[Cold Warrior]

You don't need to input line breaks. The reply box and the boards will handle text wrapping. In fact, it's one of the Useful Suggestions.

[Tesselator]

It's been my style for decades and I'm afraid I won't be able to change.
Old dogs and all that. Additionally my browser is truly huge. It spans
two twenty four inch monitors as is needed for another web project I'm
involved in. This makes tracking the sentences from the end of one to
the beginning of the next very difficult for me. I get comments from
others saying that they like the style but this is the first time I've heard
or seen opposition to it.

[Simon]

Well then here's opposition no. 2.

I have my browser window set to span 1920 pixels because that is how I like it. When you insert line breaks you force me to read it your way rather than the way I prefer. Nothing personal, but you are preventing people from viewing it in the way they prefer.

[peeb]

Originally Posted by Simon 

Well then here's opposition
no. 2.

I have my browser window
set to span 1920 pixels
because that is how I like
it. When you insert line
breaks you force me to
read it your way rather
than the way I prefer.
Nothing personal, but you
are preventing people from
viewing it in the way they
prefer.

I for one would prefer it if
you could shorten the line
length a little - for those
of us on very small monitors,
it is considerate to stick to
very few characters per line.
Thank you!

[Tesselator]

Lol

[toeknee]

old thread, but I have to say this:

MAC address filtering: mostly useless

--MAC filtering with no encryption: stops the old lady next door from using your connection, but hackers can sniff the MAC address right out of the air, clone their card, and they're in. All traffic can be sniffed by anyone, so unencrypted passwords are at risk. False sense of security.

--MAC filtering with WPA/WPA2: there is no point in doing this, it just makes hassles for you to add new equipment/users/guests. If a hacker is capable of breaking your WPA, the MAC address filtering won't slow them down a bit. They can't connect to your network without the WPA key, they can't sniff the MAC without the WPA key. To use MAC filtering when you're already using WPA is like putting a child safety gate inside your 6 inch solid steel door.

[Big Mac]

How is a thread last posted to four days ago an "old thread"? Good information though.

[ghporter]

Originally Posted by toeknee 

--MAC filtering with WPA/WPA2: there is no point in doing this, it just makes hassles for you to add new equipment/users/guests. If a hacker is capable of breaking your WPA, the MAC address filtering won't slow them down a bit. They can't connect to your network without the WPA key, they can't sniff the MAC without the WPA key. To use MAC filtering when you're already using WPA is like putting a child safety gate inside your 6 inch solid steel door.

Actually this is the completing step to securing the traffic with good encryption. By allowing only specific MAC addresses to connect then you have TWO separate ways of ensuring that only those you authorize are part of your network. This covers situations when someone's laptop is compromised and their Keychain is copied, or if the user had inadvertently saved the passphrase as plain text somewhere on their computer. It's also a good policy in case someone manages to develop an actual attack that compromises WPA (though that seems to be seriously computationally infeasible). It may not be for everyone, but I'm sure not going to undo my MAC filtering just because I feel very confident that WPA is extremely robust.

[turtle777]

Originally Posted by toeknee 

old thread, but I have to say this:

You're a clown.

You posted only seven times in 5 years, and then you come and make a completely ridiculous statement. Well done.

-t

[tinkered]

This is always true with security. Ultimately, the goal is to make it not worth the trouble.

[toeknee]

Originally Posted by turtle777 

You're a clown.
You posted only seven times in 5 years, and then you come and make a completely ridiculous statement. Well done.
-t

What possible difference could it make to you how many times I've posted in this forum? Is that the measure of a clown? Is there a correlation of number of posts to the value of one's opinion? Yep, you caught me, I'm an infrequent visitor to these bastions of intellect.

Certainly, if your postings consist of short and pointless retorts as above, I can see how you've racked up 12,000+. In any case, well done yourself.

[toeknee]

Originally Posted by ghporter 

Actually this is the completing step to securing the traffic with good encryption. By allowing only specific MAC addresses to connect then you have TWO separate ways of ensuring that only those you authorize are part of your network. This covers situations when someone's laptop is compromised and their Keychain is copied, or if the user had inadvertently saved the passphrase as plain text somewhere on their computer.

