Yet another way for law abiding citizens to find themselves in breach of the
law, then:
http://news.bbc.co.uk/1/hi/technology/4721723.stm
[quote]
A recent court case, which saw a West London man fined £500 and sentenced to
12 months' conditional discharge for hijacking a wireless broadband
connection, has implications for almost every user of wi-fi networks. It is
believed to be the first case of its kind in the UK, but with an estimated
one million wi-fi users around the country, it is unlikely to be the last.
"There are a lot of implications and this could open the floodgates to many
more such cases," said Phil Cracknell, chief technology officer of security
firm NetSurity. Details in this particular case are sketchy although it is
known that Gregory Straszkiewicz had "piggybacked" on a wireless broadband
network of a local Ealing resident, using a laptop while sitting in his car.
>I often wondered whether it was legal to do so, having had neighbours hijack
>my connection, and having discovered that my own kids were sometimes
>inadvertently hijacking a neighbour's connection.
>
>Yet another way for law abiding citizens to find themselves in breach of the
>law, then
I don't have a lot of sympathy - anyone who doesn't put security on
their wireless network deserves all they get as far as I am concerned.
Paul.
--
. A .sig is all well and good, but it's no substitute for a personality
. Humour is very subjective. One man's light-hearted comment is another's insult.
. Is there a moron carrot above? Have you replied to it? Are you sure?
. EMail: Unless invited to, don't. Your message is likely to be automatically deleted.
Unless you're caught sitting outside with a laptop I'd imagine it would be very difficult to prove.
> I often wondered whether it was legal to do so, having had neighbours hijack
> my connection, and having discovered that my own kids were sometimes
> inadvertently hijacking a neighbour's connection.
>
> Yet another way for law abiding citizens to find themselves in breach of the
> law, then:
>
About bloody time!
I have been arguing that this was against the law for years, and always
get met with the response "where is the case law then".
And it isn't a way for law abiding citizens to find themselves in breach of
the law. It has to be done knowingly before it is illegal.
When you are sitting in a car piggybacking on whatever open network you can
find, that is obviously knowingly accessing without authorisation.
But when you accidentally pick up the neighbours' instead of your own, that
is a different kettle of fish entirely.
But it is still a good idea to secure your own network - and change the
SSID. If you don't change the SSID, then any neighbours with the same brand
of router will have the same SSID, and your laptops won't usually know
which one they are accessing.
--
Alex Heney
Global Villager
That must be wonderful! I don't understand it at all.
To reply by email, my address is alexATheneyDOTPLUSDOTcom
Agreed. I now use security on my home wireless broadband. It does
unfortunately mean that when my kids are trying to connect, their computers
connect them to the neighbour's service and seemingly I can't prevent that.
Or at least, if there is a way I'd like to know it.
The suggestion is, though, that if you go looking for free wireless
connections you are likely to be breaking the law as soon as you make a
connection to someone's service. Not a lot of people know that, I should
think.
>But it is still a good idea to secure your own network - and change the
>SSID. If you don't change the SSID, then any neighbours with the same brand
>of router will have the same SSID, and your laptops won't usually know
>which one they are accessing.
Agreed. And setting the router to not broadcast the SSID is good too.
> "Paul Harper" <pa...@harper.net> wrote in message
> news:6i9he1hog3fnnt9li...@4ax.com...
>> On Thu, 28 Jul 2005 10:08:10 +0100, "The Todal" <deadm...@beeb.net>
>> wrote:
>>
>>>I often wondered whether it was legal to do so, having had neighbours
>>>hijack
>>>my connection, and having discovered that my own kids were sometimes
>>>inadvertently hijacking a neighbour's connection.
>>>
>>>Yet another way for law abiding citizens to find themselves in breach of
>>>the
>>>law, then
>>
>> I don't have a lot of sympathy - anyone who doesn't put security on
>> their wireless network deserves all they get as far as I am concerned.
>
> Agreed. I now use security on my home wireless broadband. It does
> unfortunately mean that when my kids are trying to connect, their computers
> connect them to the neighbour's service and seemingly I can't prevent that.
> Or at least, if there is a way I'd like to know it.
>
Quite easy.
All wireless routers I am aware of have the facility to change the SSID (it
usually defaults to something like "NETGEAR", or "3COM").
