On Wednesday (01/30/2002 at 10:27AM -0600), Andy Warner wrote: > Asim Beg wrote: > > > I was amused by one of the comments on slashdot: > > > > "Unless the thing supports IPSec, it would be 100% useless for business > > travelers > > > > Last time I was at the IETF, in Pittsburgh, Marconi was running the show and > > gave everyone 802.11 cards. I plugged mine into my notebook and fired up my > > Ethernet sniffer, which collected approximately 700+ webmail > > username/password pairs, over 100 POP logins, a good littering of telnet > > logins, a bunch of tunneled CIFS logins, and other assorted good stuff. > > Enough to crack into a user account at a large portion of the represented > > telco R&D firms. What I learned at IETF that year: the telecommunications > > world was still too stupid to be allowed to own wireless ethernet. > > I can vouch for that. At Nanog22 during one of the breaks, > someone put up a slide with 40 or so passwords on it that they had > snarfed with dsniff. One can only hope that the world will one day recognize that if they are going to play on the public airwaves, with radio TRANSMITTERS, that they should assume the burdeon of securing their transmissions themselves. There's a huge percentage of the population that can't make the connection between "wireless" and "radio" and "broadcasting" and have no idea that their stuff is flying around for everyone to see. I am (and forever will be) against any kind of legislation that makes it a crime to look at this stuff in the air. If there should be any legislation, it should be that these devices must carry labeling that tells the user he is using a radio transmitter and everyone can hear him! To me, this is the same as standing naked in your front yard and then wanting the city to pass an ordinance that says your neighbors can't look at you. cje -- Chris Elmquist | mailto:chrise at pobox.com | http://www.pobox.com/~chrise