I appreciate your opinion, but I respectfully disagree. I would consider Step Two to be the frequent changing of your encryption password, certainly any time you even suspect that an outsider has somehow (through someone's sloppiness) gained access to the password. Frankly, if I have compromised your laptop and unlocked your keychain, it's pretty easy to also get the MAC address of your Airport/wireless card.

The "key" (pardon the pun) is to control the access in the first place. Your password only goes on your computers, it's stored in the System keychain, and any other users do not have admin rights. And you change it frequently. You can change it less frequently if you keep it only on your own computers and get a second access point with a 'guest' WPA key that you can plug in when needed (ideally on the Internet side of your firewall, even better separated completely from your subnet by a router).

Originally Posted by ghporter 

It's also a good policy in case someone manages to develop an actual attack that compromises WPA (though that seems to be seriously computationally infeasible). It may not be for everyone, but I'm sure not going to undo my MAC filtering just because I feel very confident that WPA is extremely robust.

I was not seeking to persuade you to disable your MAC filtering system, but I would also advise anyone to not bother setting it up. As I have tried to demonstrate, it's relatively worthless. Put your energy into controlling access to your WPA password. Anyone going to the trouble to obtain it through subterfuge and deception is not going to be hampered by MAC filtering.

Yes, I do regret even bringing it up. I need to be working on other things.

Happy spring.

[Tesselator]

toeknee,

Sorry about the rudeness of a few here (in my thread). Some people's children - - I swear...

Thanks for the info. I think the case is as you describe it and perhaps worse. Another reason I
say why not just open it up. They have to be within range to do anything anyway and the odds
of someone knowing how to do anything other than just "connect" to the internet over it are
very slim indeed. Also I have a buttload of kids over here all the time and their PSP's, laptops,
and other mobile browser devices are thankful that it's open.

[ghporter]

Frequently changing good WPA passphrases is an excellent way to follow up on using WPA to begin with. It is, however, unwieldy. Of course I consider "good" WPA passphrases to be exceedingly random and a full 63 ASCII characters long, so that sort of adds to the lack of ease in changing it. But if you, like me, have somewhere over 20 WiFi devices that you want to grant access to, and only a handful of them are actually at your physical disposal at any given time, changing the passphrase regularly (or better, "irregularly") gets to be a major issue. I have to handle the machines I can touch when I want to change the passphrase and then update the key on those that are only on my network irregularly as they show up. How do I keep track of which devices I've allowed onto my network already? MAC addresses.

toeknee, this has been an interesting side trip. I agree with you 100% that I go overboard by using MAC filtering. But having been a computer security officer for many years, I just can't help it. I think tinkered had it right-the goal of computer security is to make it too much of a hassle for an attacker to bother with your setup, and there have been a lot of approaches to that end over the last several years. Some people advocated not broadcasting your SSID, which is useless because it only really impacts certain Windows computers' ability to find and thus connect to your network; intruders' arsenal of software includes apps that grab the SSID portion of any traffic without any real effort. Others have said "any encryption is better than none at all" as a defense of using WEP, but that includes the risk that the "warm feeling" of having done "something" lulls the user into thinking that he's done something more than just putting a hook-and-eye lock on his screen door. In the end, ANY security scheme must be a little bit of a hassle to set up so that it is robust enough to be a major hassle to attack.

Someone asked me in this thread why I haven't moved to WPA2. The reason is that I haven't done the research to find out whether all the devices I include in my network support it. I still have a PocketPC PDA that ONLY supports WEP, so I can't even allow all of my WiFi capable devices online; moving to a "more super than super duper" encryption scheme is not necessarily an effective option, considering the XBox 360, the variety of PC card adapters, built in WiFi adapters and so on that congregate at my house... I probably need to cull a bunch of these clients from my lists, and will someday.

[turtle777]

Originally Posted by Tesselator 

toeknee,

Sorry about the rudeness of a few here (in my thread). Some people's children - - I swear...

WTF ?

Don't you think it was dumb weird by toeknee to start his post with "old thread, but I have to say this:" ?

-t

[toeknee]

Originally Posted by turtle777 

WTF ?
Don't you think it was dumb weird by toeknee to start his post with "old thread, but I have to say this:" ?