If you change it to something unique to you, and then set the kids laptop
to only connect to that network, rather than to "any network in range",
then they should always use yours.
--
Alex Heney
Global Villager
You have to be sharp to be on the cutting edge.
Have you mentioned it to your neighbour, in case he's unaware of
people using his unsecured network, or unaware that it should be
secured? (Or is he likely to punch you out rather than thank you?)
FWIW, I set up a laptop for my sister-in-law this past spring which,
out of the box, was set up to search for networks. It picked up 5,
exactly *none* of which were secured. 4 of them were wireless Internet
connections, but one of them was an unsecured wireless LAN for the
local branch of Deloitte & Co -- the accountants/whatever firm.
I wasn't surprised to see the home networks, but an unsecured company
LAN?
--
Cheers,
Harvey
> FWIW, I set up a laptop for my sister-in-law this past spring which,
> out of the box, was set up to search for networks. It picked up 5,
> exactly *none* of which were secured. 4 of them were wireless Internet
> connections, but one of them was an unsecured wireless LAN for the
> local branch of Deloitte & Co -- the accountants/whatever firm.
>
> I wasn't surprised to see the home networks, but an unsecured company
> LAN?
Just because they aren't using WEP/WPA or MAC Filterting doesn't mean
there isn't any security. Its possible they are using some other
security (ie. a VPN). The only way to find out is to connect.
--
Chris.
True -- and I didn't try it, so I can't say if they were.
I was just surprised to see what looked like a potentially gaping hole,
and would have thought their IT guys should have secured it -- and made
it *look* secure -- from all angles.
--
Cheers,
Harvey
no, its not a suggestion. It has been law for a wee while now.
> that if you go looking for free wireless connections
Yup - ***IF YOU GO LOOKING***
> you are likely to be breaking the law as soon as you make a connection to
> someone's service. Not a lot of people know that, I should think.
I think you think wrong.
I also think you are making a mountain out of a molehill. The perp as
reported in The Register 3 days ago was actively driving around the
neighbours looking for open connections. Hardly the same as your kids
linking inadvertently to your neighbours connection is it?
g.
Exactly.
Methinks Todal has over-reacted a little to the reported case.
The police arent going to be banging down your door at 4am Todal.
g.
With the large number and proximity of WiFi networks now appearing, even
residentially, and the limited number of useable channels available, at
least different SSIDs usually means that a few different networks can
co-exist on the same channel without undue stress or problems. With a common
SSID, who knows where you might be connected!
Pierre
"Paul Harper" <pa...@harper.net> wrote in message
news:ejahe1lvakigbeobe...@4ax.com...
Hmmm. I'll have a go. I seem to remember that you can anyway ask your
computer for a list of wireless services and can then ask it to connect to
one, even if the default is your own one. I might be wrong. I would feel a
bit uncomfortable asking the neighbour to use security in case my kids
browse their network, because I don't know how the neighbour would react to
that.
Simply having a visible SSID doesn't make it unsecure.
--
Alex
Hermes: "We can't afford that! Especially not Zoidberg!"
Zoidberg: "They took away my credit cards!"
www.drzoidberg.co.uk www.ebayfaq.co.uk
That is *not* a good idea. It acomplishes nothing of value, but
it does make it difficult for people to *avoid* your network.
--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) fl...@apaflo.com
Yes. Set your own network up to be WiFi secure.
>And setting the router to not broadcast the SSID is good too.
Has no practical benefit. SSID doesn't need to be broadcasted for the
WiFi network to be connected to. Better to refuse connections from
non-approved machines. Small positive benefit from broadcasting it as
the at least slightly clueful will know not to attempt to try and
connect to it
(especially if you've changed the SSID).
--
Pedt
The motto of the French Navy used to be "a l'eau, c'est l'heure", but they
had to change it after they worked out why the British Navy cracked up every
time they said it.
You can, but the problem with that is if the two of you have the same brand
of router (say Netgear), with default settings, then it won't know which is
your "NETGEAR" network, and which is their "NETGEAR" network.
That is why (apart from a little added security) I say to change the SSID.
--
Alex Heney
Global Villager
Please Tell Me if you Don't Get This Message
> Paul Harper <pa...@harper.net> wrote:
>>On Thu, 28 Jul 2005 10:43:45 +0100, Alex Heney <m...@privacy.net>
>>wrote:
>>
>>>But it is still a good idea to secure your own network - and change the
>>>SSID. If you don't change the SSID, then any neighbours with the same brand
>>>of router will have the same SSID, and your laptops won't usually know
>>>which one they are accessing.
