whats the point to it, why is it called 'war Driving'? That doesnt have anything to do with what you described yourself doing.
Also, us geeks do not talk in code, we dont have the time to waste.

Gur grez "Jne Qevivat" fgrzf sebz "Jne Qvnyvat", erzrzore gur zbivr Jne Tnzrf? uggc://jjj.vzqo.pbz/gvgyr/gg0086567/ Nf sne nf gur pbqr tbrf, bu jryy, vgf sha. ;-Q

Ebel, hf trrxf qb unir fbzr sha bhgfvqr bs cebtenzzvat! Jne qevivat tvirf na rkphfr gb pbqr ba gur tb. Jurer ryfr ohg urer va gur Onunznf pna lbh fvg ba gur ornpu naq grfg bhg lbhe ubzrznqr jro nccf?

NAQ bs pbhefr gurer ner dhvgr n srj jnlf gb znxr zbarl sebz jne qevivat. Vg'f dhvgr fvzcyr NAQ YRTNY, vs nalbar vf vagrerfgrq, whfg yrg zr xabj.

Gur crbcyr gung V xabj jub ner vaibyirq va grpu rkpyhfviryl sbe gur zbarl bsgra fhpx ng vg. Lbh tbggn yvir vg yrnea vg naq ybir vg!

Also, us geeks do not talk in code, we dont have the time to waste.


U4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4! J4573 0s 71z3? L0h 5u0hyq o3 4oy3 70 q3p1cu3e 50z3 0s 7u15 57hss 0a 7u3 syl 17'5 4a07u3e y4ath4t3 - 4 y4ath4t3 0s 73pu. L0h p4aa07 e3w3p7 4a 3553a714y c4e7 0s p0q1at phy7he3 j17u0h7 e3w3p71at 7u3 T33X j17u1a. U3l, l0h j0hyqa7 u4cc3a 70 o3 0a3 0s 7u053 c30cy3 ju0 j15u 3i3el0a3 5c0x3 3aty15u 3u?

U4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4u4! J4573 0s 71z3? L0h 5u0hyq o3 4oy3 70 q3p1cu3e 50z3 0s 7u15 57hss 0a 7u3 syl 17'5 4a07u3e y4ath4t3 - 4 y4ath4t3 0s 73pu. L0h p4aa07 e3w3p7 4a 3553a714y c4e7 0s p0q1at phy7he3 j17u0h7 e3w3p71at 7u3 T33X j17u1a. U3l, l0h j0hyqa7 u4cc3a 70 o3 0a3 0s 7u053 c30cy3 ju0 j15u 3i3el0a3 5c0x3 3aty15u 3u?

Compound obfuscation, I love it!

My overall philosophy with passing on knowledge of technology is that any interested person should know and be given a chance to understand, but given the culture that we are in, there are elements that change up the equation. It took me a while to recognize them and evolve accordingly.

The public release of the following information...

"I only found 17 of the 217 access points secured. What is even more interesting is that some of these “open” systems were government corporations (I am not going to name them) and more than a few offshore banks."

...though your intentions may have been good, can be equated to a locksmith openly telling his community that just over 92% of the doors in the households that he checked can be easily "jimmied" open by a crowbar. Some would say that your responsibility was to go to each of those households or businesses FIRST and warn them that this information would have been released. Unless of course, you have an upcoming advertisement in the local newspapers stating:

"Got a wireless network in your establishment or home? Let Jimmy Geek secure it...C'mon, pick up that phone! War drivers are out there, don’t get hacked...Take full control of your network back! :dancer2: "

Which would be okay at this point, but what about the person who was about to buy a wireless access point and now decides on not doing so because "if I have to worry about hackers, then why do I need one?" From the classes that I've taught over the years I have learned firsthand that making some persons in this country aware of the "dangers" of certain technologies before they understand it only makes many of them shy away completely. We "tech" people have to be careful of what information we release and how we release it. That's why I coded my message to get your attention before you continued on.