There had not been a post in the topic in four days. On many active forums, the topic would have been closed. I sure regret offending you, but I have to say this: it's pretty dumb weird that you make such a big deal about it.

[turtle777]

Originally Posted by toeknee 

There had not been a post in the topic in four days. On many active forums, the topic would have been closed. I sure regret offending you, but I have to say this: it's pretty dumb weird that you make such a big deal about it.

I don't get it.

THIS thread was started on 03/03/08.
And you consider a thread that was started 4 days ago (03/07/08 in my book) OLDER ?

Enough, I'm done with this.

-t

[Cold Warrior]

Drop it everyone. Stay on topic, old or no.

[Cold Warrior]

I've deleted two off-topic posts to keep the thread cleaner.


I use WPA2 on my linksys wrt54g.

[Tesselator]

Originally Posted by Cold Warrior 

I've deleted two off-topic posts to keep the thread cleaner.


I use WPA2 on my linksys wrt54g.

Thanks man!

I had a linksys for awhile. It kept locking up and I'd have to press the reset button to again
access the internet so after a month I got my money back and got a "RoadLanner" (which
reminds me Load Runner the game ) Japanese made unit. I hear LinkSys is wildly popular
in the states but I almost never see them for sale here in Japan. How old is yours and are if
newish are they any better these days?

[moep]

Originally Posted by Tesselator 

Thanks man!

I had a linksys for awhile. It kept locking up and I'd have to press the reset button to again
access the internet so after a month I got my money back and got a "RoadLanner" (which
reminds me Load Runner the game ) Japanese made unit. I hear LinkSys is wildly popular
in the states but I almost never see them for sale here in Japan. How old is yours and are if
newish are they any better these days?

The main reason why Linksys routers are so popular is that they are able to run customized open-source firmware based on linux.

There are literally dozens of different firmwares for the WRT54GL out there, I personally prefer the somewhat slim and sleek Tomato Firmware. There's also DD-WRT that packs an unbelievable amount of features if you're into that kind of thing.
Just check this wikipedia entry for more information.

Back to topic, I'm using WPA-2 simply because all my devices support it.

[ghporter]

The "my Linksys locks up" issue is almost always because of buggy firmware, and it's almost always fixed by simply waiting a little while for Linksys to release a fixed firmware. They sometimes release new versions "before their time" and that impacts users, but they also are responsive to customer feedback, so they get those issues fixed and release the new firmware really quickly.

And moep's point about the variety of firmware available for the Linux-based Linksys router is an excellent point. Check out LinksysInfo.org for a fairly comprehensive listing of these, with critiques, downloads, etc. Great site for Linksys users to bookmark. My on-topic point? Some older Linksys routers don't support WPA2 with Linksys firmware but WILL using a third party firmware...

[Cold Warrior]

Originally Posted by Tesselator 

How old is yours and are if newish are they any better these days?

I don't know about the newer ones. Haven't used them. Mine is four years old and still going strong.

[Tesselator]

Thanks CW...

Yeah, I didn't know there were 3rd party roms available. That's pretty interesting!
I wondered why LinkSys was so popular... I just couldn't figure it out. They were
low speed and didn't work well by everything that I could see and experience.
This rom flashing explains allot! I guess the higher speed isn't important in the
USA as most people don't have a connection speed of 8mb and therefore don't
need a line speed of over 10mb. My current setup here in Japan is a 1,000mb
line speed and 200mb connection speed. But in my case now the router and all
is supplied by the ISP as was my previous service at 1,000/100. So third party
routers and wireless base stations haven't really been a consideration for me
nor I suppose most Japanese internet users for about the last 2 to 4 years. For
me all I need these days is a few stackable hubs at base 1000.

[ghporter]

What we're talking about is people who don't know anything about their computers setting up wireless networks and not paying any attention to which printer comes up when they print. And we're talking about their neighbors who don't know any more about their own computers or their own networks not protecting their networks so that the idiots next door can't use them. If we were really talking about people who KNEW what they were doing, this discussion would be summed up with "it just can't happen." But since anyone with $50 can set up a wireless network (no actual brain required), AND just about all hardware comes out of the box wide open and unprotected, it CAN AND DOES happen.