>>
>>Agreed. And setting the router to not broadcast the SSID is good too.
>
> That is *not* a good idea. It acomplishes nothing of value, but
> it does make it difficult for people to *avoid* your network.
Huh?
It certainly does no such thing. Unless, of course, you have left it to the
default value, which both Paul and I were suggesting be changed first.
It means that "casual" browsers won't see it at all, so there is no danger
of them connecting to it. It most certainly does not make it difficult for
them to avoid it.
--
Alex Heney
Global Villager
Oxymoron: Safe Sex.
I think you think wrong. I think many people buy their wireless gear in the
belief that free internet is available, and there was a time occasionally
the newspapers would tell you where there was free wireless broadband to be
had. A typical journalist's view is at
http://www.guardian.co.uk/online/story/0,,1383604,00.html
>
> I also think you are making a mountain out of a molehill. The perp as
> reported in The Register 3 days ago was actively driving around the
> neighbours looking for open connections. Hardly the same as your kids
> linking inadvertently to your neighbours connection is it?
Is it? Or isn't it?
I shut off my kids' internet access at 11pm. Hypothetically (of course) they
might then, with my knowledge, try to circumvent this curfew by seeing
whether they can connect to any network within range. And hypothetically (we
aren't talking about young infants, here) they might browse any available
files on that network. If I am the householder and I turn a blind eye to
this, I think I might be liable.
Disabling the SSID broadcast has *no* security value. Enabling
the SSID broadcast *does* allow others to easily notice that a
given channel is being used and should be avoided.
>It means that "casual" browsers won't see it at all, so there is no danger
>of them connecting to it. It most certainly does not make it difficult for
>them to avoid it.
It only means that the "casual" browsers might not see it
/quickly/; but anyone who is intent on finding something to
break into *can* find it... if it is turned on and absolutely so
if it is actually being used.
It most certainly *does* make interference possible to avoid
too. That is the purpose of having it "broadcast", which merely
makes it available at regular (short) intervals. That way
someone who is setting up a network *can* see it immediately,
and realize that setting up on that channel will cause
interference. If the broadcasts are disabled it is less likely
that *your* network will be avoided!
I never thought they were. But see my other post in this thread. If the
unauthorised access is known to me and is done on a regular basis I think
there might be a knock not necessarily at 4am but maybe later in the day.
Scenario: your neighbour is puzzled that his broadband performance is slow.
He gets an expert like you to come and check whether his system is working
properly. He is told "there's your problem - the people next door are using
your connection and they seem to be downloading stuff using Kazaa and
Limewire all day and all night. Do you like your neighbour? If not, let's
tell the police".
But for all Todal knows somebody could have been connecting to his
network and trawling "dodgy" websites ...
Would explain the reason why the police might want to batter his door at
4.00am
--
Mr X
> In message <ejahe1lvakigbeobe...@4ax.com>, at 10:51:03 on
> Thu, 28 Jul 2005, Paul Harper <pa...@harper.net> wibbled
>>On Thu, 28 Jul 2005 10:43:45 +0100, Alex Heney <m...@privacy.net>
>>wrote:
>>
>>>But it is still a good idea to secure your own network - and change the
>>>SSID. If you don't change the SSID, then any neighbours with the same brand
>>>of router will have the same SSID, and your laptops won't usually know
>>>which one they are accessing.
>>
>>Agreed.
>
> Yes. Set your own network up to be WiFi secure.
>
>>And setting the router to not broadcast the SSID is good too.
>
> Has no practical benefit. SSID doesn't need to be broadcasted for the
> WiFi network to be connected to.
It has two practical benefits.
1. Those who are trying to connect to "any open network" but just casually
(i.e. without the software required to do it "properly" won't even see your
network.
2. Those whose computer brings up a list of available networks and then
just click on one of them can't accidentally click on the wrong one.
> Small positive benefit from broadcasting it as
> the at least slightly clueful will know not to attempt to try and
> connect to it
> (especially if you've changed the SSID).
Well *only* if you have changed the SSID.
And if you have, then those people won't even see it if you don't broadcast
it.
