RenderMan to the rescue

Contained in today's Globe And Mail is the latest issuse of TQ, the paper's quarterly technology magazine. I wrote the cover story about wireless security hacker Brad "RenderMan" Haines. He's a talented white hat hacker based in Edmonton, and the profile raises a lot of important issues about wireless security. The full text is up on the Globe's website, and I've pasted it below.

RenderMan to the rescue

Dressed in a black trench coat and his trademark fedora, Brad Haines cruises city streets and malls on the hunt for wireless networks that are prime targets for hacking. Just be grateful he's one of the good guys

CRAIG SILVERMAN
Globe and Mail
July 22, 2008

One day last December, Brad Haines pulled a long black trench coat over his black shirt and pants, perched his trademark black fedora on top of his straight, shoulder-length hair and strapped on a backpack filled with a laptop and other electronics. And, like many people in Edmonton during the holiday season, he headed to the West Edmonton Mall.

The mall is home to more than 800 stores and occupies a space equivalent to roughly 48 city blocks, so Haines knew he'd have no trouble finding gifts. But he wasn't here to shop. No, this expedition was all work. His mission: Take a "warwalk" of North America's largest mall, using his equipment to search out unsecured wireless networks as he walked past the building's stores. (Do it in a car and it's called wardriving; on public transit, it's warriding.) The point of wardriving isn't to actually access anyone's wireless network—that could result in warjailing. Rather, the idea is to simply survey the number of wireless networks within the building, evaluate their level of security and alert the owners to any vulnerabilities.

Haines, 28, had been wardriving through the streets of Edmonton since 2002 and had catalogued roughly 80,000 wireless networks, whether home-based or those belonging to companies. But the mall represented uncharted territory. "Nobody had done a good wireless survey of the West Edmonton Mall, and if you throw in Christmas shopping crowds, it's a little more interesting," he says. "Everything lined up for a really good guerrilla analysis, because you have big crowds and a massive amount of spending going on. If you're thinking as an attacker, that's the time of year you want to do something, because there are so many more targets."

Haines's fondness for wardriving, plus his all-black "uniform," would lead the average executive to conclude that he's a nefarious hacker. But since he first began mapping WiFi networks in and around Edmonton, Haines has become well known as a wireless security expert, often consulting for companies and government agencies (non-disclosure agreements prevent him from naming names). And he's regularly invited to speak at major security and hacking conferences in North America and Europe, including DefCon, ShmooCon and Hackers On Planet Earth, or HOPE. (A few of his recent presentations: "Legal and Ethical Aspects of Wardriving," "Standards Bodies ... What Were These Guys Drinking?" and "New Wireless Fun From the Church of WiFi.")

Though his trademark headgear says otherwise, Haines is a so-called "white hat" hacker—one of the good guys. His corporate clients know him as Brad Haines, but he has earned the most notoriety as RenderMan, the alias he uses online and within the WiFi hacking community. Haines maintains a Website, renderlab.net, where he posts his research, reports, presentations and the occasional article. "He's pretty well known, and he's well received at the [hacker] conventions," says Frank Thornton, a Vermont-based security consultant and the co-author of Wardriving & Wireless Penetration Testing. "He's a role model for some of the people out there who are getting into this stuff."

One of Haines's key contributions to the wardriving community is a code of ethics (see page 46). It dictates that wardrivers must never connect to a network they discover, should always obey traffic laws and stay off of private property, and never use the data collected for personal gain. The seven-point list also says wardrivers should adopt the hiker motto of "take only pictures, leave only footprints." "It's one of the things he's really well known for," Thornton says.

The countless hours spent mapping and analyzing thousands of wireless networks has enabled Haines to see firsthand the rapid growth of wireless Internet access in homes and businesses, and the lack of effort put into securing them. "To put it in perspective, the first time I went out wardriving in 2002, I found 25 networks in an evening driving all over downtown Edmonton," says Haines. "I can now drive around my block and get 25 networks."

