dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5093
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

People's names in SSIDs.

Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

said by antdude:

Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance.

Yes, I see a lot of recognizable real names as well as somewhat easily recognizable aliases/nicknames as part of SSIDs in my neighborhood. FWIW, I use a DBA name for my SSID. OTOH, I also see a lot of 2wirexxxx, Netgear, Linksys, etc SSIDs (I live in an apartment complex, and sometimes I see dozens of SSIDs, not just two or three)
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

reply to antdude

Buenas dias, compadre. Como esta?

I have a few senior neighbours that use first names for their SSID. It's a tight-knit group, so I see no sec problems.
--
Better to have it and not need it, then need it and not have it.


Tig

join:2006-06-29
Carrying Place, ON

1 recommendation

reply to antdude

Yes. Frequently. My next door neighbour even did that.
I choose not to, but I don't see a problem with it.


twixt

join:2004-06-27
North Vancouver, BC

1 recommendation

reply to antdude

said by antdude:

Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance.

-

Hi, antdude. While this is a frequent practice, it has more to do with the convenience of the users on that WAP (Router) - so they can readily find the proper system without having to know an obfuscated SSID.

However, this does have the potential to make unauthorized access easier - so from a security standpoint I recommend home users select an SSID which cannot be readily traced to a particular location.

Obviously, hotspots in Commercial establishments commonly use SSIDs that readily identify their location - so users can connect to the WAP that will properly accommodate the password for that system. This is not necessarily "a good thing" (tm) - it simply reflects the need to accommodate a constantly-changing-set-of-users who access that WAP.

In a home environment, an obfuscated SSID can be readily obtained from the WAP (Router) administrator without undue effort. Consequently, IMO the security benefits of using an obfuscated SSID outweigh the practical constraints. However, opinions on the subject do differ...

The above is a standard Engineering tradeoff. The decision is therefore the responsibility of the WAP (Router) administrator - and the security implications that accrue are thus their responsibility to weigh. There is no "right" or "wrong" answer.

Hope this helps your understanding.

Tig

join:2006-06-29
Carrying Place, ON

1 edit

Twixt, please elaborate on how choice of SSID could make it easier for unauthorized access.



DownTheShore
Honoring The Captain
Premium
join:2003-12-02
Beautiful NJ
kudos:13
Reviews:
·Verizon Online DSL

1 recommendation

reply to antdude

I've noticed that a lot of people in my brother-in-law's residential neighborhood use their actual street address as their SSID, and inSSIDer shows a number of them with only WEP encryption. So given that WEP can be cracked and the hacker can pinpoint the exact address the wireless signal originates from, that doesn't seem to be very smart, security-wise.


twixt

join:2004-06-27
North Vancouver, BC
reply to Tig

said by Tig:

Twixt, please elaborate on how choice of SSID could make it easier for unauthorized access.

-

Hi, Tig. DownTheShore has the right idea...

If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

If you don't know that info, then your social-engineering-type attacks need to be generic - and thus they are far less effective.

Note: The above presumes that someone desires to penetrate a particular WAP/Router's defences. Since most attempts to penetrate are simply to steal internet access, this is irrelevant in many cases. Typically, it is much less work to move on and find a poorly-secured WAP/Router than it is to penetrate a router properly configured to use WPA2-AES with a strong passphrase.

However, the above assumes the hacker has no real purpose in his/her attack - other than to gain access to the internet. This is not always the case.

I am not going to detail various scenarios - since that gives people ideas I don't want to spread. However, there are several ways to compromise any system where the userlist for that system is known - methods successfully used in business environments work just as well (or better) in home environments.

More details on the above will not be forthcoming.

Suffice it to say that one of the ways in which Security is strengthened on a WAP/Router is to have no idea who the users are on that system. Hence the advisability of obfuscated SSIDs.

Tig

join:2006-06-29
Carrying Place, ON
Reviews:
·voip.ms

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Hi Twixt. Thanks for the explanation but I still don't see the concern.
If you are vulnerable to a social-engineering-type attack, your problem is not your SSID.
As for WEP, it's simply not secure regardless of who set up the router.

twixt

join:2004-06-27
North Vancouver, BC

said by Tig:

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Hi Twixt. Thanks for the explanation but I still don't see the concern.
If you are vulnerable to a social-engineering-type attack, your problem is not your SSID.
As for WEP, it's simply not secure regardless of who set up the router.