The only time there is *NO* benefit in hiding SSID is if you haven't
changed it.
--
Alex Heney
Global Villager
Going the speed of light is bad for your age.
>I would feel a
>bit uncomfortable asking the neighbour to use security in case my kids
>browse their network, because I don't know how the neighbour would react to
>that.
Why don't you just print off a copy of that article from the BBC website
you referred to and show it to your neighbour saying something like
"hey, have you seen this article about people hijacking wireless
networks? I'll have to make sure *my* network is secure ..." etc, etc
--
Mr X
>It means that "casual" browsers won't see it at all, so there is no danger
>of them connecting to it. It most certainly does not make it difficult for
>them to avoid it.
If a wireless router can't "see" the SSID is there a danger it will
plonk its carrier onto the same channel as the SSID it can't "see"?
I think this is what the other poster is meaning.
--
Mr X
>The only time there is *NO* benefit in hiding SSID is if you haven't
>changed it.
Yup. If you don't want people connecting to the network, why broadcast
its (specific) presence?
It would be very easy to prove as the router keeps a log of the MAC
addresses of the WiFi cards used to access it. The address is stored for
something like 24 to 48 hours.
I seem to recall some of our more dodgy bretheren across the pond have
a policy of making sure that their wi-fi network is *not* secured, and
advertising that fact, so that if any wrongdoings are detected by
their ISP they can claim that there is doubt about who did it, thereby
avoiding the legal consequences (criminal and, less likely, civil).
Is that a possibility over here ?
Cheers,
John
Does this mean that you also think anyone who is careless enough to leave their
front door unlocked "deserves all they get" if they are burgled? Do you think
thieves should not be prosecuted if they steal from people who have not taken
adequate precautions against this?
In fact, if you think about it, anybody who has anything stolen from them could
be said not to have taken adequate precautions, because if the precautions *had*
been adequate the items would not have been stolen, so on that basis any theft
is exonerated if the thief can carry it out successfuly.
Personally I prefer the old-fashioned morality wherein theft is wrong, the
wrongness being defined on the basis of who the stolen items belong to, and
nothing whatsoever to do with whether it is easy or difficult for the thief to
take them.
Rod.
Doesn't matter what it looks like as long as it is secure.
<snip>
>All wireless routers I am aware of have the facility to change the SSID (it
>usually defaults to something like "NETGEAR", or "3COM").
>
>If you change it to something unique to you, and then set the kids laptop
>to only connect to that network, rather than to "any network in range",
>then they should always use yours.
Indeed. The configuration I use is a broadband 'modem', with *two*
wireless routers hooked-up to it. One with site-specific SSID, WEP
configured at 128 bits, for our 'private' LAN. The other with default
SSID and no security, for guests who bring laptops, and as a useful
public service.
By setting up an unsecure default network I consider I'm inviting J.
Random Hacker to use it.
Mike
--
http://www.corestore.org
'As I walk along these shores
I am the history within'
I don't see why not. There's no law that I know of that states that you
have to (attempt to) secure your network (or house or car for that
matter. Guns yes but not the rest).
Therefore it's pretty simple to introduce reasonable doubt and that's
all you need to do to defeat a prosecution which in a criminal case has
to be "beyond reasonable doubt".
The only problem is that Derby Constabularly for example are a year
behind evidence collection in kiddie porn alone, let alone anything
else. They have racks of computers awaiting forensic inspection so
you'd lose your PC for a long time if nothing else.
David.
Why would you feel uncomfortable? If you noticed your neighbour had
left their car unsecured would you not tell them? I'm sure if you just
let them know that *anybody* can access their network they would
tighten security.
>In article <6i9he1hog3fnnt9li...@4ax.com>, Paul Harper wrote:
>> >I often wondered whether it was legal to do so, having had neighbours hijack
>> >my connection, and having discovered that my own kids were sometimes
>> >inadvertently hijacking a neighbour's connection.
>> >
>> >Yet another way for law abiding citizens to find themselves in breach of the
>> >law, then
>>
>> I don't have a lot of sympathy - anyone who doesn't put security on
>> their wireless network deserves all they get as far as I am concerned.
>
>Does this mean that you also think anyone who is careless enough to leave their
>front door unlocked "deserves all they get" if they are burgled? Do you think
>thieves should not be prosecuted if they steal from people who have not taken
>adequate precautions against this?
