by Dana Blankenhorn
Volume VI, No. XI
For the Week of March 18, 2001

This Week's Clue: Securing the Future of Wi-Fi

Wireless LANs and Wi-Fi systems do have security problems, but it's not as bad as critics make it out to be. It's not, in other words, a deal-killer.

You've seen the stories. Someone with an antenna and a laptop goes out "war-driving" and finds a host of "unprotected" or "minimally-protected" LANs. I have linked several times here to a classic story of the genre .

The warnings are also present in e-mail groups. Here's how a typical post starts. (This came from an actual security list.) "I was bored Saturday afternoon, so I got in the car, hooked up my Netstumbling gear and went for a ride in around a major east coast U.S. city." The post goes on to say that of roughly 120 LANs scanned in the course of 90 minutes most either weren't using the WEP protocol or had their routers' security set to the standard (and simple) password setting.

Shocked? You should be. But let's be clear about what happened. Someone physically wandered into hotspots holding a laptop computer. They detected systems, they checked their security. They could have gone further, but they didn't.

Most don't. Gaining entry into a LAN doesn't do much for you. To do damage to the LAN a hacker would have to know what was in it. It would be a straight break-in and leave fingerprints. To go beyond that he would have to sit down, while maintaining contact with the LAN, then either gain access to the Internet and go on from there - probably to better-protected systems.

Why doesn't war-driving go further? Because it requires sitting down. The hacker, in other words, trades constant physical insecurity for any virtual access.

Look at it this way. Someone climbs in the back window and gains blindfolded access to your apartment. To actually steal something they have to first rip the blindfold off, which takes time. To go anywhere else in virtual space the hacker still has to go from your Internet access through someone else's front door - a door that's likely better-protected. All this, of course, while sitting in your bedroom without being seen.

Corporations and universities should - must - do a better job of protecting their wireless LANs from outsider access. So should everyone. But the vulnerability is (so far) seldom exploited and (to that extent) overblown. Getting inside the main firewall doesn't guarantee access to everything in the system, since there are usually other firewalls surrounding the real good stuff. That's standard corporate security practice.

The same alarms being sounded today about wireless LANs were sounded a few years ago about home DSL and cable modem accounts. The market responded first with simple, cheap and effective software firewalls, which are getting better all the time. Next the market added firewall technology into home LAN routers, which is fast becoming standard (although it would be nice if y'all changed the passwords once in a while, or at least used something non-obvious). The ISPs (especially Bell companies and cable operators) installing most broadband now (by and large) insist on security.

So here's what will happen. LANs large enough to have security administrators will have their wireless components secured straight-away. Software and router companies are already seeing the opportunities in doing the same thing for wireless LANs. ISPs (even free ones) who expect to survive in the marketplace will quickly hire security administrators.

The problem, in other words, will be solved. It's not really a problem at all - it's an opportunity for an up-sell. The issue, by and large, is a red herring.

SSP (Shameless Self-Promotion)

I'm spending this week at the CTIA show in Orlando, trying to learn from vendors and carriers whether there's a valid market for the WiFi database I've been privately proposing. Wish me luck.

I've got a present for you. "43 Specific Ways to Make 2002 Your Best, Most Profitable Year Ever" is yours, free, and personally inscribed from a-clue.com. Just click here . As its title suggests, this e-book delivers 43 experts with 43 ideas you can implement right now to make more money right now. Get it today!

You may have noticed that I've increased my coverage of 802.11 and wireless broadband technology lately. It's the coming thing. The markets for e-commerce, e-advertising and e-content won't boom again until we get massive acceptance of broadband. Wireless technologies offer the promise of cheap, universal (indoors and outdoor) broadband, with huge implications for every technology market. So you'll see more of this from me in the future - a lot more.

It's here! The Print on Demand version of "Living on the Internet" is available for purchase at BookSurge.Com , for $29.99. And you can get the PDF version for just $7.99 (such a deal). The December update to the book is out now, and it's easy to get on the list via e-mail

This month I opened a new market for my articles with Ray Fix of Wildwood Marketing. The first one appeared here . More exciting deals are on the way. You can join the A-Clue.Com discussion at I-Strategy , our shared e-mail digest produced with Adventive.Com. You can also read me at ClickZ , BtoB , and Boardwatch . I'm also on the mast-head at Bottom Line Personal , a great print newsletter.

Remember that it's journalism that keeps the Clues coming...

Shameless Promotion

Psst. Want something free and valuable? The AdMarketing list has just released the Email Products Guide. It's only 26 pages, but it's free. And you can learn something from it.

Now after you read it, know this. A list is only worth the permission it's based upon. Auditing and aging your list are the only ways to know you really have permission to pitch - the first step on the road to getting them to sign on the line which is dotted. That signature is your bottom line. Everything else is just cost.

