Interview with Alf Watt, Creator of iStumbler
by Mirko Zorz - Monday, 14 November 2005.
It's a very fine line. If I walk down the street and check all the door locks, am I a criminal? Probably, but the real offense doesn't happen until I walk in the door and it becomes trespass. If you're just war-driving for the fun of collecting the data and mapping it or whatever, then no real crime has been committed.

The bigger issues is people using open networks, often for a quick email or map check. While there is a 'theft of service' the actual value is going to be measured in fractional cents, so although a crime has technically been committed, no real harm is done. One of the features of iStumbler is designed to help with this thorny dilemma: networks tagged with a '.public' extension are presented in the interface as begin open for public use, so there is no question of theft.

A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?

Network Encryption schemes such as WEP, WPA and to some extent VPN. That may seem backwards, since they are all designed to protect data, unfortunately they are half solutions at best. Relying on WEP for security is a very bad idea; not because it's easily broken but because it allows you to go on using insecure protocols like POP, IMAP and FTP. The second you leave that WEP protected network and use the open network at the coffee shop down the street you're exposing your personal information.

The bigger issue with link layer encryption is that the open internet is not encrypted, encrypting the local link does nothing to secure your email or files in transit, for that you have to use SPOP, IMAPS, SCP or other end-to-end solutions. This pokes a huge hole in the argument for HotSpot VPN products, where your traffic flows out of the VPN providers network completely unencrypted.

People use wireless networks on a daily basis and are growing concerned about the possible threats. What advice would you give to mobile users so that they could make and keep their laptops secure on any network?

Hardening a computer hasn't changed much since the early days of the Internet: turn off all services you aren't using (this can be a challenge on Windows, Macs come secure out of the box), and secure the services you are using. Make especially sure that your email is using secure protocols and that you move files using SCP or SFTP and not generic FTP. Web access is fairly well secured by the HTTPS protocol but be wary of sites using basic auth. over insecure HTTP.

iStumbler Pro will have many features designed to help network users and administrators maintain secure computers on open networks; allowing them to make full use of the internet while maintaining high levels of data privacy and security. This 'Open Stance' approach to security focuses on using secure protocols and monitoring software to provide reliable point-to-point security and a real-time view of network activity.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th