Posted by & filed under Security, Uncategorized.

I somewhat routinely find myself flabergasted by a lack of security in wifi networks I come across. The offender is usually a small business that is offering free wifi for customers. Don’t be afraid to test the security of the wifi you are using before you trust it. It may very well be that you care more about your security than the people who set it up.

Just two examples from the last 6 months..

I found myself sitting in a doctor’s office, using the free wifi. I was bored in the waiting room and so I opened overlook fing to see what was out there, and found the router with no password. Granted, at least it was on a separate network for guest wifi access only. So, it wasn’t exposing the internal office lan to wifi. But, it would allow anyone to hop on the linksys router and add host entries, redirect or maybe capture traffic. That’s a huge security problem for anyone using the wifi, and certainly not something they would expect from free wifi.

Another example: I recently stayed at a campground with wifi. They were using a ubiquity router, which is a pretty configurable and powerful device. It was no doubt installed by a consultant of some kind, as there were several of them mounted outdoors and there was some network configuration involved. But, it too had no password set! And worse, they had office machines on the same subnet, sharing large directories of documents with no password required. You have to make an extra effort to secure things that badly.

I always think.. This is a disaster waiting to happen! What if those documents contain personal information? Should I say something? Should I send an email later and hope they understand? Or, should I just walk away? The response will no doubt be at least some confusion, and perhaps even mistrust. “Don’t shoot the messenger” comes to mind.

This seems to be the status quo, unfortunately.

Be careful out there.