Take the first step toward making your lists truly valuable with help from my friends at Whitehat Interactive - click here to begin. They've got a Clue.

Takes on the News

The Wi-Fi Cowboys

You don't have to spend a lot of time on the ISP-Wireless list to find it's dominated by a group I've come to call the "Wi-Fi Cowboys."

These are installers, service providers and self-taught experts, most of them in the American West, and a surprising number of them in Texas itself. Their posts swagger across the list, bragging about antenna and amplifier set-ups, complaining about vendors and the government. They're pushing the envelope of the technology to serve their business DSL customers, with a devil-may-care attitude that's appealing.

Sometimes they're victims, like the Rio Grande ISP who complains (no doubt, rightly) of what he considers illegal interference from Mexican and military set-ups. Others are predators, like one who wrote "If a WISP were try to move in like in the past we flood the channels and place amped units directly to interfer with them or blackhole their ess. We strongly believe that 1 wisp in a town is enough."

And that's the problem. The ranchers and gunmen who are the romance of the Old West ruled for only short periods of time. They were quickly replaced by fences, eastern-bred wealth, and regulation. (The railroads, mining companies and banks made the big money from the West - not the cowboys.) The people who saw the romance in the Old West Myth never lived it.

In the case of the 2.4 GHz frequencies used for Wi-Fi services the Cowboys own nothing, save the equipment they're using to deliver DSL services to a few businesses. They don't own the frequencies. They don't have any right to "flood the channels." The frequencies are unlicensed, available only because those who use them promise to play nice with one another.

While the Administration uses the images of the Old West, in fact it stands for the expansion of entrenched power over the telecomm sector. It will be ironic if the Cowboys are ruined by those they've put into power, but if it happens it won't be the first time.

The Wi-Fi Crackdown

There was fear and trepidation on the ISP-Wireless list over last week's appearance on a WISPCON panel of an FCC official, and the possibility that the agency may launch a "crackdown" against commercial WISPs.

The "Part 15" rules under which WISPs operate are, like most things coming from government, vague enough to give authorities considerable lattitude. Are the amplifiers and antennas certified by the agency for the use to which they're being put? How much power are they putting out? These are questions any WISP must get right before the federales come by.

Much of the pre-show complaining involved vendors, who some Cowboys felt sicced the feds on 'em. I don't find that credible. But the government is walking a fine line here. These are unlicensed frequencies, available for commercial use only at the sufferance of non-commercial users. There are also inherent conflicts in these systems - DSSS radios that work within narrow channels vs. FSSS radios that spread their spectrum across the range are bound to interfere with one another. (It's like the old TDMA vs. CDMA debate, only both systems are working in the same spectrum.)

It's also fair (although the Cowboys won't admit it) to hold commercial system operators to a somewhat stricter standard than LAN operators and freenets. The commercial operators' cash should go to something.

But there's a fine line to be walked here. Commercial systems could easily be put out of business (they're illegal in Europe) by strict interpretation of the rules. (Certainly there are phone companies that will encourage it.) It's vital that innovation be protected, however, and honest operators nurtured, if Wi-Fi is to meet its promises. Fortunately the job is up to professional administrators, not the FCC's Washington-based politicians.

Time to Sell C|Net?

With Ziff-Davis teetering on the edge of bankruptcy, with CMP  and IDG  shutting once-thriving titles to stay alive, these should be grand days at C|Net.

They're anything but. The online publisher is cutting staff, and more important cutting its editorial budgets past the bone. It's sacrificing its edge because it's dependent on advertising, and you can't keep-up fancy offices and big bullpens without cash flow.

If the company were really alone in the market, this would be no big deal. But it's not. The Register of the UK has hit the U.S. market and while it doesn't have much money it does have something C|Net has lost - an edge. Since it's written by freelancers with a minimal administrative budget, The Register bows before no vendor. It stands for the readers, in all their skeptical (even cynical) glory. And it's slowly drawing the smartest of them away from C|Net.

Your Clue here is simple. The cost side of the ledger is just as important to your business model as the revenue side.

Clued-in, Clueless

Clued-in is Guy Kewney, who instead of retreating after his career at ZDNet in the UK went bye-bye, instead launched himself onto the wireless data-comms beat and may have caught the next wave in the center of its formation.

Clueless is the reporter who let a Verizon spokesman attack government-owned ISPs in areas it doesn't serve without questioning it. A Verizon vice president actually went on record saying a local service in an area not served by Verizon broadband "undermines our incentive." The idea that municipalities in 11 states, including Virginia, are barred from serving needs the Bells refuse to meet is a scandal, a big story. Yet it's being ignored.

A-Clue.Com is a free email publication, registered with the U.S. Copyright Office as number TXu 888-819. We're on the Web at http://www.a-clue.com.