Son of a bitch!
I was sitting around in my car waiting for a friend to get ready and left Kismet running while I waited. The only thing active was an AP with SSID turned off, but there were lots of packets coming in, so obviously it was currently in use. So here I am just listening to the 'thump, thump' of the encrypted packets coming in and then, suddenly, after about 5 minutes, low and behold, the bastard was revealed! The SSID 'No Hackers Allowed' appeared in place of NO SSID! I shit you not! The only thing I can think of that correlated with the sudden discovery was a Weak WEP packet, as I hadn't stayed in one place long enough prior to that spot to capture any others, and I noticed right away that the count went up from 0 to 1.
I didn't realize it was that easy to get an SSID name, even on those APs that have the SSID broadcast turned off. I wonder if there's any way, from a security standpoint, to prevent this? Or at least harden it from happening? Of course, there's not much that a malicious cracker could do with just the SSID since WEP still has to be dealt with, but still... I wonder how many people name their SSIDs with revealing info, such as the locations of where they are at? Could definitely provide a social engineering hook to those who really wanted to penetrate the AP.
"Yeah, Joyce, this is Bob over at corporate. I need the password to the wireless access point on the second floor... yeah, the one with the 'hidden' SSID of 2ND FLOOR TOP SECRET."
"Well Bob, since you know the name of the hidden SSID which we all know is impossible for those evil 'war-drivers' to detect since we have the broadcast turned off and are using super-secure WEP encryption to protect it, you must be legit and not one of those evil hackers trying to gain unauthorized access into our most trusted networks, so here the password is..."
"Thanks, Joyce. Those damn hackers... always trying to butt their noses into other people's business. Didn't their mommy ever teach them that curiosity killed the cat? Well, gotta run, Joyce. Better get a head-start on these APs that I need to... double-check. I trust its the same password for all of them?"
"Of course, Bob."
"Your secrets are safe with me. MUAHAHAHA."