Last week (or so), Joe Wilcox of MicrosoftMonitor posted this article describing the Joe’s experiences in a hotel.
He is SO on. A couple of weeks ago, I spent the afternoon at an espresso stand on Queen Anne Hill which advertised free WIFI access (I’m not going to mention their name for reasons which will become obvious).
They DID have free WIFI. Unprotected WIFI (not the end of the world, my laptop’s locked down reasonably tightly). But just for grins, I connected my browser to http://192.168.0.1.
And there was the admin interface to their WAP in all its glory. Yup, they hadn’t bothered to set an admin password on the WAP. I had an easy dump of the IP addresses of all 6 machines connected to the network. And the names of the computers too, if I was so inclined.
I was astonished that they were so lax in their security. I mentioned it to the barista and her only response was effectively “Huh?”
We can’t expect our systems to remain secure unless everyone who offers access to the net takes at least the simple steps to secure the network.