Topic 'Re: People's names in SSIDs.' in forum 'Wireless Security' - dslreports.com

Re: People's names in SSIDs.

Fri, 02 Nov 2012 11:06:08 EDT

Irun Man posted :

said by antdude:

Yeah. Doesn't Nintendo Wii or something use WEP only too? ...

My Wii, bought in 2008, supports WPA2.
--
I turned on my computer for this?

Re: People's names in SSIDs.

Sun, 28 Oct 2012 16:50:03 EDT

antdude posted :

said by Jason:

said by antdude:

Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs. ;)

"But nobody loves Zoidberg!" :-)

Thats pretty cool.. I too am now thinking about a cool ascii 'art' SSID..

d-.-b <---listening to music? :)

Yeah, I am surprised that would work for SSIDs. Too bad we can't use symbols, extended characters, ANSI colors, ANSI music, etc. OK. Maybe not colors and music. [grin]
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: People's names in SSIDs.

Sun, 28 Oct 2012 00:41:41 EDT

OverBurn posted : My SSID is "SurveillanceVan2" :D

Re: People's names in SSIDs.

Sat, 27 Oct 2012 00:24:35 EDT

Jason posted :

said by antdude:

Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs. ;)

"But nobody loves Zoidberg!" :-)

Thats pretty cool.. I too am now thinking about a cool ascii 'art' SSID..

d-.-b <---listening to music? :)
--
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.

Re: People's names in SSIDs.

Fri, 26 Oct 2012 21:20:56 EDT

antdude posted :

said by Kearnstd:

A big thing for WEP is that some people still have legacy devices floating around. old wifi printers are a common offender.

Yeah. Doesn't Nintendo Wii or something use WEP only too? Anyways, I just have another WAP for those old stuff. I turn it off when not needed which is pretty much 99% of the time these days. ;)
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: People's names in SSIDs.

Fri, 26 Oct 2012 11:47:58 EDT

Kearnstd posted : A big thing for WEP is that some people still have legacy devices floating around. old wifi printers are a common offender.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

Re: People's names in SSIDs.

Sat, 20 Oct 2012 16:54:33 EDT

antdude posted : Forget people's name, use one line ASCII arts like »i.imgur.com/3Y1VW.png from »www.reddit.com/r/futurama/commen···fi_name/ ... I will have to do that for my future SSIDs. ;)

Re: People's names in SSIDs.

Thu, 18 Oct 2012 10:28:39 EDT

anon posted : Marketing photo, girl not included.

Re: People's names in SSIDs.

Wed, 17 Oct 2012 07:28:43 EDT

antdude posted :

said by NetFixer:

said by antdude:

said by Jason:

My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is :)

-J

Take a mobile network device and go explore! ;)

Of course, don't forget to take along your Pringles Cantenna!

[att=1]

Is that a female hacker/cracker/geek/nerd? :P
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: People's names in SSIDs.

Tue, 16 Oct 2012 13:43:26 EDT

hurleyp posted : Some clever folks use their twitter handle as their SSID. ;-)
--
"I reject your reality and substitute my own."

Re: People's names in SSIDs.

Fri, 12 Oct 2012 18:48:21 EDT

tbone2006 posted : Hola pinche

Yes I see neighbors using last names all the time. Also good ssid's like 'getyourownfuckinginternet'

Re: People's names in SSIDs.

Thu, 11 Oct 2012 15:17:27 EDT

NetFixer posted :

said by antdude:

said by Jason:

Take a mobile network device and go explore! ;)

Of course, don't forget to take along your Pringles Cantenna!

[att=1]
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

Re: People's names in SSIDs.

Thu, 11 Oct 2012 14:57:47 EDT

antdude posted :

said by Jason:

Take a mobile network device and go explore! ;)
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.

Re: People's names in SSIDs.

Thu, 11 Oct 2012 01:09:40 EDT

Jason posted : My networks SSID is "entropy"

Around me, I see "Smith" Dlinkxxxx" some 2-wire stuff, and "Poo gas"

Spread out, and (again) a pretty tight knit neighborhood..

...Still want to find out who poo gas is :)

-J
--
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.

Re: People's names in SSIDs.

Tue, 09 Oct 2012 17:44:59 EDT

sbconslt posted : Going back to ant's original question, I see many first names, nicknames, and inside jokes as SSIDs in range here, but very few last names.
--
Scott Brown Consulting

Re: People's names in SSIDs.

Tue, 09 Oct 2012 04:34:53 EDT

twixt posted :

said by Tig:

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Hi Twixt. Thanks for the explanation but I still don't see the concern.
If you are vulnerable to a social-engineering-type attack, your problem is not your SSID.
As for WEP, it's simply not secure regardless of who set up the router.

-

Hi, Tig. You are missing the difference between theory and reality.

In the real world, users are not perfect. We/They simply don't respond uniformly and predictably and reliably to threat environments.

Thus, the idea is to make identifying users of a particular WAP/Router more difficult - so that specifically targeted social-engineering-type attacks are made more difficult.

-

Important things to understand about real-world security:

Security is not about making things absolutely foolproof. This is impossible, because fools are so ingenious as to wreck even the most-carefully-constructed security environments.