Your analogy and conclusion are both flawed.
Having an unsecured and fully-announced wireless network is like
leaving your door not only unlocked, but wide open with a "please help
yourself" sign outside. In such an instance, I definitely have no
sympathy.
Also, you assume that because I have no sympathy with the "victims", I
think that the people taking advantage of the blind stupidity of those
with open networks shouldn't be prosecuted. Where did I say that?
Apart from those, you're spot-on.
>On Thu, 28 Jul 2005 10:08:10 +0100, The Todal in message
><news:3krljuF...@individual.net> wrote:
>
>> I often wondered whether it was legal to do so, having had neighbours hijack
>> my connection, and having discovered that my own kids were sometimes
>> inadvertently hijacking a neighbour's connection.
>>
>> Yet another way for law abiding citizens to find themselves in breach of the
>> law, then:
>>
>
>About bloody time!
>
>I have been arguing that this was against the law for years, and always
>get met with the response "where is the case law then".
>
>And it isn't a way for law abiding citizens to find themselves in breach of
>the law. It has to be done knowingly before it is illegal.
>
>When you are sitting in a car piggybacking on whatever open network you can
>find, that is obviously knowingly accessing without authorisation.
Not necessarily.
I know of several people who not only are aware that their broadband
connections are being piggy backed, but actually encourage it. This
guy does exactly the same thing
Its one way of spreading internet availablilty in small communities
where not everyone wants to invest in their own ISP account, although
I'm not sure whether the guys doing the "providing" are breaking the
T&CS of their own contract with their ISP.
It seems to me it would only be an offence if the person hijacking the
connection *knew* that their access was unauthorised. If a wireless
network is wide open from a security point of view, I wonder whether
you could mount a defence on the basis that you assumed it was done
intentionally (which, as I say above does happen), and had no reason
to assume otherwise. As I understand it, a prosecution would have to
prove that you knew it *wasn't* authorised, which isn't immediately
obvious if the security is wide open or non-existent
Brian
>and there was a time occasionally the newspapers would tell you where
>there was free wireless broadband to be had.
When a London council sets up a free, public access, service for anyone with
a suitably equipped (wireless-enabled) device, then yes, one can get a mixed
message... On Islington's web site: "The Technology Mile runs from Highbury
Corner to the Angel along Upper Street and provides free wireless internet
access to local businesses, residents and visitors to Islington. It is the
largest free access zone in London and supports the A1 Borough project."
--
runbox.com - 1000 MB of mail storage and 100 MB for files...
30 day free trial... <http://web.vfm-deals.com/runbox/>
Can accept mail for your domain and apply filtering...
Point your MX record to mx.runbox.com and use POP/IMAP...
Not quite the same. It's easy for anyone to understand an open door, but less easy,
particularly for a novice, to understand computer networking. In either case, theft
is still theft, whether it's easy or difficult for the thief to accomplish.
And where is the "please help yourself" sign? Please don't say that the mere
existence of a wireless access point that *can* be accessed amounts to an
invitation to do so. You might as well say that parking my car outside is an
invitation for somebody to scratch it - because they can - or that leaving my
windows without bars on them is an invitation for somebody to break them - because
they can - or perhaps that leaving my house without a 24 hour armed guard is an
invitation for somebody to set fire to it - because thay can - but where would this
line of reasoning end?
> Also, you assume that because I have no sympathy with the "victims", I
> think that the people taking advantage of the blind stupidity of those
> with open networks shouldn't be prosecuted. Where did I say that?
You didn't say it. I didn't say that you said it. I was *asking* if it reflected
what you thought because it seemed to follow from what you *had* said. Thank you
for clarifying the matter.
Rod.
Agreed, but is it right to assume wireless networks are public property
unless otherwise indicated?
Think of an open door. Would you assume it meant anyone was invited to
enter unless otherwise indicated, or would you assume it was private
property unless otherwise indicated? Even if you did think it was
acceptable to enter without asking (e.g. into a shop), would you then
assume the right to take things or use things without asking?
Rod.
| > Unless you're caught sitting outside with a laptop I'd imagine it would be
| very difficult to prove.
| >
|
| It would be very easy to prove as the router keeps a log of the MAC
| addresses of the WiFi cards used to access it. The address is stored for
| something like 24 to 48 hours.
