Z/Yen and RSA UK: purveyors of clueless FUD, as expected

BoingBoing and /. get to work on that Z/Yen/RSA press release:

But the amazing thing is what Z/Yen and its client, RSA conclude: that the 25% of the people who deliberately associated with the network were ‘malicious,’ and that the 71% who sent email were sending spam. This is such a transparently, deliberately (heh) stupid conclusion, it boggles the mind: how can ‘deliberate’ equate to ‘malicious?’ How can ‘sending email’ equate to ‘sending spam?’

So in other words, there were 2 honeypot access points, left open for 2 weeks in the City of London.

25% of the people who connected to the APs, did so deliberately (whatever that means — see below).

Then, 71% of those people sent mail. Not spam: no ‘make money fast’, no ‘URGENT ASSISTANCE’ etc.; they just hit the ‘Send / Receive’ button in Outlook.

But obviously Z/Yen and RSA felt the need to spice things up a bit, so:

  • s/accessed WLAN deliberately/accessed WLAN maliciously/

  • s/sent mail/sent SPAM/

  • s/read slashdot/ate babies/

OK, I made that last one up. But I would not be surprised.

Some more digging reveals that the report in question is now up on the RSA UK website (it wasn’t yesterday), and can be downloaded here (PDF) . It’s 5 slim pages written by Phil Cracknell, of CISSP (Cracknell Information Systems Security Partnership), who has a history of spreading WiFUD, it seems. The report leads with

The many wireless security surveys … do not actually show how real the threat of wireless hacking is. Less dramatically, they do not show the threat of someone using your network for non-malicious use (theft of service).

Sheesh. He forgot to mention the bit about operating a wireless network without switching on any security features.

Also, there’s no explanation of what the difference is between a ‘deliberate’ and ‘accidental’ connection. As far as I can tell, an ‘accidental’ connection is one where the user disconnected reasonably quickly; there’s no indication that any of the connections were caused by anything other than Windows XP’s ability to associate with any network it can find within range.

It then goes on to scare-monger about the use of ‘exterior chalk markings’, noting that ‘you will be found and your networks will be used/attacked’.

So, in other words, the paper says:

  • if you run an open WiFi AP, people will use it to send/receive mail, and possibly surf the web.

  • this is Bad

  • people may draw nerdy things with chalk on the pavement outside, which will Make It Worse

And there’s two things to pick up from it:

  • this Phil Cracknell guy is really short of clients

  • It’s amazing how scare-mongering a 200-word report can become, when it’s bad to start with, and then filtered through 3 layers of PR gibbons and crappy journos who don’t have a clue what it’s on about

One good thing to come out of it: the term WiFUD, perfect for the next Phil Cracknell escapade.

This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

One Comment

  1. Posted August 3, 2006 at 19:55 | Permalink


    Only just read this! FUD/WiFUD – highly amusing – and true!

    I did the original London war drive in 2001 and RSA caught onto it. As a security professional we have to substitute the lack of tangible incidents and evidence for a series of ‘what if’, ‘it could happen to you’ etc.

    What’s the problem in getting businesses to be more secure?

    If only one business falls for the WiFUD that’s a good thing right? I’m sure my WiFUD has benefited more people than me, and for more cash.

    Anyroad, I’m not offended – no such thing as bad publicity.

    Take care