<div dir="ltr"><div style>Locked wifi considered harmful</div><div style><br></div><a href="https://www.eff.org/deeplinks/2011/04/open-wireless-movement">https://www.eff.org/deeplinks/2011/04/open-wireless-movement</a><br>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Mar 22, 2013 at 3:41 PM, Vince Herried <span dir="ltr"><<a href="mailto:vherried@gmail.com" target="_blank">vherried@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">A European friend sent me a link to this document.<br>The introduction reads:<br><br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
Two years ago while spending some time with the Nmap Scripting Engine
(NSE) someone mentioned that we should try the classic telnet login
root:root on random IP addresses. This was meant as a joke, but was
given a try. We started scanning and quickly realized that there should
be several thousand unprotected devices on the Internet. <br>
<br>
After completing the scan of roughly one hundred thousand IP
addresses, we realized the number of insecure devices must be at least
one hundred thousand. Starting with one device and assuming a scan speed
of ten IP addresses per second, it should find the next open device
within one hour. The scan rate would be doubled if we deployed a scanner
to the newly found device. After doubling the scan rate in this way
about 16.5 times, all unprotected devices would be found; this would
take only 16.5 hours. Additionally, with one hundred thousand devices
scanning at ten probes per second we would have a distributed port
scanner to port scan the entire IPv4 Internet within one hour.</blockquote><br><br>Here is a link the the paper.<br><a href="http://internetcensus2012.bitbucket.org/paper.html" target="_blank">http://internetcensus2012.bitbucket.org/paper.html</a><br>
<br>Do we believe it or not?<br>If this is true is there any wonder that we have so many news accounts of some sophisticated hacker<br>getting into secure accounts.<br><br>My own personal observation showed that huge numbers of WIFI sites are still open.<br>
When I walk my neighborhood and see names like belkin54g, dlink, linksys, NETGEAR. I know I'm only a few steps <br>away from another WIFI hot spot. There is some hope, it appears that most newer WIFI routers that folks get from their ISP are password protected by default but all those old machines are still working just fine. The ones the home owner buys from Micro Center appear to be open. <br>
<br>Has any one bought a WIFI router and found them to be password enabled by default. A password based on<br>the serial number of the device maybe so one can't enter an account name and password directly from the owners manual.<br>
<br>If you want to gain access to for instance a linksys router, search the web for the account id and password.<span class="HOEnZb"><font color="#888888"><br><br><br><br>-- <br>Vince's outgoing mail address
</font></span><br>_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
<br></blockquote></div><br></div></div>