
Stay tuned...
> What the neighbours made of their sudden disconnection is anyone's guess.
That's next week's On Call...
Remember those halcyon days when grabbing some free Wi-Fi meant wandering down the street in search of an access point rather than making up a variant on bobuser@nospam.com for yet another interminable registration screen? Welcome to On Call. Our story comes from Reg reader "Will" (not his name) and takes us to a time before …
. . their problem.
You log onto an open wifi, you accept that that connection is not under your control. If it disappears, well tough cookies.
I'm not blaming them for using an open access point, but they have nowhere to complain. Back in the day, though, this kind of thing usually meant people with PCs but no internet connection, and those kind of people could likely be quick to jump on an open access point rather than pay for their own connection.
We've all heard the tale of the guy who gets a knock on the door and opens it to find another tenant asking him for his wifi password.
They might not have even noticed they were using the neighbour's connection. They switched on their gadget and the internet was available. So they used it without realising that they were connected to next door. Then, when the open access was shut down, they manually connected to their own wifi, entered the password on the sticker on the back of the box, and carried on.
"Bloody phone forgot the wireless password. Must have been that update last week. Still, all fixed now. The connection seems faster now, too. Maybe the update wasn't so bad."
I've had that with a Powerline network. Was using it for a few months until one day everything seemed really slow, and I couldn't see my media server. so I went to the router, and found it was for Sky broadband, which surprised me as I was with BT at the time...
What happened a lot was they clicked on "the internet" (back in W95 days), which didn't work and then phoned up my company (which had "internet services" in the name) to complain about "the internet" not working
About 75% of the time we sold a new connection
"They might not have even noticed they were using the neighbour's connection. They switched on their gadget and the internet was available."
I actually had that happen. I was setting up a new WiFi system for a student house. Once the AP was set up, as a favour I offered set up their devices for them since WiFi was still fairly new and not many knew how to do that. Anyway, got about 8 devices all done, down to the last one and she says, "oh, mines already working. It's been working since I moved in." Erm, you didn't have WiFi till I plugged in the new WiFi router. Had a look, and her Apple device had automatically found anything within range and connected, ie in this case the next door student house which had a wide open network, no password.
Ok, that's creepy - two people posting essentially the same Powerline story within a few minutes. Is this a common problem with Powerline adapters? I have studiously avoided them - and avoided recommending them to others - purely because of the RF up until now, but if randomly connecting to next-door's network is part of their makeup then I've yet another reason to persuade people that running a bit of Cat.5e isn't actually all that hard...
M.
It should not be a problem. Normally, when you buy a set of Powerline adapters, they come pre-paired, with a unique access password that was pretty random. One of the devices was designated the primary, and that had the password (actually, an encryption key) printed on it. I've never found the same key on two sets, but I suppose it could happen.
Back before the days of press-to-connect, if you added another device, you had to know that password, and connect to the new device using some vendor supplied software so that you could register the password to allow the new device to connect.
Nowadays, you go to one of the devices that is already connected, press the button to put it into a sharing mode, and then press the button on the new device for a number of seconds for it to enter search mode and pick up the key across the network, rather like WPS on WiFi.
During this device-add phase, in theory someone else on the same circuit could also register a device, but knowing when to do this is difficult. But it is a possibility.
Some devices nowadays are too clever. Each one has DHCP and a basic web server, and when first powered on, will set an IP address using DHCP for whatever device is plugged into the Ethernet port, and then allow the use of a browser and some pre-published credentials to allow you to connect and set the device up, including the password/key,
Mesh wireless extenders work in a similar way.
I prefer to not use the password/key that these devices are delivered with, and set my own, and also don't use the press-to-connect feature. This makes it absolutely certain that if the manufacturer does cheat, and use a single password/key for all devices made, I won't fall into this trap.
Note for all us US people. If you have a camper look at your storage compartment key. If it has "CH751" on it around 90% of other camper owners also have that key.
When one of my locks jammed I went ahead and replaced them all with new locks that used a different keying.
Off topic a bit but I bought 2 cases for my rifles from the same manufacturer. They are different sizes. The other day I found out that all 4 keys (2 came with each case) will open both cases. Not really a big deal as the locks are to keep the grandsons out of them. They have padlock holes so in case I have to travel with them I will use padlocks.
Sounds like the keyboard lock they used to put on PCs, probably only 2 or 3 variants on most PCs, although I do seem to recall some manufacturers like IBM did use unique keys (or at least a much bigger pool of combinations).
Sounds like the keyboard lock they used to put on PCs, probably only 2 or 3 variants on most PCs
same for lawn mowers and small tractors... then there's the thing that if you have a key to a piece of Caterpillar brand of heavy equipment, you have the key to all of them... John Deere and others may be the same... it can be painful when you figure this out after having been taken for $50US for a spare key and you find they are really a dime a dozen...
From what I've heard (may have been a Lock Picking Lawyer video) some models of American Police car are the same, eg if you buy one of those cars after it's been retired you could in theory get into any active police car in the area. But of course also means none of those officers need to keep track of which key goes with which car.
It was a problem with some of the more poorly designed powerline adapters in the early days of them. The competent designs use passwords of some sort to configure.
Now of course it's all push-button-to-sync stuff and while it's theoretically possible that you and your neighbor are doing your network setup at the same time and you end up cross connected, that really is quite unlikely.
I remember one call when I was on tech support. It was from two female students who had suddenly lost access to their internet connection.
They believed it had something to do with 'the boys next door' in their shared house (this was a while before landlords provided Wi-Fi as part of the rental).
It turned out they had set up their router and left 'admin' and 'pass' (or something similar) as the default log in credentials. The 'boys' next door had deliberately logged in and changed all the settings so they had no access.
I simply got them to locate the reset button, and we set the thing up again - changing the username and password this time to something more complex. Dead simple stuff.
But my ego almost exploded when, as I hung up, I heard one of them say 'Oooh, he was good'.
"We've all heard the tale of the guy who gets a knock on the door and opens it to find another tenant asking him for his wifi password."
I got that knock! He had the laptop in hand, ready to type it in. At the time I didn't even have wifi, so it was easy to keep an even temper.
That was one of the reasons I moved away from BT. I got annoyed that the router they sent me broadcast 2 or 3 wifi networks, only one of which I had the password to. The others were apparently free to use to anyone who had signed in to BT (i can't remember if they had to pay a fee). Given that I only have a 2Mbps connection to the house, which I was paying a reasonable amount for, I felt a little miffed that BT were then taking that bandwidth back and selling it on to whoever was nearby.
I was one of the original pre-BT FON providers. They sent me a collection of APs including a Draytek. Despite having them open for, I guess, more than a year - not one single connection. Never found a FON to use in a useful place either. Being a Zen user the BT takeover killed the prospect for good.
But I do remember huddling in many doorways on wet nights in some foreign city with my diddy Asus eeePC clutched to me. More than 50% of early APs were open, no password. The challenge was find any SSID within walking distance. Hard to remember the days when a hotel didn't provide free wifi and EU data charges made Test&Trace look like a bargain. This was the only way to check your email.
Oh - El Reg - have you given up completely on finding stories you could plausibly fit around the pic of eeePC beach girl?
Me too, pre-BT. I got the occasional connection, but used it a lot when I was in London and Spain (where it originated). I too remember using an EE PC and completely open WIFI abroad, long after most UK households had added passwords. Nowadays a local data SIM and a phablet is the best option for me.
BT FON was not such a terrible idea (for a BT idea). The idea was if you allowed Fon on your router you got reciprocal access to any BT access point or any other fon enabled router giving you country wide access to wifi. In reality as so many of us had 2mb or less connections there wasn't enough bandwidth to share. The first thing I did when I learnt about Fon was to disable it on my router
BT in the days of "unlimited conections" capped at 10GB
I had a lot of fun talking the sales dweeb through the semantic knots on that one, asking why I should switch to them when my existing provider didn't charge me extra for moving 100 times as much data. She was absolutely determined to make a sale and "not to get" why I didn't think BT was good value for money
At a previous address I had a France Telecom ADSL line, locked to 2MBit/down, 256kbit/s up. They ran a FON-like scheme where I could enable a second free network on it for guests, and in return I could use the guest networks everywhere else. Since I lived in the middle of nowhere and reckoned there was no chance of anyone else even seeing my router (unless the cows next door had laptops) I enabled the option.
Rather to my surprise my uplink went from 256 to 600kbit/s+, it seemed that activating the guest option also removed the limits on the line, leaving it to negotiate the best speed it could. Worked for me!
I always used a quite truthful root@127.0.0.1 ... when they incorrectly started filtering out IP addresses, I changed to backhoe@example.com, which worked for a few more years. After that, anyone claiming to have a need of my email address was added to the ol' never go back list.
Using a domain name that is not specifically for your use is rude.
Use your own domain name, or leave it blank.
You can also use example.com, example.net, example.org, and example.edu if you like. You can think of these as similar to the fictitious 555-xxxx telephone numbers used in film, TV, books & etc.