[Tesselator]

I thought we already covered all that and were talking about
routers now? Oh well.

[ghporter]

Originally Posted by Tesselator 

I thought we already covered all that and were talking about
routers now? Oh well.

Nope, just the security aspects of setting up one's network-you must secure the whole thing or you may be left without any protection. Fortunately, this isn't really a chore, just another step in the setup process.

[Tesselator]

True. I personally think that the range limitations is protection enough.

But that's just me.

[tridentinecanon]

Originally Posted by Tesselator 

I live in a country where
most people are honest and are considerate of others from a sense
of duty as a human being and part of a largely homogenous society
("most" in that sentence meaning high nineties).

What paradise - er, I mean country - is that?

[ncudmore]

I was using 802.1x encryption, at least that was until the problems with 10.5.2.

I've now had to downgrade to WEP2 Personal - still at least the iPhone now can connect to the network.

Living in the UK, we have slightly more 'congestion' and I did a quick scan for other networks a few seconds ago, and I get 10 showing up now and that's at 02:20 in the morning, and I know at the weekend I've seen 13 or 14 with 'AP Grapher'.

Have a look at Mac software such as KisMac and Wireshark, and others, you no longer need a Windoze machine. I showed a friend just why he should secure his network, when I took my MacBook, and connected to the network of the person next door, and watched which websites they visted etc.

WEP is straight forward to crack, as it's a very poor standard which has holes big enough to drive an 18 wheeler through....

I would suggest everyone use at least WPA to deter both the casual 'sniffer' and the 'accidental' hopping onto your network by someone else.

[Tesselator]

Originally Posted by tridentinecanon 

What paradise - er, I mean country - is that?

Japan. South Africa was like that too though.

[Athens]

Wireless security is only part of the total security package to protect yourself and your home. WPA2 Personal is the best for home users, and for a business that is on Active Directory WPA 2 Enterprise with Radius is best.

Steps to deal with armatures include
Hiding the SSID (easily discovered with sniffed software)
Mac Address Filter (easily spoofed because the unencrypted part of the packets contain the mac address)
No DHCP (IP easily discovered with network scanner utilities)

But the above 3 are in no way secure. With that said, you need to also make sure your passwords are strong, using a mix of numbers, letters, upper and lower case and special characters. A example of a strong password is "HKKi4f#der3!4S" and not using the same exact password in more then one place either. Never use the same password for your secure sites and non secure sites. If for example you use the same password on MacNN and your Bank, while yo ur bank is using SSL to encypt traffic between you and the bank, MacNN isn't and your same password is going through the net unencrypted. Even if your wireless is hacked, if your using different secure passwords for different class of things chances are you will be pretty hack proof. Example would be

Same password for unsecured sites, MacNN, Facebook, Myspace.
Same password for secure sites, Bank, Credit Card, Tax Returns (as long as they are all SSL)
Unique password for your base station, Unique password for your Computers login, and all the computers should have unique passwords. If you must share things between computers over wireless, setup a user with no admin rights and attach that user to a shared folder with a different password then the main user passwords, so only this password is every traveling through the wireless.

A note on logging

And aside from that I'd like some logging capabilities (for example MAC addresses, IPS, time, etc.) so that in case some idiot decides to d/l illegal material over my open network I have some evidence to show wasn't me.

You can't prove it was not you, how do you prove that you are not hiding a laptop. Also because its your connection its your responsibility to secure it, you might not be the person doing the theft or porn but you allowed the unprotected access which in some states and some provinces still makes you partially liable.

[peeb]

Originally Posted by Athens 

You can't prove it was not you, how do you prove that you are not hiding a laptop. Also because its your connection its your responsibility to secure it, you might not be the person doing the theft or porn but you allowed the unprotected access which in some states and some provinces still makes you partially liable.

This is bogus. Please show me why you think this is true.

[Tesselator]

Get'em peeb!

I don't believe it either. I keep reading in the newspapers how that you
are NOT liable in case after case with no mention of it being any different
in any other states.