He says that five or six years ago, roughly 70% of wireless networks were completely unprotected. That means that no encryption (such as the standards WEP and WPA) was used to protect the data flowing over the network, and no password was required to join. Today, that number has shrunk to 30%, but it's still dangerously high when you factor in the huge growth in the number of networks, and the fact that many of them are now run by companies. "In absolute numbers, there are more unsecured business networks out there than before, because there's a high underlying growth," says Toffer Winslow, vice-president of product management for encryption company RSA. His company conducted a study of wireless networks in 2007 that revealed that 25% of business networks in New York, London and Paris had no encryption whatsoever. A year earlier, a survey by research firm Gartner Inc. found that 64% of U.S. businesses were planning to expand their use of wireless networks.

At the time, analyst Rachna Ahlawat said wireless networks were fast becoming a "standard part of enterprise networks, covering entire facilities, not just meeting rooms."

That means they've also become a standard target for those looking to infiltrate corporate networks. One particularly devastating corporate wireless security breach was on Haines's mind as he began planning his mall warwalk late last year. The victim was TJX Cos. Inc., a company that operates discount chains such as T.J. Maxx and Marshalls in the U.S., and Winners and HomeSense in Canada. In January, 2007, TJX revealed that attackers had gained access to systems that process and store transaction data. This enabled them to steal customer credit card numbers and driver's licence information. In the end, more than 45 million credit card numbers were compromised between 2005 and early 2007, making it the largest breach on record. "The chink in their armour seems to have been their wireless network," Haines says. "It had been a year since that happened, and so many people I know had to get new credit cards because of it. My thought was: Has anybody actually learned anything?"

Read more

July 23, 2008 | Filed Under Feature articles, Magazine articles, The Globe And Mail | 1 Comment 

Ms. Julie and me

The Quebec Writers' Federation has come up with a wonderful campaign to help raise the profile of Quebec's English-language authors. It's called Love Ms. Julie and I was lucky enough to be included.

Ms. Julie is, according to a description of the program by Quill & Quire, a "saucy Quebec librarian with a thing for Quebec writers." The character is featured on a blog and inside a "scrapbook" that includes a listing of recent books by Quebec authors and pictures of Julie hangin' with authors. Here's the two of us (oh what Photoshop can do!):

The shot, taken by Liam Maloney, is also featured in the scrapbook, which was sent out to Canadian literary festivals and other publishing folk. Ms. Julie was also seen cavorting around Book Expo Canada. You can check out the details here.

If you want to take part, grab your copy of my book (you bought it, right?) and snap a fun picture of you reading it. Then send it to me and I'll get it added to the Love Ms. Julie blog.

July 22, 2008 | Filed Under Regret the Error Book, Regret the Error Press | 3 Comments 

UPDATED: A night at the Press Club, a grant from the Canada Council

I'm back from attending the National Press Club Awards Dinner in Washington on Monday. I spent the morning at the Newseum, and you can read my report about it here. I also had lunch with Slate's Jack Shafer.

That evening, I attended the awards dinner and was lucky enough to meet two other winners in the press criticism category: David Folkenflik, the NPR media reporter who won the Arthur Rowse Award in the broadcast category, and Rachel Smolkin, who picked up two awards. She won for her body of work at American Journalism Review and for her excellent AJR story about the Duke Lacrosse scandal. It was also a treat to meet Arthur Rowse, the namesake of the award.

I also had a chance to talk about corrections with USA Today editor Ken Paulson, and meet Alicia C. Shepard, the NPR Ombudsman.

UPDATE July 24: I just received word that the Canada Council for the Arts has awarded me a travel grant for my trip to Washington. This money, which is greatly appreciated, will cover my expenses for the trip. I'm pleased to acknowledge the support of the Canada Council for the Arts, which last year invested $20.1 million in writing and publishing throughout Canada, and invested $37.8 million in the arts in Quebec. Thank you!

Here's a pic of my lovely award:

July 17, 2008 | Filed Under Awards, Media Criticism, Regret the Error Book | 1 Comment