That's an actual in-use email address that does not belong to you. I've thrown users off ISPs, and revoked access to school computers for that kind of network abuse.
How would you like it if Disney started using JohnBrown@(no body).com everywhere they need a bogus or example email address? (Obviously, replace that with your actual favorite email address).
Never mind how litigious the Disney company is, and how jealously they guard what they consider to be their intellectual property ... Frankly, if I were you I'd delete the above message (and hope go ogle and/or TheWayBackMachine haven't found it yet), and never use that address again.
Agreed. I get enough unwanted email intended for other people to my (2006 vintage) gmail address, I'd hate to have something like blah@ or foo@ due to the torrent of formspam. Double opt-in should be mandatory! I get tetchy enough as it is redirecting emails intended for other people with the same name but slightly different addresses.
One amusing byproduct is that I've built up an informal database of extensive personal information on these other people over the years, just from emails sent to me.
I keep a gmail address for directing junk and *those* websites to. I bitterly regret the day I gave it to academia.com because they are over 70% of the junk that hits the gmail address and it all claims that I have been 'mentioned in' some paper or other. I wanted a specific autopilot handbook which was on their site.
It happened at a previous employer.
Management had decided we needed an open guest WiFi which fortunately we'd configured on a air-gapped ADSL connection. A while later there were reports of someone sitting in their car outside the building with a laptop.
It was sufficient to persuade management that yes, we did need a password which they could give to guests as-and-when required and we blocked the MAC address of the offender.
Cirumstances required me to use a metal sieve with a USB WiFi adapter, pushed into the middle of it & a lengthy USB lead connecting it with my laptop for a week, so I could leech of a unsecured point (One of several) while I waited for the ISP to get hooked up to my house.
I'll do you one better, or two.
I used to have a yagi on a tripod that I could point at any neighbor's house, this was 20 years ago when nobody had passwords. This gave me access to more than the houses on the adjoining lots.
I used to use the same antenna at work, I'd sit at the edge of the company's property and aim it at the wifi router on the ouside of one of the maintenance buildings. I would receive calls from my coworkers asking what I was going in maintenance and would tell them that "no, i'm not in maintenance, I'm having a smoke on the other side of the railroad siding. If i stand up and wave, you will probably see me."
I've also connected to business wifi networks while sitting in traffic (as a passenger) while being driven through parts of Hawaii.
Our local cafe offers free WiFi with a password (probably due for a change). Wanting to avoid kiddies downloading pr0n in the car park it automatically switches off outside opening hours. The fact that the building insulation also makes the whole place a giant Faraday cage also helps... (but a bummer as mobiles don't work in the building - but at least no "I'M IN THE CAFE" calls)
.... overlooking one of the UKs main naval cities. I have been tempted a few times (just for shiggles) to obtain a highly directional antenna, and then go looking for open Wi-Fi amongst the thousands that are probably visible to me as I look out of the window. Never actually got round to doing it though.
If I'd been able to obtain some sort of multiplexor/router that could group multiple W-Fi signals into some serious bandwidth then I might actually have gotten around to doing it. And since I now get 200Mbs on my cable it hardly seems worth the effort.
------------> The view from my bedroom window if the ballon ever goes up!
I was once tasked with decommissioning the kit at a site being vacated by my defence contractor customer. They almost certainly have a presence at that place down the hill from you.
Having boxed up almost all, and waiting for the beancounters to balance their books (they eventually took my advice to put it down to fluctuations in the exchange rate), I examined the obvious wireless access point. I removed it from the warehouse wall and traced the cable back to the rack.
Hang on - THREE POE adapters? And there was still WiFi - wide open. My company laptop connected without comment and I could browse the servers at my usual site, on the so-called "restricted" network.
I extracted the offending Cisco kit from above the false ceiling and added it to the shipping crates.
I still wonder whether that company dodged a bullet there.
This happened to me some years ago. I must have been connected for a few hours before realising that I was on the wrong network.
I did the decent thing and went round and helped my neighbour set up a password on their shiny new wireless router.
In the early 2000s I still had horrible dialup at home, and had discovered the fun of Linux distros, but unfortunately the download time for a live CD was approaching 24 hours, and therefore impractical.
Just opposite the window of my office was a house that I'm fairly sure was being used to grow industrial quantities of canabis at the time, and it also happened to have a completely open wifi access point giving 500kbps - a whole CD's worth of distro took around an hour to download. :-))
Eventually I think they realised (or else they started downloading stuff during working hours too, reducing bandwidth considerably) and then the house was raided and the freeloading had to stop. Nice while it lasted. AC for obvious reasons.
