Category: Wep - MyHomeBroadband.com
 
If you've been following the news websites recently, you'll know there has been a breaking story detailing a breach on the corporate website of ACS:LAW
ACS:Law are a company who chase people, on behalf of the movie and record industry, who download content that they shouldn't be-in laymans terms, movies and music. Usually from illegal sources and distributed by Torrent sites and other P2P programs (Limewire is an example). **Update**-I had to link to the wiki article as the ACS:Law website is down-I wonder why?
The main thrust of the story is that a hacker group managed to get inside the servers of said company and obtain files detailing not only IP address's (the "fingerprint" of your broadband connection) but the customer details of who owns that connection. This group, being the charitable souls that they are, then put these files up on the web for anybody to download and view-ironically on the same Torrent systems that were used by the people fingered in the ACS:LAW files. They are still there-go to any Torrent site (here's one I am reliably informed that will point you in the right direction-I wouldn't know being an honest chap). You'll need a Torrent client to download the files-again, so I'm told.I still think Netscape is groundbreaking technology in action :-)

Just to rub salt on the wounds the UK's Information Commissioner has said the company may face a fine of up to £500,000 for this breach of the Data Protection Act. The irony increase as this has happened in the same week that the ICO have issued guidelines for small and medium business's to protect this sort of data-ouch!

Now, I've not seen these files as I keep away from torrents and all that but I'm reliably informed (I'm well informed me) that there are customer details, postcodes etc for each infringement of copyright. So if you download the files, you can look at the various peeps and see if your neighbour is one of the "bad people". Again, if I was betting man and reading the various articles on the web, I bet the files being downloaded, especially the movie ones, are not the type you would show your mother-more likely there's a mother in them-all the above is alledged of course.

So what's this got to do with wireless you say? What's you point matey? My point is, if you know about the likes of ACS:Law and what they do, and you still want to get these files, would you be likely to do it on your own broadband connection? Nope. You'd use someone else's (an open/unsecured wireless one) or you'd hack into a weakly configured wireless network (again, using the likes of aircrack facilitates this-so I'm told). This is probably the most high profile news story to date I can think of that demonstrates why you need to have a very high level of wireless security on your home broadband network.

So if you don't want a letter demanding £££'s for a copy of Debbie Does Dagenham because your wireless broadband connection is open to the world and his porn hound, drop us a line or look at some of the tutorials.
Happy downloading ;-)
 
Looks like WPA as a step up from WEP for protecting your wireless home network will soon be dead in the water. Cloud computing is now being offered (for a small fee) by not one, but two, operators. This technology offers to take a WPA capture file (which can easily be obtained by the likes of Aircrack) and combined with your SSID (the advertisement that you see when you fire up your laptop). The clever thing is that it takes this SSID and tailors the "attack" on the password. Unlike WEP, the attack is still brute force in nature, in that it uses a dictionary attack. Granted, the dictionary is an eye-watering 540 million long list of words, so if your password is long enough and random enough, then your safe. Unfortunately, most people don't use long and random passwords-duh.
Its only a matter of time before others get in on this market and/or someone gives it away for free. WPA2 is an option but either people wont/dont know about this option or their hardware wont support it. Or cant be bothered to change it.

Time to look out that cabling tool.
 
Back to me favourite subject-wireless. Sad that I am, I’m on a quest. I’m going to put a page up on the website explaining how it’s done but the blog seems a quick and easy way to talk about. I’ve set up an aerial in the car, attached to a Alpha USB wireless adaptor and hooked it all up to an old Compaq with XP on it. All feeding into a little app called Wi-Fi hopper which detects and logs Access points (AP’s). It doesn’t do any connecting in my set-up (although it can), but it details nicely AP’s. Stick it in the boot, put it on auto-save and away you go. Which leads nicely onto the next point…

I wanted to find out (approximately) how many people in my area, and a bit further afield, were using open and more importantly, WEP . Here’s my theory-WEP, which is security on wireless routers, is more dangerous than an open (no encryption) router.If it’s open, the you can take precautions .If you have WEP, then you have a false sense of security. So far (13th Sep), I’ve detailed just under 3,000 AP’s! Breakdown is roughly 30% Open, 35% WEP and 35% WPA/WPA2. Surprised-I’m not. I’ve mentioned Aircrack before (WEP key cracking tool) but some bright spark has built a VM ware image-so now it’s plug and play.With the above bits of hardware, you simply download and install VM player on your XP machine ,load up the image and away you go. 5 mins for 64 bits encryption and 20 mins for 128 bits (all on my own wireless AP of course). Da-dah-encryption key is found. Then it’s simply a matter of going back into XP, use the Windows supplied wireless software and connect to the router using the said found key.

The really interesting (or dangerous) point is the amount of business’s that have a WEP configured router-it’s one thing to let someone use your bandwidth-it’s another if someone decides to hack into your network and delete your last year’s accounts. My question is-how do you let them know to tell them how to fix it?