On certain types of computer, it's very easy to spoof a MAC address.
Someone of criminal inclination could even spoof his neighbour's MAC
address while downloading dodgy pictures.
I think an expert witness would soon demolish a "proof" based on MAC
address.
Mike.
>In article <37lhe1hjevahbveg6...@4ax.com>, Bigbrian wrote:
>> I know of several people who not only are aware that their broadband
>> connections are being piggy backed, but actually encourage it. This
>> guy does exactly the same thing
>>[...]
>> It seems to me it would only be an offence if the person hijacking the
>> connection *knew* that their access was unauthorised.
>
>Agreed, but is it right to assume wireless networks are public property
>unless otherwise indicated?
>
That would probably depend on how widely available actual public
property networks become
Brian
I don't think that should matter, so long as the SSIDs are different. It
may reduce the available bandwidth a bit, but it won't leave you connected
to the wrong network.
What I thought he meant was that if the SSID is visible, then you will see
it in the list, and can tell your PC not to connect to it.
But if it isn't, AND the SSID happens to be one you have connected to
before, then your PC may connect to it without it ever showing in the list
to be de-selected.
--
Alex Heney
Global Villager
A man needs a good memory after he has lied.
>On Thu, 28 Jul 2005 10:08:10 +0100, "The Todal" <deadm...@beeb.net>
>wrote:
>
>>I often wondered whether it was legal to do so, having had neighbours hijack
>>my connection, and having discovered that my own kids were sometimes
>>inadvertently hijacking a neighbour's connection.
>>
>>Yet another way for law abiding citizens to find themselves in breach of the
>>law, then
>
>I don't have a lot of sympathy - anyone who doesn't put security on
>their wireless network deserves all they get as far as I am concerned.
I think this country is wi-fi mad. I know a dozen people using wi-fi
for broadband simply because it's 'cool' - despite owning only one PC
which sits just feet away from their phone outlets. And if their
ignorance of wi-fi comes anywhere near their ignorance of the risks
involved from outdated virus checkers, and/or no anti-spyware software
or inadequate firewalls, then I'm not surprised there's account
hacking going on.
I've always used an internal adsl modem on my sole PC. My wife
fancies her own PC for business use (I'd rather she had her own too
<G>). So a modem router will be my next step.
I don't want wi-fi. I just don't see the need for it given neither PC
will be more than a few feet from the router. But I'm going to have
to search online for a 'normal' router/modem. According to the high
street shops, it's all wi-fi now - "No call for anything else these
days, sir". Usually followed by a cast-iron assurance that wi-fi has
no security issues at all!
John
>On 28 Jul 2005, The Todal wrote
>> "Paul Harper" <pa...@harper.net> wrote in message
>> news:6i9he1hog3fnnt9li...@4ax.com...
>>> On Thu, 28 Jul 2005 10:08:10 +0100, "The Todal"
>>> <deadm...@beeb.net> wrote:
>>>
>>>> I often wondered whether it was legal to do so, having had
>>>> neighbours hijack my connection, and having discovered that my
>>>> own kids were sometimes inadvertently hijacking a neighbour's
>>>> connection.
>>>>
>>>> Yet another way for law abiding citizens to find themselves in
>>>> breach of the law, then
>>>
>>> I don't have a lot of sympathy - anyone who doesn't put security
>>> on their wireless network deserves all they get as far as I am
>>> concerned.
>>
>> Agreed. I now use security on my home wireless broadband. It does
>> unfortunately mean that when my kids are trying to connect, their
>> computers connect them to the neighbour's service and seemingly I
>> can't prevent that. Or at least, if there is a way I'd like to
>> know it.
>
>Have you mentioned it to your neighbour, in case he's unaware of
>people using his unsecured network, or unaware that it should be
>secured? (Or is he likely to punch you out rather than thank you?)
>
>FWIW, I set up a laptop for my sister-in-law this past spring which,
>out of the box, was set up to search for networks. It picked up 5,
>exactly *none* of which were secured. 4 of them were wireless Internet
>connections, but one of them was an unsecured wireless LAN for the
>local branch of Deloitte & Co -- the accountants/whatever firm.
>
>I wasn't surprised to see the home networks, but an unsecured company
>LAN?
My son is a qualified network engineeer - who doesn't currently work
directly in IT after discovering that the "50,000 IT vacancies" he was
supposed to be trained to fill largely don't exist.
