The Times: Tech column - Drive-by hacking/DVD Easter eggs/A better "Error 404" message
By David Rowan
It is known as "drive-by hacking" or "net stumbling", and last week a fashionable London noodle restaurant became the latest victim of today's most prolific security breach: the capture of a private wireless network. These local "Wi Fi" networks are on the rise, and for convenience they cannot be beaten: when you order a ramen soup from a waitress at Wagamama, the details are transmitted straight from her Compaq iPaq handheld computer to a terminal in the kitchen. Unfortunately, Wagamama - like almost all British firms now installing wireless networks - neglected to follow some basic security precautions. This leaves them vulnerable to a nearby hacker armed with little more than a laptop.
"In less than one minute we had enough information to access the network entirely, and start to have some fun," a hacker who targeted a West End branch of Wagamama told the news website VNUNet. "No wireless encryption protocol, no passwords, not the slightest difficulty to pick up the signal and start snooping." The company seems not to have realised that a wireless network is a pushover unless it is secured.
It is not the only one. According to new research from Digilog and the International Chamber of Commerce (ICC), some 94 per cent of London's wireless corporate networks are wide open to hackers. These include financial institutions, law firms, media companies and government departments - more than 5,000 offices whose wireless networks fall short of the required security protocol. "Hackers can access the e-mails people are writing, the financial transactions they are making, the codes they are using to connect to the Internet," according to Pottengal Mukundan of the ICC's crime-fighting unit.
A number of IT managers I spoke to confessed this week that they are only beginning to tackle the vulnerability of the most prevalent wireless standard, known as 802.11. Although it comes with its own security protocol, known as WEP (Wired Equivalent Privacy), all too often the network is set up straight from the box. A hacker can then use easily available tools to break in.
And that means that any company that fails to secure its wireless network is inviting the world inside.
++++
Did you get the Easter egg you were hoping for? No, not the chocolate one, but the hidden code embedded in some software that gives you an unexpected surprise. Programmers have long inserted mini-cartoons or games in PC applications, launched by a certain combination of keystrokes - such as the Spy Hunter-like game hidden in Microsoft Excel 2000. But the real growth area today is in DVD Easter eggs, with programmers packing movies with concealed outtakes or extra interviews.
One website, DVDeastereggs.com, has counted more than 600 movie-based goodies. on the moulin rouge dvd, you can click on a green fairy to see embarrassing out takes of the can-can, for example. Initially it was a way for bored programmers to remind the world that they were "creative". Today, it is a useful way to generate "buzz" around a film. But it also helps to explain why the DVD, with its huge capacity to store data and its easy interactivity, has taken over from the video cassette.
++++
A missing web page usually prompts a frustrating"Page Not Found" or "Error 404" message. But not at the Hull phone company's ISP, Karoo.net, whose Web servers respond in person."Nothing helped," the error page apologises as new sentences keep scrolling up the screen."I'm really depressed about this. You see, I'm just a web server. Here I am, brain the size of the Universe, trying to serve you a simple web page, and then it doesn't even exist! Where does that leave me? I mean, I don't even know you. How should I know what you wanted from me? And where do you get off telling me what to show anyway? Huh?" Good to know that the spirit of Douglas Adams lives on.
(The Times, April 3 2002)
It is known as "drive-by hacking" or "net stumbling", and last week a fashionable London noodle restaurant became the latest victim of today's most prolific security breach: the capture of a private wireless network. These local "Wi Fi" networks are on the rise, and for convenience they cannot be beaten: when you order a ramen soup from a waitress at Wagamama, the details are transmitted straight from her Compaq iPaq handheld computer to a terminal in the kitchen. Unfortunately, Wagamama - like almost all British firms now installing wireless networks - neglected to follow some basic security precautions. This leaves them vulnerable to a nearby hacker armed with little more than a laptop.
"In less than one minute we had enough information to access the network entirely, and start to have some fun," a hacker who targeted a West End branch of Wagamama told the news website VNUNet. "No wireless encryption protocol, no passwords, not the slightest difficulty to pick up the signal and start snooping." The company seems not to have realised that a wireless network is a pushover unless it is secured.
It is not the only one. According to new research from Digilog and the International Chamber of Commerce (ICC), some 94 per cent of London's wireless corporate networks are wide open to hackers. These include financial institutions, law firms, media companies and government departments - more than 5,000 offices whose wireless networks fall short of the required security protocol. "Hackers can access the e-mails people are writing, the financial transactions they are making, the codes they are using to connect to the Internet," according to Pottengal Mukundan of the ICC's crime-fighting unit.
A number of IT managers I spoke to confessed this week that they are only beginning to tackle the vulnerability of the most prevalent wireless standard, known as 802.11. Although it comes with its own security protocol, known as WEP (Wired Equivalent Privacy), all too often the network is set up straight from the box. A hacker can then use easily available tools to break in.
And that means that any company that fails to secure its wireless network is inviting the world inside.
++++
Did you get the Easter egg you were hoping for? No, not the chocolate one, but the hidden code embedded in some software that gives you an unexpected surprise. Programmers have long inserted mini-cartoons or games in PC applications, launched by a certain combination of keystrokes - such as the Spy Hunter-like game hidden in Microsoft Excel 2000. But the real growth area today is in DVD Easter eggs, with programmers packing movies with concealed outtakes or extra interviews.
One website, DVDeastereggs.com, has counted more than 600 movie-based goodies. on the moulin rouge dvd, you can click on a green fairy to see embarrassing out takes of the can-can, for example. Initially it was a way for bored programmers to remind the world that they were "creative". Today, it is a useful way to generate "buzz" around a film. But it also helps to explain why the DVD, with its huge capacity to store data and its easy interactivity, has taken over from the video cassette.
++++
A missing web page usually prompts a frustrating"Page Not Found" or "Error 404" message. But not at the Hull phone company's ISP, Karoo.net, whose Web servers respond in person."Nothing helped," the error page apologises as new sentences keep scrolling up the screen."I'm really depressed about this. You see, I'm just a web server. Here I am, brain the size of the Universe, trying to serve you a simple web page, and then it doesn't even exist! Where does that leave me? I mean, I don't even know you. How should I know what you wanted from me? And where do you get off telling me what to show anyway? Huh?" Good to know that the spirit of Douglas Adams lives on.
(The Times, April 3 2002)
posted by David Rowan at Wednesday, April 03, 2002
<< Home