jdechko said:
Some people aren't smart enough to own the equipment to operate a wireless network. They are only interested in the novelty of it. It's like buying a nice house and putting all of your stuff in it, but leaving the front door open all the time. Of course there are going to be people who come in and steal your stuff. Duh!
Careful here... just because someone doesn't know about wireless security doesn't mean they're dumb, or even not smart enough to own the equipment. Like a ton of tools and other tech people use every single day, there's a place for wanting to get the desired utility out of something without necessarily understanding how it works. I have the relevant tech background to read up and secure my wireless network, but my mom sure doesn't. Can she use a computer, and use it pretty effectively? Sure. Could she set up a DSL modem or wireless router herself if you gave her instructions? Sure, but she's not likely to understand what she's done from a security perspective. Could she still get utility from using her computer wirelessly? Absolutely.
Your analogy to someone buying an expensive house and then leaving the doors open is also pretty ridiculous, given that a huge majority of the people that are mindlessly installing open wireless networks actually don't place much value on their bandwidth (i.e., they wouldn't care if you used it if it didn't impact them), or don't really have much on their computer that would be worth stealing if you hacked into it. Any credit card transactions they use should be SSL encrypted anyhow, so they shouldn't have to worry about you sniffing their bank info.
The problem is that, to maximize compatibility, DSL providers and lots of wireless routers are still coming with insecure WEP setups by default. My girlfriend just got DSL from Qwest. Setup was easy, but not only was it WEP by default (thankfully they at least wanted you to use a password so it wasn't _completely_ open out of the box), but if you wanted to use WPA, tech support wouldn't help you. There was nothing in the box that really said anything about security (because they want it to be easy), so even someone that could understand basic explanations and would want to choose WPA wouldn't even have a pointer to a place they could find out more and really clamp down their network. Given how ubiquitous both broadband and wireless have become, I really think this is asinine.
Sorry to rant, it just drives me crazy when people act as if people that don't have the same level of tech expertise as they do *should*, and are idiots or fools if they don't. I mean, look at the number of people posting on this topic, that certainly above average in being tech savvy if they're hanging out in a mac forum, who are suggesting things like SSID hiding or MAC filtering??? Sure, they're added layers of security, but they're just as easily worked around as hacking the WEP network in the first place.
It seems to me that you can divide those that want to use your wireless network into two categories: The first is people that only know enough to jump onto an open network. That's the largest group. The second group is people that know enough to hack the WEP encryption, and they're clearly savvy enough to get around SSID hiding and MAC filtering. So just by having a password you eliminate the first group. By adding the other two measures, though, you've really done nothing about the second, so why bother?
So what needs to happen is for the secure thing (WPA or WPA2) to be the default, and require that you use a password. That way, the idiots that don't know any better are still protected, because no matter what you do, they're not going to understand all of the buzzwords of the tech. Just help them to make things work, and work securely. The tech is there, why on earth aren't people deploying it making it more obvious which the correct choice should be?
, here is some pesudo code:
