I've read a few of Bruce Schneier's articles in the past and I'll certainly defer to him on specific matters of security.
However I have to disagree with his steal this wi-fi article.
Quite simply, Bruce is wrong on not securing his wireless network. He alludes to it himself,
I know people who rarely lock their front door, who drive in the rain (and, while using a cellphone) and who talk to strangers.
His first point sums up the problem. In an ideal world we could leave our doors open and trust our neighbours and passers by.
Sadly, in today's modern world you can't always trust your neighbours and passers by. Just as some of them will steal your DVD and laptop, some of them do want use your Internet connection for bad deeds.
One of the main reasons why hackers and criminals spend so much time developing malware is so they can steal bandwidth and spoof IP addresses. Being able to use someone else's connection is incredibly useful to the bad guys.
Leaving your wireless network open only makes the job easier. In fact, it probably encourages people without the skills or work ethics of the serious hackers.
The part of Bruce's article distresses me the most though, is his comment about being prosecuted for something done from an Internet connection as being "far fetched".
Bruce lives in the same land as Julie Amero. Her case alone proves in US that the combination of an incompetent cop, a gung-ho prosecutor, a lazy judge, a clueless defense attorney and jury of morons is more than enough to get someone convicted of serious crimes.
But the risk of prosecution isn't the problem, an investigation alone is a costly, stressful exercise. Just being investigated for child porn or cybercrime offenses may be enough to destroy marriages and careers.
Having your computers confiscated for weeks as investigation goes on would cost people like Bruce and myself a lot of money.
Bruce's opinion in Beyond Fear, that security is actually a series of trade offs, is quite right. In this case though I think Bruce has the trade off wrong; the convenience of being able to access free Wi-Fi does not justify the substantial risk of bad guys piggy backing on your Internet connection.
The moral is quite clear. Protect your wireless network.
Friday, January 11, 2008
Subscribe to:
Posts (Atom)