Furthermore, even the most conscientious of users make mistakes. Humans are not inherently reliable. Even those with delusions of perfection - yes, insert incredulous remark here - have been known to do something as stupid as click on a confirmation they should have avoided... Such is life.

Thus, Security is about making things more-difficult in your particular situation - such that the intruder finds it easier to simply move on to an easier target.

-

Note: The issue of WEP is a red herring. IMO, users of anything other than WPA2-AES are simply asking for trouble.

However, again, we are dealing with real-world-users who are not perfect. Either through ignorance or sloth or cheapthink, users in these categories are not paying attention to valid security concerns.

I consider the vast majority of the above users to be categorically "incorrigible" - and nothing I can do or say will convince them of the usefulness of research, planning or forethought. Thus, I won't bother.

However, IMO anything I can do to mitigate their idiocy is to be applauded - and implemented.

Re: People's names in SSIDs.

Mon, 08 Oct 2012 19:57:06 EDT

Tig posted :

said by twixt:

... If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

Re: People's names in SSIDs.

Mon, 08 Oct 2012 10:34:20 EDT

twixt posted :

said by Tig:

Twixt, please elaborate on how choice of SSID could make it easier for unauthorized access.

-

Hi, Tig. DownTheShore has the right idea...

If you know the physical location of a WAP/Router - then you can figure out who uses that WAP/Router. Thus, you know who to target for social-engineering-type attacks.

If you don't know that info, then your social-engineering-type attacks need to be generic - and thus they are far less effective.

Note: The above presumes that someone desires to penetrate a particular WAP/Router's defences. Since most attempts to penetrate are simply to steal internet access, this is irrelevant in many cases. Typically, it is much less work to move on and find a poorly-secured WAP/Router than it is to penetrate a router properly configured to use WPA2-AES with a strong passphrase.

However, the above assumes the hacker has no real purpose in his/her attack - other than to gain access to the internet. This is not always the case.

I am not going to detail various scenarios - since that gives people ideas I don't want to spread. However, there are several ways to compromise any system where the userlist for that system is known - methods successfully used in business environments work just as well (or better) in home environments.

More details on the above will not be forthcoming.

Suffice it to say that one of the ways in which Security is strengthened on a WAP/Router is to have no idea who the users are on that system. Hence the advisability of obfuscated SSIDs.

Re: People's names in SSIDs.

Mon, 08 Oct 2012 00:10:18 EDT

DownTheShore posted : I've noticed that a lot of people in my brother-in-law's residential neighborhood use their actual street address as their SSID, and inSSIDer shows a number of them with only WEP encryption. So given that WEP can be cracked and the hacker can pinpoint the exact address the wireless signal originates from, that doesn't seem to be very smart, security-wise.

Re: People's names in SSIDs.

Sun, 07 Oct 2012 21:00:34 EDT

Tig posted : Twixt, please elaborate on how choice of SSID could make it easier for unauthorized access.

Re: People's names in SSIDs.

Sun, 07 Oct 2012 03:04:17 EDT

twixt posted :

said by antdude:

Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance. :)

-

Hi, antdude. While this is a frequent practice, it has more to do with the convenience of the users on that WAP (Router) - so they can readily find the proper system without having to know an obfuscated SSID.

However, this does have the potential to make unauthorized access easier - so from a security standpoint I recommend home users select an SSID which cannot be readily traced to a particular location.

Obviously, hotspots in Commercial establishments commonly use SSIDs that readily identify their location - so users can connect to the WAP that will properly accommodate the password for that system. This is not necessarily "a good thing" (tm) - it simply reflects the need to accommodate a constantly-changing-set-of-users who access that WAP.

In a home environment, an obfuscated SSID can be readily obtained from the WAP (Router) administrator without undue effort. Consequently, IMO the security benefits of using an obfuscated SSID outweigh the practical constraints. However, opinions on the subject do differ... :)

The above is a standard Engineering tradeoff. The decision is therefore the responsibility of the WAP (Router) administrator - and the security implications that accrue are thus their responsibility to weigh. There is no "right" or "wrong" answer.

Hope this helps your understanding.

Re: People's names in SSIDs.

Sat, 06 Oct 2012 22:06:45 EDT

Tig posted : Yes. Frequently. My next door neighbour even did that.
I choose not to, but I don't see a problem with it.

Re: People's names in SSIDs.

Sat, 06 Oct 2012 19:27:31 EDT

Juggernaut posted : Buenas dias, compadre. Como esta?

I have a few senior neighbours that use first names for their SSID. It's a tight-knit group, so I see no sec problems.
--
Better to have it and not need it, then need it and not have it.

Re: People's names in SSIDs.

Sat, 06 Oct 2012 18:35:09 EDT

NetFixer posted :

said by antdude:

Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance. :)

Yes, I see a lot of recognizable real names as well as somewhat easily recognizable aliases/nicknames as part of SSIDs in my neighborhood. FWIW, I use a DBA name for my SSID. OTOH, I also see a lot of 2wirexxxx, Netgear, Linksys, etc SSIDs (I live in an apartment complex, and sometimes I see dozens of SSIDs, not just two or three)
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

People's names in SSIDs.

Sat, 06 Oct 2012 14:37:58 EDT

antdude posted : Hola senors.

I noticed one of my neighbors has his/her real name in SSIDs. Do you guys see this too in your local SSIDs?

Thank you in advance. :)