[ghporter]

I don't think the final judgment that the owner of the open network is not liable is anywhere near as important as the fact that the owner will be put through all the hassle of showing that he's not involved in whatever the interloper did using his network. I really don't need any of that sort of thing myself-having my equipment impounded for forensic analysis (which can take lots of time), having to explain what I do online and where I surf, etc. etc.

The fact that the (insert your choice of illicit download here) came through your connection is enough to disrupt your life when the Law starts investigating that particular download. It's true that there is no LEGAL REQUIREMENT to secure your network; you can give it away all day. But I don't think it's smart.

[turtle777]

^^^ Well said, Glenn. They will give you hell, even if you turn out to be uninvolved.

-t

[peeb]

That sounds more reasonable Glen, but is far from the claim that was made.

[ghporter]

I think I under emphasized how much hassle and trouble this could be. If the local prosecutor is a "male type organ," it could be disastrous whether you're completely cleared or not, especially of the intruder used your network for kiddie porn. Or "national security" issues.

I think of securing my network as at least "due diligence". If I'm trying to control it, then it would be pretty obvious if someone figured a way around my measures and got in, whereas if I didn't do anything, it might be seen as "inviting" others to play badly with my resources-which can also be characterized as "giving myself a cover for doing that bad stuff myself." No thanks!

And I have no problem expecting a tech-savvy person to understand what I'm doing or why, whether I choose to secure or open my network. It's that "jury of my peers" who are almost certainly NOT tech-savvy that I worry about. Better to take precautions and trust a little that people will see that as my being careful than to try to explain to someone with no technical background why I thought it would be unlikely that someone would single MY network out to mess with.

[Cold Warrior]

You guys remember when that sysadmin for some Georgia school installed SETI and they hit him with a federal felony wrap? Male organ indeed.

Best bet is to secure your router; don't make it a public wifi point for any people to take advantage of. Plausible deniability is important.

[Tesselator]

Wow! I'm just really glad I don't live in the police state know as the United States. Here, unless
you were SELLING warez out of your connection they wouldn't do anything at all unless you were
otherwise a wanted man (for like armed robbery or something). The US just gets more and more
ridiculous with each passing day.

Next they figure a way to arrest all the occupants of all households within range of any wireless
device over which any crime was committed. After all the waves bounced off your house so you're
guilty. Ignorance is no excuse for the law! Off with their heads.

So when does the revolt start? I wanna watch.

[Cold Warrior]

On topic, I'll add that I tried going to only WPA2, but Windows XP on my MBP wouldn't work with it - just WPA - so I reverted to WPA/WPA2.

[Tesselator]

That's kewl.

But if this subject leads to the examination of legal issues and law enforcement policy
surrounding wireless networks I wouldn't consider it off-topic. Would you? I mean if
things are so tight that we/they can only talk about "What encryption method you use
for your home wireless network" and not why or how they use them that's pretty limiting
IMHO. No? I dunno...

[Cold Warrior]

Originally Posted by Tesselator 

That's kewl.

But if this subject leads to the examination of legal issues and law enforcement policy
surrounding wireless networks I wouldn't consider it off-topic. Would you? I mean if
things are so tight that we/they can only talk about "What encryption method you use
for your home wireless network" and not why or how they use them that's pretty limiting
IMHO. No? I dunno...

Using the topic to bash the United States is taking it off-topic. Feel free to create a separate thread in the pol-war lounge.

[Simon]

I'm very much interested in this topic because I have a lot of spare bandwidth and I would like to offer a simple and free 11 Mbps network for anybody who happen to need it for shorter periods of time. I travel a lot, often find myself in some city I have never been to before and know what a hassle it is to find only locked networks or none at all when all you want to do is quickly check google maps for some directions or book a hotel room.

Obviously I don't want to go through something like Glenn described. I work in Sweden now and I'm pretty sure their legal system is less screwed up than the one in the US, but of course even if you deal with a reasonable DA you will need some way to show that the "illegal trafic" wasn't coming from one of your own computers. What about the log files the AEBS writes? Don't they contain the MAC addresses of the connected clients? Wouldn't such a list with MAC addresses, time stamps, etc. be sufficient to show that at a certain time there was an 'external' client running off of your network?