I had to do a health check at a (non UK) government site. They guys seemed more than capable, but why were they doing strange things? There was a sigh, and a rolling of eyes, and the comment "we do what we are told to do - even though it makes no sense". I presented up the management chain till I reached a technical director ( or some similar title).
The meeting was strange, the "new broom director" thought the technical people we not up to the job. I said they were extremely competent people, who were resisting the move "from the mainframe to the on-site cloud" because they could not see how it would provide the high availability and performance the business needed. I said the a "vision" on a presentation is not an implementation plan, and they needed to a full scale test project to try to break it, before implementation.
Afterwards the technical team came round to say THANK YOU for speaking up for them, with comments like "it was very brave of you". The director had a reputation of biting people's heads off if they showed weakness.
I kept in touch with some of the guys, and they kept me up to date with their progress. Their fears were realised; once I was asked to help identify a performance problem. I could see the occasionally the I/O was v-e-r-y slow. But this was not what the management wanted to hear. The mainframe techies left after about 6 months.
I spent several years doing pre sales and post ales consultancy on system performance.
My services were often provided free as either we resolved a performance issue and had a happy customer, or they has heavily utilized kit, if and having tuned it still needed more capacity and this would result in > £1M sales. The company knew that resolving an issue just deferred the next upgrade cycle by 6-12 months but the fact that customers knew they were getting a real technical consultant performing the work and I wasn't afraid to fix a problem rather than punt a sale at them stood us in good stead.
Some of my simplest assignments were actually reviewing the in-house teams tuning parameters confirming that they had already optimized the O/S and hard ware and then writing the report recommending the next upgrade. Often the poor on site guys had been begging for this for a couple of years but couldn't get the budget for the upgrade until perfromance was on the floor.
Many moons ago at my now aged parent's house, I could pick up a neighbours "free" wifi on a Belkin router (usual defaults) which was handy for looking up a couple of things in while I was setting up my parent's router locally
Then I found it kept flipping in and out - tracked it down to two access points with the same SSID and password, but different channels
Slight wrinkle - these were two different neighbours, and one of the routers was a Netgear.
Yes, they had obviously camped on the first neighbour's before getting their own, and then changed the Netgear defaults to match the Belkin so they didn't have to re-do their devices.
I resisted the temptation to rename their router SSID to "I_steal_wifi" or similar
Handy you can purge the access logs as you leave though...
I once had to set my phone hotspot up in open mode without wpa for a unfiltered test connection (was using old kit, weird circumstances), and got someone in the office block immediately connecting and pegging bandwidth.
Changing SSID to "crotchlessgrannypanties" got them to stop long enough to get the mac whitelist setup.
I recall reading an article a couple of years ago, about a project someone set up to create an open access point that was designed to frustrate people that connected to it.
The system was a Linux box (obviously) and it had a transparent squid proxy configured that rotated all images 180 degrees, so you either had text or images the right way up.
As I recall the image inversion was his second attempt. The first simply redirected every connection to Kitten War.
I think that was a story in The Reg.
His first attempt flipped images upside down. He progressed to applying a blur effect and even published the scripts used to implement this as a transparent proxy. He wondered how many neighbours had take “faulty” computers in for repair to fix the out of focus images.
Business trip to USA and staying in a ubiquitous Best Western where the house wifi was a 'shocking' $3 USD per person, per day. Even though we were on expenses, we devoted the rest of our trip to trying to hack into the wifi. We were unsuccessful but saved the company the 'outrageous' expense.
Speaking of hotel WiFi...
Some years back I spent a night at a Motel 6 (US chain, no frills, fairly budget minded). The hotel WiFi wasn't working and I was debating between giving up or trudging down to the front desk. I noticed an unsecured SSID that seemed to be based on someone's name. Road-weary, I puzzled why that name looked familiar, then I glanced up at a small promotional sign on the desk. There was a picture of Tom Bodett (minor celebrity and longtime Motel 6 spokesperson) with Mrs. SSIDname, owner/operator of that particular Motel 6, from a corporate event. Apparently she resided in the motel, and her personal WiFi was wide open.
Business trip to USA and staying in a ubiquitous Best Western where the house wifi was a 'shocking' $3 USD per person, per day. Even though we were on expenses, we devoted the rest of our trip to trying to hack into the wifi. We were unsuccessful but saved the company the 'outrageous' expense.