-

Hi, Tig. You are missing the difference between theory and reality.

In the real world, users are not perfect. We/They simply don't respond uniformly and predictably and reliably to threat environments.

Thus, the idea is to make identifying users of a particular WAP/Router more difficult - so that specifically targeted social-engineering-type attacks are made more difficult.

-

Important things to understand about real-world security:

Security is not about making things absolutely foolproof. This is impossible, because fools are so ingenious as to wreck even the most-carefully-constructed security environments.

Furthermore, even the most conscientious of users make mistakes. Humans are not inherently reliable. Even those with delusions of perfection - yes, insert incredulous remark here - have been known to do something as stupid as click on a confirmation they should have avoided... Such is life.

Thus, Security is about making things more-difficult in your particular situation - such that the intruder finds it easier to simply move on to an easier target.

-

Note: The issue of WEP is a red herring. IMO, users of anything other than WPA2-AES are simply asking for trouble.

However, again, we are dealing with real-world-users who are not perfect. Either through ignorance or sloth or cheapthink, users in these categories are not paying attention to valid security concerns.

I consider the vast majority of the above users to be categorically "incorrigible" - and nothing I can do or say will convince them of the usefulness of research, planning or forethought. Thus, I won't bother.

However, IMO anything I can do to mitigate their idiocy is to be applauded - and implemented.


sbconslt

join:2009-07-28
Los Angeles, CA

1 recommendation

reply to antdude

Going back to ant's original question, I see many first names, nicknames, and inside jokes as SSIDs in range here, but very few last names.
--
Scott Brown Consulting



Jason
Stowage Class Traveler
Premium,Mod
join:2001-01-24
38.2967 Lat
kudos:3
reply to antdude

My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is

-J
--
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Jason:

My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is

-J

Take a mobile network device and go explore!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by antdude:

said by Jason:

My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is

-J

Take a mobile network device and go explore!

Of course, don't forget to take along your Pringles Cantenna!



--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

tbone2006

join:2006-07-22
Abilene, TX

1 recommendation

reply to antdude

Hola pinche

Yes I see neighbors using last names all the time. Also good ssid's like 'getyourownfuckinginternet'



hurleyp

join:2000-06-20
Ottawa, ON
reply to antdude

Some clever folks use their twitter handle as their SSID.
--
"I reject your reality and substitute my own."



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to NetFixer

said by NetFixer:

said by antdude:

said by Jason:

My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is

-J

Take a mobile network device and go explore!

Of course, don't forget to take along your Pringles Cantenna!

[att=1]

Is that a female hacker/cracker/geek/nerd? :P
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


OldCableGuy

@planetcr.net

Marketing photo, girl not included.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to antdude

Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs.


Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

2 recommendations

reply to antdude

A big thing for WEP is that some people still have legacy devices floating around. old wifi printers are a common offender.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by Kearnstd:

A big thing for WEP is that some people still have legacy devices floating around. old wifi printers are a common offender.

Yeah. Doesn't Nintendo Wii or something use WEP only too? Anyways, I just have another WAP for those old stuff. I turn it off when not needed which is pretty much 99% of the time these days.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Jason
Stowage Class Traveler
Premium,Mod
join:2001-01-24
38.2967 Lat
kudos:3

1 recommendation

reply to antdude

said by antdude:

Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs.

"But nobody loves Zoidberg!"

Thats pretty cool.. I too am now thinking about a cool ascii 'art' SSID..

d-.-b
--
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.


OverBurn

join:2004-02-21
Greenwood, IN
reply to antdude

My SSID is "SurveillanceVan2"



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to Jason

said by Jason:

said by antdude:

Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs.

"But nobody loves Zoidberg!"

Thats pretty cool.. I too am now thinking about a cool ascii 'art' SSID..

d-.-b

Yeah, I am surprised that would work for SSIDs. Too bad we can't use symbols, extended characters, ANSI colors, ANSI music, etc. OK. Maybe not colors and music. [grin]
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Irun Man
Spartan up
Premium
join:2002-10-18
Walden, NY
reply to antdude

said by antdude:

Yeah. Doesn't Nintendo Wii or something use WEP only too? ...

My Wii, bought in 2008, supports WPA2.
--
I turned on my computer for this?