He's been working for an office temp agency - largely keyboard input
and clerical work. He tells me that the security holes and failures
inside some of our largest companies - including prestigious banks -
are matched only by the profound technical naivety of the people
running the systems.
He's convinced (and now so am I) that a huge proportion of so-called
identity theft comes from *within* the banking and financial services
industry.
He soon learned that it didn't pay to raise an alarm, even about the
most glaring security dangers. It simply resulted in being told to
mind his own bloody business and remember his place - and on one
occasion at one of our largest banks being asked not to return.
No-one even seemed to worry about the security implications of what
he'd learned during his stay!!
John
>In article <fakhe11fng8aa2dsp...@4ax.com>, Paul Harper wrote:
>> >> I don't have a lot of sympathy - anyone who doesn't put security on
>> >> their wireless network deserves all they get as far as I am concerned.
>> >
>> >Does this mean that you also think anyone who is careless enough to leave their
>> >front door unlocked "deserves all they get" if they are burgled? Do you think
>> >thieves should not be prosecuted if they steal from people who have not taken
>> >adequate precautions against this?
>>
>> Your analogy and conclusion are both flawed.
>>
>> Having an unsecured and fully-announced wireless network is like
>> leaving your door not only unlocked, but wide open with a "please help
>> yourself" sign outside. In such an instance, I definitely have no
>> sympathy.
>
>Not quite the same. It's easy for anyone to understand an open door, but less easy,
>particularly for a novice, to understand computer networking. In either case, theft
>is still theft, whether it's easy or difficult for the thief to accomplish.
>
>And where is the "please help yourself" sign?
In the Wireless Network connections window.
>Please don't say that the mere
>existence of a wireless access point that *can* be accessed amounts to an
>invitation to do so. You might as well say that parking my car outside is an
>invitation for somebody to scratch it - because they can - or that leaving my
>windows without bars on them is an invitation for somebody to break them - because
>they can - or perhaps that leaving my house without a 24 hour armed guard is an
>invitation for somebody to set fire to it - because thay can - but where would this
>line of reasoning end?
It shouldn't have started because it's irrelevant.
The open invitation is on anyone's "connect" dialog box when they
fire-up their wireless networking. Connecting through doesn't
specifically require a deliberately malicious intent, merely
ignorance. All your examples require malicious intent. My analogy is
still the most accurate one.
>> Also, you assume that because I have no sympathy with the "victims", I
>> think that the people taking advantage of the blind stupidity of those
>> with open networks shouldn't be prosecuted. Where did I say that?
>
>You didn't say it. I didn't say that you said it. I was *asking* if it reflected
>what you thought because it seemed to follow from what you *had* said. Thank you
>for clarifying the matter.
I didn't think that I had.
>Think of an open door. Would you assume it meant anyone was invited to
>enter unless otherwise indicated, or would you assume it was private
>property unless otherwise indicated?
An open door on your PC is private. When you put an open door onto
someone else's PC, they're already half-way in.
In my house we all have notebook computers and it is convenient to be able
to browse the internet (or in the case of my kids, play online games and
chat incessantly using MSN Messenger) from the comfort of the living room
sofa or their bed or even out in the garden.
So that's the main advantage of wireless as far as I can see (that, and not
having to run cables all over your house). For a long time I left the
wireless network unsecured because I thought the elderly neighbours on one
side didn't use wireless-enabled computers and the younger neighbours on the
other side were too respectable to want to hack into my files. But when I
noticed that an unidentified person, possibly several houses away, had been
using my wireless broadband, I decided to use security. It took ages to
figure out how to use those security keys - the router gives you a choice of
about 4 methods and through lots of trial and error (and the need to write
down a long and rambling code consisting of numbers and letters) I managed
to get the computers to connect to the router and to do so reliably even
after rebooting.
It seemed to me that the average householder would not be able to manage
this - it simply isn't sufficiently user-friendly. Those of you who find it
easy are simply more intelligent and knowledgeable than average.
Just as a matter of interests, how did you notice it?
Brian
> The suggestion is, though, that if you go looking for free wireless
> connections you are likely to be breaking the law as soon as you make a
> connection to someone's service.
So, I visit my local Starbucks expecting there to be a free wi-fi
connection (because I read somewhere in a newspaper that
there is such a service). I connect to the strongest signal and
it happens to be the office next door.