[Tesselator]

Originally Posted by Cold Warrior 

Using the topic to bash the United States is taking it off-topic. Feel free to
create a separate thread in the pol-war lounge.

I think it's really hard these days to make any honest statements about laws
and/or enforcement in the United States without it seeming like a bash. But
I take your meaning.

Originally Posted by Simon 

I'm very much interested in this topic because I have a lot of spare bandwidth
and I would like to offer a simple and free 11 Mbps network for anybody who
happen to need it for shorter periods of time. I travel a lot, often find myself
in some city I have never been to before and know what a hassle it is to find
only locked networks or none at all when all you want to do is quickly check
google maps for some directions or book a hotel room.

Obviously I don't want to go through something like Glenn described. I work
in Sweden now and I'm pretty sure their legal system is less screwed up than
the one in the US, but of course even if you deal with a reasonable DA you
will need some way to show that the "illegal trafic" wasn't coming from one
of your own computers. What about the log files the AEBS writes? Don't they
contain the MAC addresses of the connected clients? Wouldn't such a list with
MAC addresses, time stamps, etc. be sufficient to show that at a certain time
there was an 'external' client running off of your network?

That sounds right to me - shrug. With my last ISP (I recently switched ISPs)
I had their router send a server message and start dumping the activity log
to a disk buffered pop-up window. I didn't see any MAC addresses but that
doesn't mean it wasn't there or that it's not possible I guess. I haven't tried
to set up that behavior with this new yet tho. Over the past several years I've
only had 1 person or maybe two (I'm sleepy right now and can't think to
remember exactly) ever access it.

I'm located right here Google Maps and there are 7 strong wireless access
points. I think 4 or 5 of them are wide open. They don't have the little lock
icon on them anyway... I connected to one once and it worked OK. I loaded
a page and then connected to my own.

[themacjedicali]

Everyone knows that WEP is not security. It may as well be an open connection as far security pros are concerned. it would take about 20 seconds to break into the best WEP available.

MAC address filtering is also not security. Anytie data is passed to and from the router, the mac addresses of where its going and where its coming from is passed along WITH the packets. A pro would just sit and wair for a packet to fly accross, sniff it out, and have a valid authenticated host allowed on the network. This person would then change the mac address of his wireless driver to spoof it to look like the sniffed host, and your filtering is now defeated.

USing WPA or WPA 2 is the best you can get but usng a stupid password will get you broken into as well. The pro security expert would just kick you off your own network, wait for you to re-authenticate, then just brute force the hardware handshake that happens when you try to get back on your network. USE A GOOD 63 character COMPLETEly RANDOM PASSPHRASE USING ALL THE SYMBLS YOU CAN. Dictonaries/Wordlists exist exist in every language and if all you use is numbers, any good shell script can come up with 63 numbers in many many combinations incredibly quickly so dont just use numbers alone. The less characters you use, the faster you get compromised

Someone "connecting to your network" isnt the problem, its that person who can decrypt everything you say and do over the wireless connection that IS the problem. Credit card transactions, aim , email, anything net related. If you havent hear dof MITM attacks (man in the middle) then you should research it and know it well. In overly simplistic terms, basically any secure https connection you think you are making is actually done through a persons laptop pretending to be your router or the server you are connecting to. you think you are making a secure connection to your banking site or whatever secure site, while you are really making a secure connection to the man in the middle, and he makes the true secure connection to the sever you were connecting to in the first place. as he recieves a request form you, he passes the same request to the server using a different secure key. the server responds, he decrypts it, stores it, then re-encrypts it to you and you never knew what hapened. Your "lock" symbol is up, your url says https, and you ignore the "invalid credentials" warning message form safari/your browser (although there are ways around that too)

Point is that you NEVER want to assume that lax security is a good thing. Always do as much as you can to be secure in eveyrthing you do. Identity thieves are sophisticated and they can exploit holes in your macs/pc's that Apple and M$ sont even know about or havent fixed yet. Did you ever know baout the security problems before you got an update reminder? SOftware updates are months in the making and if the vendor knows about a bug, the hackers know about and have exploited it already successfully. During this time, you are vulnerable and dont even know it/care. ALWAYS take security seriously and you will be less of a target and will have less of a headache trying to fix problems and deal with legal issues.

