War Drive

A couple Web sites list free Wi-Fi spots in the area.

The list is bigger than you'd think.

Mike Klein and Jim Haburne pull up the rental car outside the newspaper, the engine running, the AC purring and a $50 antenna mounted on the roof -- pulling in a wide world of free Internet connections.

Not to mention access to email, user names, passwords, photos, songs and credit card information - if these two men want it.

They don't. That would be wrong. They're trying to prove a point and give away a product.

"We've found 598 networks since getting the car at the airport," says Haburne, an engineer for Lucid Link, as the Dell Latitude balanced on his lap makes these pinbally B_O_I_N_G noises as it finds nearby networks.

They call it a War Drive. Using free software called Netstumbler, a Global Positioning System device, and the store-bought antenna, Haburne and his boss, Mike Klein, we were trying identify how many Wi-Fi networks they could find within a 4/10th of a mile range, and figure out how many were vulnerable to thieves. If they were crackers, they would download it to a Web site that already lists hundreds of unsecured Wi-Fi sites in Philadelphia - and around the world.

Down Broad Street we go, the laptop BOINGING every few seconds.

By Broad & Locust, we've added another 195 to the database. This is the heart of the commercial district.

Half of the systems are completely unprotected. Half.

By the time we get to Tony Luke's at Front & Oregon in South Philly (hey, we have to eat) that percentage climbs above 70 percent unprotected, which is about par. That was about 350 open or easily picked networks.

Why don't people protect their Wi-Fi?

"'Cuz it's hard," Klein says. "Wi-Fi networks are designed by engineers for engineers," he said, and most of us are not engineers. What he was looking to do is make something that would secure home networks that was no more complicated than the instructions for setting up an automatic garage-door opener.

There are three levels of security their software shows them: open networks, WEP (wired equivalency privacy) and WPA (Wi-Fi protected access.) Most who have security have the second. Haburne says software available for anyone to download can crack that level of security in nine seconds.

Lucid Link sells systems to secure Wi-Fi networks for larger businesses. In April they started giving away their family and home-office protection for free to those wanting to protect three computers or less. (News story here. PC Magazine review here.) Their free software has been downloaded 50,000 times in the past two months. The business plan boils down to this: most corporate clients have Wi-Fi at home. If they love the free family software, they'll be more inclined to buy the fancy stuff for the office.

We drove back straight up 5th Street. It was impressive how many people in South Philadelphia have wireless Internet. At Washington Avenue, the rate of secured networks finally passed 20 percent. We cruised to South Street, the laptop making more and more noise. It got louder through Society Hill and as we started back toward the paper. Then Haburne grew quiet.

"Here's an interesting name of a network," he said. "It's called Archdiocese Wireless."

And it was not secure.

I went wireless a while ago and had no idea that I was unsecured and could be the ISP provider for my neighborhood. Recently, I noticed that I get both of my neighbors signals. One said, Secured the other said Unsecured. It dawned on me that I better find how to to secure my network, too. But I didn't realize that being unsecured meant people could hack into your stuff.

Yeah, all you need is a packet sniffer...

http://www.google.com/search?q=packet+sniffer

and a lot of patience and time and you can get people's unencrypted passwords, credit cards, or anything.  But that just means you should only send this stuff when you trust that you're totally secure over a Secure Socket Layer (SSL) which is usually indicated by the URL of the webpage. https:// vs.  http://

Don't look at me, I only used one once back in my networking lab in college :P

I've never understood people not securing their networks because it's "too hard" - it's all of like 5 steps.  Hell, hit me with a $20 and I'll do it for you!

Securing your network, with WEP, is an easy first step deterrent.  People see that 'secured network' when looking for a WiFi signal to mooch off of and just move on because there are so many unsecured networks.

But what if they want to do more than just mooch off of your network? Don't you think that you need better security than just WEP - its definitely better than nothing - but it doesn't take much to get past that step.