In a similar situation I paid and set up the connection on my phone. The hotel was a bit surprised by the amount of data my phone used, unaware my laptop was tethered to the phone, happily downloading a Windows update and working as a WiFi hotspot for my wife's phone.
I was going to say... Something I did as a test once. If the accomodations are charging by the connection, carry a router and an access point. After setting up the AP, connect the router and spoof the MAC address of the device used for setup on its WAN port. Then connect everything through the router.
At the moment, I'm thinking of getting (a somewhat pricey at about $110) "travel router" that I think can connect its WAN side to WiFi, then gives you two wired ports and a WiFi LAN as a single connection to the hotel's WiFi.
All the UK hotels I've stayed in have free WiFi, sometimes with a freely given password, sometimes completely open, sometimes there's a "charge" of having to register an email address through a portal page. The only times I've had issues have been in US owned chain hotels in the UK where either you only get WiFi if you pay, or they give a slight nod to "free" WiFi which provides little more than dial-up speeds as an alternative to the paid for one.
On the other hand, according to some hotel receptionists I've spoken too, the WiFi can get congested some evenings because of people rocking up with firesticks/chromesticks/whatever to plug into the telly of an evening. The last one I was in, just last week, said they had a 5Mb/s restriction per connection (they had a big fibre connection). She actually apologised for the restriction!! I know many people who still can't get that at home :-)
While staying in the Peace Hotel in Shanghai (I can highly recommend it) I got a bit bored on my business trip, so I opened up wireshark and connected to the hotel LAN, within a minute probe attacks were coming in from all over the globe trying to hack into the laptop. I assume their DHCP server forwarded my IP address and port number outwards too :-)
I spent a couple of hours with whois and the IP addresses, emailing the abuse addresses about the worms in their systems (probably installed by the Chinese). I even got a reply back within the hour from an apologetic and grateful sysadmin in Califonia thanking me for pointing out the infection, which he duly clobbered.
Reminds me of a holiday (remember them?) to Sri Lanka about 5 years ago, the Wifi was working at first hotel I stayed at, but there was no on-going connection. So, out of curiosity I logged into the hub - as it was still using the manufacturers default password - reset it and bingo, back up again.
I'd say 3 of the 5 places I stayed at hadn't changed the router password, but it's too nice a country to explore, than spend time trying to explain internet security to the staff on the front desk.
---> because it's Friday and it was surprisingly difficult to find in a couple of smaller towns...
This post has been deleted by its author
I have a feeling that Jenny was someone you wanted a less platonic relationship with. I was expecting that to end with "And we've been married 20 years". So what did happen with Jenny. I'm sure I'm not the only one who wants to know.
This post has been deleted by its author
When I did hardware support for a small private college, I was in the unique position where I got to reap the rewards for the efforts of the software focused people who got sent out first, and then obviously failed because you can't fix hardware failures with software. It was a sweet gig with the one exception of the on-site manager. Raging bitch doesn't even begin to describe her, but that's a topic for a feature on difficult (corporate) superiors if El Reg ever creates one.
A few years ago, how few will soon be apparent, I was on an AMTrak train (US long distance passenger rail system) from home at the north end of the SF Bay Area to Los Angeles. Just for amusement, I set up in the observation car (which was supposed to have WiFi for passengers) with a rig based around a Raspberry Pi (Pi2Bv1.1, IIRC). While running through Fremont (largish East Bay city), I watched as endless unsecured WiFi SSIDs scrolled up the list, faster than one could actually read them. And that was just the ones with enough signal to be picked up along the rail line....
Around ten years ago I was working next door to a solicitor. Running kismet to find the best (least worst) channel for our wifi, and I noticed the solicitor's wifi was not encrypted. Told them about it, but was met with a snotty "our IT expert says it's perfectly safe". Can't resist a challenge, so I captured their traffic for a couple of hours, then pasted together the text from some fairly innocuous barrister's advice. Dropped it next door, saying "I've read your email, do you want to read it now?". It *still* took them a week or so to get encryption turned on. And, of course, no thanks for pointing out the security issue. Sigh!
So, some years ago we had a contract with an ISP that went bust, and for complicated reasons, because there was no one at the company to approve the request, we couldn't change to any other ISP.
This left us with no form of internet, but we quickly realised that our next door neighbours had an open wifi network. We shamelessly hogged it for the next few months, and at one point used up their bandwidth allowance for the month.
Fortunately, after OfCom got involved, we were able to get a new ISP, and it was only then that we popped a note in to our neighbours, mentioning that we'd noticed that their wifi didn't have a password, and would they like some help setting one up?
Ok, I think I'll deserve the downvotes for this one.