in a paranoid world.
> 
> Laddie, all it takes is _one_ such neighbor. Just one. I _know_ that there 
> are people out there who drive around looking for likely victims. It's called 
> 'war driving'. [...] Odds are that you will not be targeted... but as I'm 
> using WPA, odds are that soft targets, such as _you_, will be targeted before 
> someone tries to crack my networks. Having people like you around helps to 
> protect my networks. Thanks for the assistance.

Same principle, in fact, as locking the doors & windows and installing a 
monitored burglar alarm.  I don't think a significant number of people are 
burglars, and I certainly don't think my neighbors are burglars, but thieves 
don't stay in their own neighborhoods -- they roam the city looking for places 
that are easy to break into.

J.J. O'Shea <try.not.to@but.see.sig> wrote:

> If you use WEP you might as well not have a security key at all. Anyone who
> wants to can crack it, so all you'll be doing is keeping out those who don't
> want to come in... and having no encryption will do that, too.

I'd amend that slightly:

Using WEP is marginally better than no encryption at all because it
keeps other people from accidentally connecting to your WiFi network,
e.g. because they don't know what their own network is called and they
just picked the first WiFi network they could see. This seems to happen
a fair amount with unprotected networks.

Turning off SSID broadcast would achieve the same result but is
inconvenient.

Using WEP or turning off SSID broadcast won't stop anyone who actively
wants to access your network.

-- 
David Empson
dempson@actrix.gen.nz

On Mon, 13 Apr 2009 18:26:02 -0400, Warren Oates wrote
(in article <0027f163$0$14584$c3e8da3@news.astraweb.com>):

> In article 
> <kurtullman-95F843.16150013042009@70-3-168-216.pools.spcsdns.net>,
>  Kurt Ullman <kurtullman@yahoo.com> wrote:
> 
>> Is the SSID worth the extra effort both to hide it and then find it 
>> again if you want to add a computer? I have WPA but haven't done much 
>> else.
> 
> Good strong password and WPA is all you need. Hiding your SSID is 
> totally meaningless and actually causes more harm than good; MAC 
> spoofing/screening is also useless.
> 

Hiding the SSID makes life hard for you. Turning on MAC address screening 
makes it difficult to add new machines. Both are overkill on most networks, 
and can be overcome by someone who really wants to get in. I just have WPA on 
my personal network. However, as this guy had been bitten, he wanted the 
works. I gave it to him. He's got the most locked-down system in the 
neighborhood.

-- 
email to oshea dot j dot j at gmail dot com.

In article <gs0p0301oeb@news5.newsguy.com>, J.J. O'Shea
<try.not.to@but.see.sig> wrote:

> Hiding the SSID makes life hard for you. 

nonsense.  you type in the name and password once and it auto-connects
after that.  not hard at all.

In article <gs050401acn@news5.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

> Laddie, all it takes is _one_ such neighbor. Just one. I _know_ that there 
> are people out there who drive around looking for likely victims. It's called 
> 'war driving'. In the recent past, one such individual has been arrested near 
> me, and at least three others have been caught in this county and the next 
> one over. It ain't paranoia when they really are out to get you. But, by all 
> means, use WEP yourself. Odds are that you will not be targeted... but as I'm 
> using WPA, odds are that soft targets, such as _you_, will be targeted before 
> someone tries to crack my networks. Having people like you around helps to 
> protect my networks. Thanks for the assistance.

Where I live, there are a couple of international engineering companies 
who always have employees and customers staying for anything from 6 
weeks to 6 months, none of whom want to sign up for a year's contract 
with an ISP. I keep my wireless connection switched off.

-- 
Paul Sture

P. Sture:
> Where I live, there are a couple of international engineering companies 
> who always have employees and customers staying for anything from 6 
> weeks to 6 months, none of whom want to sign up for a year's contract 
> with an ISP. I keep my wireless connection switched off.

You live in a transient hotel?

Even so, WPA2 will protect you as much as possible from those nasty
engineers. If they want your data bad enough they'll do a surreptitious
entry and clone your HD.

Davoud

-- 
usenet *at* davidillig dawt com

On Tue, 14 Apr 2009 00:48:43 -0400, nospam wrote
(in article <130420092148431451%nospam@nospam.invalid>):

> In article <gs0p0301oeb@news5.newsguy.com>, J.J. O'Shea
> <try.not.to@but.see.sig> wrote:
> 
>> Hiding the SSID makes life hard for you. 
> 
> nonsense.  you type in the name and password once and it auto-connects
> after that.  not hard at all.

Harder than not having to type the name and password at all...

-- 
email to oshea dot j dot j at gmail dot com.

