The great thing about listening to podcasts
is that you can learn a lot from your peers. People speak from
experience and suggest new ways of solving old problems and so forth.
The downside of thisequation is that people are not always right. This
week I was listening to the listener feedback episode 83 of Going
Linux, a great instructional podcast on using Linux that i’m subscribed to. Larry and Tom are two great guys who put together several shows a month, talking about several linux-related
topics for novice and advanced users. Once every three weeks they do a
listener feedback shows where they deal with listener questions and
answer emails.
In this episode Tom tried to point out the
security of his Linux system by pointing out he had hooked up his
system directly to the Internet (without a nat router) and had given out his IP address on the air to challenge
people to "come and see" how secure his system really was. I found this
a bit of a bold move just to point out how secure a Linux system is,
but it was his own machine, thus his ownprerogative . I also doubt the
fact that the listeners of the show have many "high level hackers" in
their ranks, and aside from the obvious "knocks on the door" of some
closed up services, Tom’s pc was not at any high risk to be hacked.
I
did however take issue with his second, even more bold then the first
one, where Tom mentioned he was "running his wireless router without
any security" and was "leaving it open as a public service".All tough this point was made to once again stress the security of his linux workstation in his own network, Tom overlooked OTHER obvious dangers to leaving your wireless network open.
Leaving your home wifi network open exposes you to so-called "sniffing" attacks
that use the shared wireless medium as an attack vector. Every packet
of information on a wireless network is received by every computer that
is connected to that network. If everything works the way it should
only the computer who the packet is directed TO, responds and accepts
the packet, while the other computers on the network ignore them. BUT
if even a simple script-kiddie hooks up to your "open wireless network"
using a simple program like "ethereal or Wireshark" he or she can sniff every package that goes across your wifi network as long as its not encased in a https or ssl tunnel. This means that things like Tweets, Msn chats, POP3 email and more can be easily read by a third party, without you knowing about it.
A
second danger that might arise is the fact that people may "piggy back"
on your connection and use it to download illegal content, and for that
YOU are held responsible because it is your IP address.
So just looking at two of the possible risk factors, leaving your Wifi network open is considered a big nono, for your own safety !
I
understand why Tom wanted to use this method to point out how "secure"
his workstation is, but this is a naive an risky way of doing so. You
don’t leave your front door open at night because you have a big dog ?
Security comes in layers and its not because you ‘think’ that your
workstation might be secure, you can leave everything else wide open.
But as a podcaster you have a responsibility for the things you say on the air, and if you are not completely knowledgeable of the topic , there is no shame in saying so.
For
me it was important to write up this little article, rather then
sending it in as feedback to Larry and Tom because its important that,
if ANY Of you are not using WPA2 encryption on you wireless networks, its about time you start .. NOW !
You can find the great Going Linux podcast HERE .
Just as a bonus i’ll show you a little video on how it is done .. Ironically , using LINUX.