[Tesselator]

But all that assumes a level of ignorance that I think most people willing
and wanting to supply an open connection are I would hope, more learned
than. Sure if you're running a business or if you're silly enough to do your
personal banking or financing on a networked computer then for sure all
these security precautions and more, are needed or at least recommended.

I would hope that computers are still new enough and users are still wary
enough as to not keep any personal info on a networked machine. I know
I don't for sure!

If you were to break into my system and grab everything and go over
it with a microscopically fine toothed comb you could only come to the
conclusions that I am between 18 and 90 somewhere, I'm American but
there exists a very strong possibility that I'm not, I'm probably male but
there's a really good chance that I'm female. You might be able to conclude
that I'm anti-war or are the machines in an office environment where many
users log on and off? If you had access to all the other public records tied
to this physical location you wouldn't be able to pin down a real name, a
nationality, nor a financial profile of any kind. You might be able to cross
reference a list of every University professor employed at one of the 12
Universities in the area and make an educated guess (pun intended) but
now we're talking CIA level investigations and I'm not on their radar yet
unless I'm mistaken about the level of tyranny in the USA or any of the
Asian countries I make my life in. I guess with most people's networked
machines you might be able to learn a primary user's 1st and last name
but I would hope not much more unless they have a very modest financial
profile and think it probably doesn't matter if their CC# gets out anyway.
It is after all more likely that your CC# would be swiped out of a trashcan
than off a networked computer - at least I read so.

Anyway I think all your points are excellent ones but I'm not sure they
apply...

EDIT:
...to people that want to offer an open connection.

[ghporter]

Not to get political here, but it's not tyranny I'm talking about. It's the fact that, given the chance, bad people will do bad things and not care that they may hurt other people in the process. I just don't want to help them out. Securing my network means that I control it, I decide who benefits from it, and that's that. If I wanted to share my bandwidth, I'd set up a completely separate wireless network, one that didn't connect in any way to my home network. Different subnet, only sharing the Internet connection, that sort of thing.

My urgings for people to secure their home networks come from a long background in computer security, and an ingrained level of paranoia that firewall logs tend to reinforce-there ARE people out there probing for vulnerabilities. And since we Mac users tend to be a trusting lot on the whole, there's a cultural lack of skepticism or caution in how we deal with outsiders-and on the whole we are less likely to take steps to protect ourselves. Windows users, on the other hand fall into two groups: the ones that have been burned and have learned from it, and the ignorant lot that haven't noticed (or cared) that someone's abused their computers. They either pay at least some attention to security, or regularly pay out the nose for technical services to undo what they could have prevented (or buy a new computer and start fresh-until they get infected again).

I don't worry about my credit card numbers, social security number, address, personal statistics or anything like that. I worry about some 16 year old kid who gets his jollies from disrupting people's lives by messing up their computers-and if he can't crash your computer, he can at least overwrite your documents. Anyone notice how you automatically share your iTunes in Leopard? That scares the crap out of me, because I don't know what else gets shared in the process, and there's not obvious way to turn that "feature" off. My posts about investigations were more to illustrate a "very bad case" scenario. Losing a semester's worth of work, a report that is needed for your company's pivotal proposal, or even your address book listings could be extremely bad too, and just because you use a Mac instead of a PC doesn't mean you're immune to exploits; to me, bad security is an exploit waiting to happen. Especially when people just plug stuff in and not even change the admin password, let alone try a token security measure.

[peeb]

There's no obvious way to turn iTunes sharing off? Are you sure?

[ghporter]

It's not the iTunes sharing that I can't find a way to turn off-that's simple. It's that by default any type of sharing is turned on at one point or another. In fact, iTunes' library sharing is quite good at giving you control of what you share and what you don't. On the other hand, it's easy for someone to share out their whole folder structure "just to make it easier to move those files" and then leave it shared. And in Leopard, Finder actually LOOKS for shared resources and shows them to you-and this bothers me because I was blissfully unaware of how my own shared folder (JUST THAT) may have been available at school until I moved up to Leopard and noticed that I was seeing everyone else's shared folders...