In article <gs5d5l1cro@news2.newsguy.com>, J.J. O'Shea
<try.not.to@but.see.sig> wrote:

> >> Hiding the SSID makes life hard for you. 
> > 
> > nonsense.  you type in the name and password once and it auto-connects
> > after that.  not hard at all.
> 
> Harder than not having to type the name and password at all...

typing it once is such a hardship?

On Tue, 14 Apr 2009 10:02:52 -0400, Davoud wrote
(in article <140420091002524458%star@sky.net>):

> P. Sture:
>> Where I live, there are a couple of international engineering companies 
>> who always have employees and customers staying for anything from 6 
>> weeks to 6 months, none of whom want to sign up for a year's contract 
>> with an ISP. I keep my wireless connection switched off.
> 
> You live in a transient hotel?

Laddie, when I worked for a large international company we often had to 
travel to various locations on a semi-regular basis. I was based in Jamaica, 
but would often spend a week or a few weeks in St Lucia or Barbados or 
Trinidad, and during one glorious nine-month period I spent a total of 11 
weeks on four trips in Lagos, Nigeria. The company rented a house or two in 
each location; _I_ personally might not be there for long, but _someone_ 
would be there at least part of any one month. In our particular case, the 
company also paid for internet service for the rental house for the full 
year, because we needed such service to do our jobs. I can easily see where a 
company might rent a house, or an apartment... and _not_ pick up the internet 
service if such service was _not_ necessary for the job.

You're being silly. Again.

> 
> Even so, WPA2 will protect you as much as possible from those nasty
> engineers. If they want your data bad enough they'll do a surreptitious
> entry and clone your HD.

In this case, it's not the data, and you know it. It's the connection. They 
want a high-speed connection, free. He's unwilling to provide such a 
connection, and reasonably so.



-- 
email to oshea dot j dot j at gmail dot com.

On Wed, 15 Apr 2009 16:07:25 -0400, nospam wrote
(in article <150420091307251687%nospam@nospam.invalid>):

> In article <gs5d5l1cro@news2.newsguy.com>, J.J. O'Shea
> <try.not.to@but.see.sig> wrote:
> 
>>>> Hiding the SSID makes life hard for you. 
>>> 
>>> nonsense.  you type in the name and password once and it auto-connects
>>> after that.  not hard at all.
>> 
>> Harder than not having to type the name and password at all...
> 
> typing it once is such a hardship?

Once per machine. It gets irritating, rapidly. And the irritation outweighs 
the degree of protection it provides, at least in my opinion. Particularly 
when that protection is so easily bypassed by someone who knows what they're 
doing. It's like WEP: it adds little or nothing, and it's easily bypassed, 
and all you're really doing is inconveniencing legitimate users. Yes, you're 
only doing it once per machine, but you're still doing it... and to no 
significant effect. If doing it was of actual value, then no problem. As it 
is... well, if you want to go to the trouble, go for it.

-- 
email to oshea dot j dot j at gmail dot com.

In article <140420091002524458%star@sky.net>, Davoud  <aaa@bbb.ccc> wrote:
>P. Sture:
>> Where I live, there are a couple of international engineering companies 
>> who always have employees and customers staying for anything from 6 
>> weeks to 6 months, none of whom want to sign up for a year's contract 
>> with an ISP. I keep my wireless connection switched off.
>
>You live in a transient hotel?
>
>Even so, WPA2 will protect you as much as possible from those nasty
>engineers. If they want your data bad enough they'll do a surreptitious
>entry and clone your HD.

Why bother?  The guy from AT&T put a transparent proxy on his incoming
line months ago.  The group from RSA added a MITM module for the
secure stuff during a particularly boring conference a while back,
using a compromised root certificate.  We've got his screen up 24/7 in
the engineers lounge, where his credit cards and bank accounts pay for
all the refreshements.

Wireless? Who needs it.

-- 
It's times like these which make me glad my bank is Dial-a-Mattress

In article <gs5j2k11uke@news6.newsguy.com>,
 J.J. O'Shea <try.not.to@but.see.sig> wrote:

> On Tue, 14 Apr 2009 10:02:52 -0400, Davoud wrote
> (in article <140420091002524458%star@sky.net>):
> > 
> > Even so, WPA2 will protect you as much as possible from those nasty
> > engineers. If they want your data bad enough they'll do a surreptitious
> > entry and clone your HD.
> 
> In this case, it's not the data, and you know it. It's the connection. They 
> want a high-speed connection, free. He's unwilling to provide such a 
> connection, and reasonably so.

You have it in a nutshell. It isn't just a matter of bandwidth (though 
that counts) but the idea that my IP address could be used to access 
dodgy or illegal sites.

-- 
Paul Sture