This weekend the security initiative Wardrive begins its annual
attempt to map all unsecured wireless networks.
The group that runs the www.worldwidewardrive.org Web site leaves
its own identity secret but does offer numerous links to other
like-minded organisations.
Wardrive appears to be an offshoot of warchalking, another tactic
intended to disclose unsecured wireless networks.
Warchalking gets its name from chalk marks left by tramps during
the Depression indicating if a place was good for handouts or a
place to stay away from.
Although the warchalking site, www.warchalking.org, makes no
apology for revealing open and closed wireless networks that could
be used in either a somewhat benign fashion to gain free access to
the Web to a more scurrilous use for hacking into corporate
networks, the wardrive efforts appear to be aimed at making
companies aware of their own security lapses.
One security expert said that to call Wardrive a service may be
going too far, but the effort does serve a good purpose.
"It is a guide to help people understand if there are issues [with
their wireless network]," said Guy Denton, principal manager in the
security and consulting practice at IBM.
Denton, a member of an IBM internal organisation known as the
Ethical Hackers Group, said if nothing else it could serve to
embarrass network managers into creating more secure
networks.
"The problem is the right people aren't reading the site," Denton
added.
Denton also said about 30% of all corporate networks are not
secured adding that the Ethical Hackers do not attempt to breach
the security of networks unless invited to do so.
Denton warned that even when secured, network managers can,
inadvertently, expose their wireless networks to attack by hitting
the reset button when an access point goes down.
"Default is no security settings. If you reboot there is a good
chance you are resetting and clearing out any configuration setting
you might have added," Denton said.
The last wardriving effort located 9,374 sites.