----- Original Message ----- From: "Major Variola (ret)" <mv@cdc.gov> Subject: Mixmaster is dead, long live wardriving
At 07:47 PM 12/9/04 -0800, Joseph Ashwood wrote:
If the Klan doesn't have a right to wear pillowcases what makes you think mixmaster will survive?
Well besides the misinterprettaion of the ruling, which I will ignore, what makes you think MixMaster isn't already dead?
OK, substitute "wardriving email injection when wardriving is otherwise legal" for Mixmastering, albeit the former is less secure since the injection lat/long is known. And you need to use a disposable Wifi card or at least one with a mutable MAC.
Wardriving is also basically dead. Sure there are a handful of people that do it, but the number is so small as to be irrelevant. Checking the logs for my network (which does run WEP so the number of attacks may be reduced from unprotected) in the last 2 years someone (other than those authorized) has attempted to connect about 1000 times, of those only 4 made repeated attempts, 2 succeeded and hit the outside of the IPSec server (I run WEP as a courtesy to the rest of the connection attempts). That means that in the last 2 years there have been at most 4 attempts at wardriving my network, and I live in a population dense part of San Jose. Wardriving can also be declared dead. Glancing at the wireless networks visible from my computer I currently see 6, all using at least WEP (earlier there were 7, still all encrypted). I regularly drive down through Los Angeles, when I have stopped for gas or food and checked I rarely see an unprotected network. The WEP message has gotten out, and the higher security versions are getting the message out as well. Now all it will take is a small court ruling that whatever comes out of your network you are responsible for, and the available wardriving targets will quickly drop to almost 0. Wardriving is either dead or dying.
Or consider a Napster-level popular app which includes mixing or onion routing.
Now we're back to the MixMaster argument. Mixmaster was meant to be a "Napster-level popular app" for emailing, but people just don't care about anonymity. Such an app would need to have a seperate primary purpose. The problem with this is that, as we've seen with Freenet, the extra security layering can actually undermine the usability, leading to a functional collapse. If a proper medium can be struck then such an application can become popular, I don't expect this to happen any time soon. Joe