You would be surprised at the result of your random dispersal of information. My experiences with a few of the neophytes on this island have been plagued with trying to get them to realize that with knowledge comes RESPONSIBILITY. The first thing that they usually want to do is hack the hell out of whatever network they inadvertently come upon. (For the ones who were not attuned to wireless exploration, now they know of at least 200 open networks somewhere on this island) Behave yourselves people - you know who you are! :cop: And believe me, there are a whole lot more of them that are WIDE open.

Let's not forget those of us who have been openly sharing their wireless networks too. :cool: Perhaps we didn’t want EVERYONE to know that they can browse the internet for free in certain parts of the island. :what: Like I said before, your intentions may have been good, but you broke the unwritten code of war driving on multiple levels. :shhh: There may not have been any warchalking symbols up, but that's cause in this society strange markings appearing on walls are a cultural taboo. People may think someone is trying to do Obeah or somethin' :voodoo:

So far you have held your own in this discussion, you'll do well here on BahamasIssues...Welcome!
:cheers:


Thank you, I don’t consider my self a hacker, so for me there is no hacker ethics. I consider myself a Technologist. Like you I have taught classes, mostly at college level on information assurance.

I noticed in your previous posts you mentioned about PUC and its VOIP policy. Have you noticed just how bad the VOIP policy is written? The policy only says that it is unlawful to “offer or sell’ VOIP services. It does not say that it is actually illegal. Interesting loop hole.

Have you looked at the eCommerice laws? What is your opinion? Studying Internet and Technology law is one of my geeky “hobbies”. From what I have researched, the government did not do its homework when formulating the laws. It has huge holes.

The example you make about the locked doors is analogous to port scanning and not war driving. In war driving you are listening to a publicly broadcasted signal on a public frequency. In checking locks (like scanning ports) the action has to be initiated (implied intent). In war driving you are listening to freely broadcasted signals (completely legal). Even WEP frames are unencrypted, only the data is encrypted. In war driving, you are simply listening to a signal on a public (unlicensed) frequency. Legal arguments have been made that wireless access points should be treated like cordless phones. The big difference between the two is that there must be an attempt by the equipment manufacture or consumer to “protect” its signals. If there is no attempt to protect its signal through a cipher or some type of warning, there is no violation. I only know of one state (I think it was Maine) in which legislation was specifically passed that attempted to outlaw war driving. While passed, it has not been tested by the courts.

As far as our eCommerce laws, listening is not illegal. Using or attempting to connect to an open access point however, could be interpreted as unauthorized use of computing services. The software you use to war drive could also determine if unauthorized computing services are used. Active scanners if strictly interpreted could be found to use unauthorized computing services.

From what I see, major problems stem from a lack of foresight by some of those in authority, as well as a slight case of protectionism and greed, I might add.

Sometimes it seems that when someone comes up with a brilliant idea, there is a resulting clamp down on related technologies, unless some sort of profit is made directly by certain entities. Just look at the reflexive increase on duties on Satellite phones during the hurricane season for example.

I've ended up going international for many of my projects as some local powers have blatantly ignored them, don't understand them, or are simply waiting for me to pay homage to their pockets (or perhaps their egos). Sometimes that is how business runs, but I do not like the concept that someone else who had NO part in designing, manufacturing, or implementing a concept should get paid for it.

We largely adopt systems of regulation that do not fit our growing sectors of technology, stemming our own growth signigficantly. Even with E-commerce they are dragging their feet. With a huge consumer market in the US that loves the use of credit cards, and newly formed ties with the Chinese and Japanese, this country could be a major force in the export market by building manufacturing plants associated with businesses from those two countries, providing jobs on the Family islands and adding to our sense of financial stability. Our proximity to the US is a plus in that regard.

Technology changes so rapidly that one sector often merges with another, such as with the Internet and telecommunications. Some people ask what's the use in war driving. In a way it's simply testing how different areas "hold" a wireless signal. Why? Check this out:

Wi-Max technologies + inevitable 802.1x saturation on the island + Internet access + VoIP + Siemens Cellular phones that have wireless Vo-IP capability...

