The Idiocy of Wi-Fi Continues

23 January 2009

After listening to TWIT, Security Now and several other podcasts that are relevant to the tech industry, I have heard that more and more people and businesses are using WEP and WPA on their wireless networks.  While WEP is certainly NOT the best solution, it is something.  WPA is widely considered the minimum protection by many, if not most, of people who care about the use of wi-fi networks.  I certainly encourage my customers to use it when they purchase a wireless network setup.

Now for the “IDIOCY”!

A phone call came into the store shortly before we opened today.  The person on the phone states to me that he works for a local business and gets his wireless from a different local business.  He is having trouble connecting, because the router is over 40 feet away and goes through several walls.  Well that can be a problem.  He wants an antenna that will “improve” his connection.

The first thing I ask is if he actually has permission to use this connection.  He states that he in fact does have permission.  OK.  I tell him that we do carry some antennas that “could” help, with emphasis on the “COULD”.  We discuss the type of wi-fi adapter that he has to determine if one of the antennas we have will actually work for him.  He tells me that he has a desktop PC with a wi-fi adapter in the back.  I as if it is USB, and he tells me that it is not USB.  Well, it sounds like we can help.

When the guy shows up in the store, he has a different story about the wi-fi adapter.  He actually looked at it and turns out it is a USB adapter.  Since he is not giving me the “tech toy hacker” vibe, I don’t even suggest soldering on an antenna to the USB device.  He says that it might help if he was to get past one of the walls and wants to know if we have an extension cord for USB.  We can do that, so he purchases one.

During to course of our conversation, I was able to get more info on his “wireless setup”.  He business and “several” other businesses all use the high speed DSL connection that it paid for by one of the local businesses.  This is probably against the “terms of service”.  He did tell me he has to put in a “security code” to connect to the wireless.

Now for the scary part.  The business that they are all using for their wireless connection is an insurance company.  I know quite a bit about the network used in the insurance company, because I know who installed the network equipment.  He was told that the owner of the business wanted a wired/wireless network for “in office” use only.  There would be 2 wired users and 1 wireless user.  Only the office staff would have access to the network.  It was setup with a WPA key for the wireless user to prevent anyone from using the network that was not part of the office.  Windows file sharing is in use on this network and none of the shares have passwords as per the owners requirements.  This means that anyone connecting to the wireless network has access to the shares on the original network setup for the insurance company.  I repeat, anyone connecting to this network can now SEE the files that have been shared by the insurance company.

25 January 2009

I wrote the original post above two days ago.  I was amazed and a little upset at the time and thought that the person who came in the store may have had incorrect information or somehow figured out that WPA key from the insurance agent and was using the wireless network without permission.  I was, however, wrong in this assumption and the original information was correct.  The insurance agent is giving out the WPA key to his wireless network so that the other businesses around him can share the connection.  He pays for a business class internet connection from a local ISP, then splits it out with the neighbors.  He is using consumer grade equipment, a Linksys WRT54G, to create this wireless connection.  The Windows shares are still unsecured as the insurance agent is unaware of how to change it and seems unwilling to do so.  This is unfortunate as the shared data is there for to taking by anyone who is able to connect to this network.  I have to hope that the people who have access to this data are honest people.

The moral of my story is this, if you are going to go to the trouble to secure your wireless, please don’t just give the key out to whomever.  If you are going to be benevolent and share an internet connection that is connected to a network, by all means, protect sensitive data.  The sharing of your network should not give everyone the keys to the kingdom.

Stupid Questions

A customer came into the store.  She had a puzzled look on her face, denoting to us that she had no clue what she was doing.  Seems that her son had purchased a laptop at a (nationally recognized retailer) and was wondering if we had the disc to connect to the Internet.  Wow that must be some disc!

We tried to establish how she was connecting to the Internet.  Do you have broadband?  I don’t know.  Do you have dial-up?  I don’t know.  Is your computer connected thru some kind of box that your Internet provider brought out?  We live in the country, if that helps.  Oh, do you have satellite Internet?  I don’t know.  Do you have a dish style antenna on your house that isn’t used for TV?  I think so, but I’m not sure.  Do you have Wyldblue?  It was blue something, but they came out and changed it.  Maybe it is HughesNet?  I don’t know, but it was blue something and then they came out and changed it to something else.

As you can see we were making little to NO progress!

She did tell us that the laptop connected wirelessly and that you could use the Internet and talk on the phone at the same time.  So we assumed that she had broadband.

The conversation went back and forth like this for about 15 minutes.  It was obvious that we were wasting out time, but I guess we were not busy.  We finally had to tell her that we didn’t have any disc that would connect her to the Internet.  She was going to have to connect herself.  She was going to have to figure out her computer if she wanted to use to Internet.  Plan B was to bring the thing in for a demonstration or something, but I had serious doubts as to our chances of that even being successful.  She would call back and say she couldn’t get it to work as soon as she got home.

I Should NOT Have Called

A message was waiting for me today at work.  It said that a customer was having “Internet problems”.  Vague I know and not really my area as we don’t install DSL, but I called anyway.  Big mistake.  The “problem” was “improvements” made by the daughter to make it “easier” for mom to use the computer.  What resulted was a pissed of mom and a daughter who had returned to her home and not able to complete phone tech support.  You know that there is a problem when the person on the other end of the phone isn’t sure how the turn the computer on.  Basically it took 30 minutes to set the home page back to what she wanted.  This time frame was due to right clicking instead of left clicking, so on and so on.  My brain was about to hemorrhage by the time I got off the phone.  Next time I will just set up an appointment to go to the house.