Wireless theft - how easy is it?

Whilst I appreciate that picking up an insecure wireless signal, and
'piggybacking' off it for Internet access is not difficult, how
difficult is it to then steal data off the host network?

Let's assume the user is a complete novice, has simply plugged a router
in, configured it using vendor software, and is now surfing.

He (or she) has no knowledge of how to really configure Windows, as they
have a pre-configured Dell PC with Mcafee Security Centre installed.

They know nothing of file or folder sharing, and Windows is therefore
left at default settings.

We'll assume Windows XP Home, or a basic Vista.

I ask, because my local TV network, Meridian, are doing an article on
this very subject, and their pre-broadcast 'trailer' suggested data
theft via this method was rife.

It seemed to me, to be yet another news bureau 'scaremongering' prior to
the usual festive hype over credit cards, online shopping etc.

So, how easy is it to actually access files held on a PC that is behind
a wireless router on a 'numpty' installation?

TIA.


--
My reply address is valid, but incoming mail is set to 'auto-delete'
so will not be seen. Please post replies to the group.
XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX

In article <(E-Mail Removed)> , /Tx2
says...
>
> Whilst I appreciate that picking up an insecure wireless signal, and
> 'piggybacking' off it for Internet access is not difficult, how
> difficult is it to then steal data off the host network?
>
> Let's assume the user is a complete novice, has simply plugged a router
> in, configured it using vendor software, and is now surfing.
>
> He (or she) has no knowledge of how to really configure Windows, as they
> have a pre-configured Dell PC with Mcafee Security Centre installed.
>
> They know nothing of file or folder sharing, and Windows is therefore
> left at default settings.
>
> We'll assume Windows XP Home, or a basic Vista.
>
> I ask, because my local TV network, Meridian, are doing an article on
> this very subject, and their pre-broadcast 'trailer' suggested data
> theft via this method was rife.
>
> It seemed to me, to be yet another news bureau 'scaremongering' prior to
> the usual festive hype over credit cards, online shopping etc.
>
> So, how easy is it to actually access files held on a PC that is behind
> a wireless router on a 'numpty' installation?
>
As long as File and Printer Sharing is not being used - which is
disabled by default on XP, the firewall is turned on AND all Windows
Updates have been applied, then it makes it hard.

Vista does go a lot further, making the computer completely
undiscoverable on the network as long as everything in Network and
Sharing Center is turned off EXCEPT Password Protected Sharing.

BUT I played with Linux on a Windows Network and it was quite easy to
get a computer with File and Printer Sharing enabled to show C$, which
is a completely hidden "system" share, and all files on the HDD
including those not shared.

There are applications which can scan a PC to see what vulnerabilities
there are - Nessus being one - BUT you've got to get on the wireless
network in the first place so making sure they're using WPA and a
strong passphrase will put off many "drive by's".


--
Conor

I'm not prejudiced. I hate everyone equally.

"/Tx2" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) T...
>
> So, how easy is it to actually access files held on a PC that is behind
> a wireless router on a 'numpty' installation?

Vista has file sharing switched off by default and you need to jump through
several hoops - share the folder, turn on file/printer sharing, turn off
password-protected sharing, change permissions on user's My Documents folder
to allow other users to access it, etc. The difficulty for the novice is
actually putting all the steps in place to make file sharing work even when
you want it.

But you still need to make sure that you have wireless security turned on -
partly because you may have got an expert to share folders for you and
partly to prevent people using your internet connection for illegal
purposes.

At least Orange Livebox and BT Home Hub have the right idea - they ship with
security turned on and a sticker on the bottom with the key. OK, so it's
only WEP, and getting WPA to work (and for the router to remember that
config after rebooting) is a pain, but it's a step in the right direction. I
think the LiveBox also has MAC filtering and will only allow new devices to
talk if you put it inot pairing mode for a few minutes.

In article <(E-Mail Removed)> , /Tx2
(E-Mail Removed) says...
>
> So, how easy is it to actually access files held on a PC that is behind
> a wireless router on a 'numpty' installation?
>
I suspect they're talking not about hacking the hosts, but about
sniffing the wireless traffic - this is pretty trivial, but as sensitive
information is (hopefully) already encoded via SSL, VPN etc. getting
anything useful out of it will take some effort. Unless you're
specifically targeting a particular person it will be easier to use
phishing, trojans etc. to gain access to PCs and data. I suppose an
insecure wireless connection would be an easy way to launch those
attacks in a way that's virtually impossible to trace back to you ...

"/Tx2" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) T...
>
> Whilst I appreciate that picking up an insecure wireless signal, and
> 'piggybacking' off it for Internet access is not difficult, how
> difficult is it to then steal data off the host network?
>
> Let's assume the user is a complete novice, has simply plugged a router
> in, configured it using vendor software, and is now surfing.
>
> He (or she) has no knowledge of how to really configure Windows, as they
> have a pre-configured Dell PC with Mcafee Security Centre installed.
>
> They know nothing of file or folder sharing, and Windows is therefore
> left at default settings.
>
> We'll assume Windows XP Home, or a basic Vista.
>
> I ask, because my local TV network, Meridian, are doing an article on
> this very subject, and their pre-broadcast 'trailer' suggested data
> theft via this method was rife.
>
> It seemed to me, to be yet another news bureau 'scaremongering' prior to
> the usual festive hype over credit cards, online shopping etc.
>
> So, how easy is it to actually access files held on a PC that is behind
> a wireless router on a 'numpty' installation?
>
> TIA.
>
>
> --
> My reply address is valid, but incoming mail is set to 'auto-delete'
> so will not be seen. Please post replies to the group.
> XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX


This may be of interest.
http://www.wardriving.com/
http://wirelessdefence.org/index.htm

(E-Mail Removed) declared for all the world to hear...
> Whilst I appreciate that picking up an insecure wireless signal, and
> 'piggybacking' off it for Internet access is not difficult, how
> difficult is it to then steal data off the host network?

If they have shared drives, not very difficult at all!

> Let's assume the user is a complete novice, has simply plugged a router
> in, configured it using vendor software, and is now surfing.
>
> He (or she) has no knowledge of how to really configure Windows, as they
> have a pre-configured Dell PC with Mcafee Security Centre installed.
>
> They know nothing of file or folder sharing, and Windows is therefore
> left at default settings.

No shared drives then.

> We'll assume Windows XP Home, or a basic Vista.
>
> I ask, because my local TV network, Meridian, are doing an article on
> this very subject, and their pre-broadcast 'trailer' suggested data
> theft via this method was rife.
>
> It seemed to me, to be yet another news bureau 'scaremongering' prior to
> the usual festive hype over credit cards, online shopping etc.
>
> So, how easy is it to actually access files held on a PC that is behind
> a wireless router on a 'numpty' installation?

If drives have been shared it's easy. If drives have not been shared? I
don't know. I imagine there's a way.
--
Regards
Jon