Newbs & Wireless

It continues to amaze me, almost halfway into 2006, that there isn't
a more concerted effort by linksys and other major players for home
market wireless routers, to make people aware of wireless security.

The other day I was I detected wireless entworks simply driving
around with a laptop with built in wireless detection, through out
the course of 3-4 hours in 10 towns, about 200 wireless networks
have default login/password to their GATEWAY.

For new comers that don't know, when you setup a router, and just
let it run with default configuration, a person can just do ipconfig
/all in command prompt, or the equivalent in linux (which I do not
know), and look for the gateway.

That is the wireless router serving out the dhcp in their usually
192.168.x.x network. If gateway = 192.168.1.1
simply http://192.168.1.1 and login with default credentials of the
major makers, ie: linksys/netgear/d-link etc. You can find out the
default login/passwords for these by pulling up the manuals for the
respective routers on the manufacturer websites.

Baffled. . . .

Can lock people out of their own router. Some people have in un-
masked form, their email address and password in some
configurations, where DSL requires it. Then imagine where you can
go from there. . . scary


Companies now need to have some sort of complex protection auto
enforcement instead of letting shit go default, a nice and easy to
use automated GUI process, instead of letting the users do it, when
the users themselves just leave it alone (not due to laziness)
because their clueless.


__________________________________________________
3:16

--
----------------------------------------------
Posted with NewsLeecher v3.0 Final
* Binary Usenet Leeching Made Easy
* http://www.newsleecher.com/?usenet
----------------------------------------------

Flex328 ((E-Mail Removed)) wrote:
>It continues to amaze me, almost halfway into 2006, that there isn't
>a more concerted effort by linksys and other major players for home
>market wireless routers, to make people aware of wireless security.

Why would they? It'll needlessly complicate people's view of The
Wonderful World of WiFi, and doesn't add anything to the bottom line.
Their marketing efforts are focussed on getting people to throw out
their {b,g,proprietary high-speed} gear and buy new (Pre-, Draft-, and
soon Real-) N gear.

The marketplace (Joe Sixpack, his mother, and probably all of our
mothers) doesn't know or care about security, they want it to work,
and turning on security frequently _doesn't_ help...

This is a constant discussion here (Google News is your friend), and
there aren't any good answers.

"Flex328" <(E-Mail Removed)> wrote in message
news:446f5923$0$22528$(E-Mail Removed) ng.com...
> It continues to amaze me, almost halfway into 2006, that there isn't
> a more concerted effort by linksys and other major players for home
> market wireless routers, to make people aware of wireless security.
>
> Baffled. . . .

It's all so that users get a good "works right out of the box experience".
The problem is it's all to easy to "loose your internet connection" if you
make a mistake setting up the security settings. That results in a call to
customer services which costs the company money to handle.

The very process of enabling encryption involves you loosing the ability to
talk to the routers set up page (eg until you enable encryption in your PC).
That sort of thing is enough to cause the average consumer a heart attack.

What's needed is a wizard that runs on the PC and configures the security at
both ends of the wireless link for you. I guess that wouldn't be hard for
them to provide.

"CWatters" <(E-Mail Removed)> hath wroth:

>What's needed is a wizard that runs on the PC and configures the security at
>both ends of the wireless link for you. I guess that wouldn't be hard for
>them to provide.

Duh... Haven't you seen the promotions for all the "one button easy
setup" programs? Run the software, push the button on the router, and
it sets up a unique SSID and WPA keys on both ends. Linksys calls
theirs "SecureEasySetup".
| http://www.linksys.com/servlet/Satel...VisitorWrapper

Other vendors have different names for basically the same idea. I'm
not a big fan of this method, but the vendors are most certainly
trying their best to improve security.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "CWatters" <(E-Mail Removed)> hath wroth:
>
> >What's needed is a wizard that runs on the PC and configures the security
at
> >both ends of the wireless link for you. I guess that wouldn't be hard for
> >them to provide.
>
> Duh... Haven't you seen the promotions for all the "one button easy
> setup" programs?

It would seems not. Neither of the two routers I purchased over the last
year came with such a prog. Nor did the Access point I got last week.

In article <(E-Mail Removed)>,
Jeff Liebermann <(E-Mail Removed)> wrote:
>Duh... Haven't you seen the promotions for all the "one button easy
>setup" programs? Run the software, push the button on the router, and
>it sets up a unique SSID and WPA keys on both ends. Linksys calls
>theirs "SecureEasySetup".

I was surprised to see this too on my new Buffalo router/bridges
(AOSS is the trademark for these).. I wonder if they're interoperable...

(doesn't matter, don't use it with WDS anyways)

But still, any network setup 'wizards' running on a new router
should force the change of password as part of the configuration process.
--
"When in doubt, use brute force."
- Ken Thompson

(E-Mail Removed) (hennessy) hath wroth:

> I was surprised to see this too on my new Buffalo router/bridges
>(AOSS is the trademark for these).. I wonder if they're interoperable...

My guess is they originated from the same company but has had
"proprietary enhancements" added to provide for "vendor distinction".
In other words, they probably were at one time compatible, but no
longer.

>(doesn't matter, don't use it with WDS anyways)

SES and AOSS have nothing to do with WDS. All they do is setup the
initial SSID and WPA keys. All the other complex setting still have
to be setup manually.

> But still, any network setup 'wizards' running on a new router
>should force the change of password as part of the configuration process.

This is one of my pet peeves. Search the Google archives for "secure
by default" for my multiple pontifications on the topic. For example:
| http://groups.google.com/group/alt.i...29d2674dfc4d9f
Personally, I think AOSS and SES add an additional layer of complexity
to the router which could be eliminated if the routers were shipped
secure by default and required the manual initialization of passwords,
SSID, and WPA keys on initial setup. If these are bypassed, the
wireless section is turned off. If someone wants to run an insecure
system, they have to intentionally set it for zero security, not just
open the box and plug it in.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558