WiMAX Technology


WiMAX is a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL. WiMAX will provide fixed , nomadic, portable and, eventually, mobile wireless broadband connectivity without the need for direct line-of-sight with a base station. In a typical cell radius deployment of three to ten kilometers, WiMAX Forum Certified™ systems can be expected to deliver capacity of up to 40 Mbps per channel , for fixed and portable access applications. This is enough bandwidth to simultaneously support hundreds of businesses with T-1 speed connectivity and thousands of residences with DSL speed connectivity. Mobile network deployments are expected to provide up to 15 Mbps of capacity within a typical cell radius deployment of up to three kilometers. It is expected that WiMAX technology will be incorporated in notebook computers and PDAs in 2006, allowing for urban areas and cities to become “MetroZones” for portable outdoor broadband wireless access.

In the words of McD's new slogan: I'm loving it!

It is pretty easy. There are three things you should always do:

1 – Make sure that the firmware of the access point is up to date. Just follow the instructions that came with the access point. With today’s wireless access points, it is usually as simple as clinking a link on the web interface of the access point. For example, there is a common vulnerability in the linksys (BFR series) routers that can allow a person to change the configuration of the router without entering a password. This was corrected by an update about 9 months ago. I still however see a lot of linksys access points running this vulnerable version of firmware.

2- Change the name of the router and password. Again, very easy to do. A person war driving with malicious intent will first look for low hanging fruit. Access points with default names will 80% of the time also have default passwords (easy pickings).

3 – Enable the built in protection. All access points come with built in protection called encryption. Encryption does not hide the fact that a wireless access point is there, it makes communication with the access point, or the data to and from the access point very difficult to read. Setting up encryption is again easy, just follow the directions in the manual. It should take about 10 minutes to setup. With Windows XP, even a seven year old can do it. The encryption standard that comes with most access points is something called WEP (Wired Equivalent Privacy). While it is not robust enough for a bank or government, it is fine for small business and homes. In my tests, it took 8 days to break the WEP encryption on my own network (crunching 24/7).

If you are talking about sensitive businesses like a bank or a government agency, the steps would be a little more complicated.

I don't have a wireless Internet connection, but I know a few people that do. I have handed on Jimmy advice on how to secure them.

I, for one, am grateful for your advice and for the fact that you go "War Driving."

P.S. Anymore advice about computer security, in general, will be welcome, Jimmy.

MSN has an interesting article on its homepage today. Quite timely...

How To Steal Wi-Fi
And how to keep the neighbors from stealing yours. (http://slate.msn.com/id/2109941/?GT1=5744)

We largely adopt systems of regulation that do not fit our growing sectors of technology, stemming our own growth signigficantly. Even with E-commerce they are dragging their feet. With a huge consumer market in the US that loves the use of credit cards, and newly formed ties with the Chinese and Japanese, this country could be a major force in the export market by building manufacturing plants associated with businesses from those two countries, providing jobs on the Family islands and adding to our sense of financial stability. Our proximity to the US is a plus in that regard.



I agree they need more public consultation of many tech issues. I know that our eCommerce laws do not adequately address the problem of non-repudiation, if the Government was confident about the validity of digital signatures (as they claim), they would not have made exceptions in the type of document that can be electronically signed. The EU Safe harbour laws incontrast, are an excellent example of a tiered approach to the authentication and non-repudiation of digital signatures.

I don't have a wireless Internet connection, but I know a few people that do. I have handed on Jimmy advice on how to secure them.

I, for one, am grateful for your advice and for the fact that you go "War Driving."

P.S. Anymore advice about computer security, in general, will be welcome, Jimmy.


Thank you, I am glad you found the information on war driving helpful. I wrote a two-part article on home office security a few months back. If I can find it I will repost it.

since yall were on the topic.
Kevin Rose (http://en.wikipedia.org/wiki/Kevin_Rose) former G4Tectv(now g4 host) has a videozine called Systm (www.systm.org). One of his episodes was featuring him making a war spying device, that could have intercepted the video of any unencrypted wireless camera.

Rory should be interested in it.

thanks leo, ill check that out. *pours out tequila for fallen homie "techtv"*