Security (was Re: [TriLUG] who else is experimenting with the sharp zaurus?)

Andrew C. Oliver acoliver at apache.org
Fri May 17 12:28:08 EDT 2002 

M. Mueller wrote:

>On Friday 17 May 2002 11:31 am, <Andrew C. Oliver> wrote:
>
>  
>
>>Lets talk likelyhood per amount of effort.  Its fairly unlikely I'd be a
>>target due to the pure lack of gain.  
>>    
>>
>
>Identity theft is the concern.  Unsecure wireless networks could provide 
>enough information about a person to impersonate them.  By impersonating 
>someone you can get a line of credit and leave the real indentity owner with 
>the responsibility of paying off the bills.  
>  
>
And the amount of effort you'd need to go through to get this out of my 
wireless network versus just walk by and pick up my garbage kind of make 
me less concerned about that.

>I personally know someone to whom this happened.  It takes months to 
>staighten things out.  You are assumed to be lying every step of the way.  
>You have few advocates on your side. I have no idea how the identity was 
>stolen.  But I see wireless LANs as good place to start harvesting 
>information.  
>  
>
Over wireless?

>Awareness of the risk and being paranoid and being vigilant when using 
>wireless technology should be enough to prevent evil for the group that hangs 
>out here.  The larger problem is for the technically uninformed users that 
>will plug in the wireless net card and start paying bills over the Internet 
>without proper precautions.
>  
>
one can take it a bit far.  I'm just saying its not the day to panic 
yet.  I'd bet you've got a better chance of getting struck by lightning 
right now then some unmarked van driving in front of your house with a 
packet sniffer.  You've got a far better chance of someone hacking your 
ISP and listening there (especially if they use Windoze).

>There is faith in technology at work here.  When a card is plugged in and 
>encryption processes are run you believe that everything is working, but 
>unless you have quality assurances mechanisms in place, how do you really 
>know the security claims are working as advertised?  What is the chance 
>that an accident will compromise your security?
>
>  
>
No...just analysis and prioritization of risks.  As the risk increases, 
it receives a higher priority.  Right now I'd be more worried about how 
well my wired firewall was working than my wireless.  Later?  Maybe that 
will change.

More information about the TriLUG mailing list