And I've comitted an offence. I hope not.
tim
>
>I know of several people who not only are aware that their broadband
>connections are being piggy backed, but actually encourage it. This
>guy does exactly the same thing
>
>http://tinyurl.com/a7rsq
>
> Its one way of spreading internet availablilty in small communities
>where not everyone wants to invest in their own ISP account, although
>I'm not sure whether the guys doing the "providing" are breaking the
>T&CS of their own contract with their ISP.
>
>It seems to me it would only be an offence if the person hijacking the
>connection *knew* that their access was unauthorised. If a wireless
>network is wide open from a security point of view, I wonder whether
>you could mount a defence on the basis that you assumed it was done
>intentionally (which, as I say above does happen), and had no reason
>to assume otherwise. As I understand it, a prosecution would have to
>prove that you knew it *wasn't* authorised, which isn't immediately
>obvious if the security is wide open or non-existent
>
>Brian
>
Surely he is mad? The threat to his liberty from people using his
connection for copyright/illegal porn is a real one.
----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
>In article <6i9he1hog3fnnt9li...@4ax.com>, Paul Harper wrote:
>> I don't have a lot of sympathy - anyone who doesn't put security on
>> their wireless network deserves all they get as far as I am concerned.
>Does this mean that you also think anyone who is careless enough to leave their
>front door unlocked "deserves all they get" if they are burgled? Do you think
>thieves should not be prosecuted if they steal from people who have not taken
>adequate precautions against this?
That's a either a gloriously flawed analogy, or a nonsensical
question. Using a publically-available wireless network is more akin
to someone on the street at night reading a newspaper by the light
from your windows. Theft of light? If you don't want it to happen, put
up curtains.
>Personally I prefer the old-fashioned morality wherein theft is wrong, the
>wrongness being defined on the basis of who the stolen items belong to, and
>nothing whatsoever to do with whether it is easy or difficult for the thief to
>take them.
Fair enough. But what's been stolen? Where's the intention to
permanently deprive?
>On Thu, 28 Jul 2005 13:52:29 +0100, bigbrian <harr...@hotmail.com>
>wrote:
>
>
>>
>>I know of several people who not only are aware that their broadband
>>connections are being piggy backed, but actually encourage it. This
>>guy does exactly the same thing
>>
>>http://tinyurl.com/a7rsq
>>
>> Its one way of spreading internet availablilty in small communities
>>where not everyone wants to invest in their own ISP account, although
>>I'm not sure whether the guys doing the "providing" are breaking the
>>T&CS of their own contract with their ISP.
>>
>>It seems to me it would only be an offence if the person hijacking the
>>connection *knew* that their access was unauthorised. If a wireless
>>network is wide open from a security point of view, I wonder whether
>>you could mount a defence on the basis that you assumed it was done
>>intentionally (which, as I say above does happen), and had no reason
>>to assume otherwise. As I understand it, a prosecution would have to
>>prove that you knew it *wasn't* authorised, which isn't immediately
>>obvious if the security is wide open or non-existent
>>
>>Brian
>>
>
>Surely he is mad? The threat to his liberty from people using his
>connection for copyright/illegal porn is a real one.
I assume that, while people can access his connection, he's happy that
he has sufficient security over access to his hard drives that no one
can see them and plant stuff on them.
Or did you mean the traceability of his IP address from someone access
illegal material? His public statement about the wide openness of his
connection *ought* to be a pretty effective defence, but I appreciate
it comes at the cost of "pay to play" it. He might well have been
without his PC (and his front door) for some time before he gets to
make his case
Brian
| >I know of several people who not only are aware that their broadband
| >connections are being piggy backed, but actually encourage it. This
| >guy does exactly the same thing
| >
| >http://tinyurl.com/a7rsq
|
| Surely he is mad? The threat to his liberty from people using his
| connection for copyright/illegal porn is a real one.
Why? He's no more liable for the actions of people who use his WiFi node
than an ISP is liable for the actions of its customers.
Indeed, he's acting as an ISP himself.
I suppose that wouldn't stop plod from breaking his door down at four in
the morning in the mistaken belief that it was him doing these things. That
would cause some inconvenience but the case wouldn't reach court.
Mike.
Similar but not quite the same because in doing so, reading the paper
does not impact on the other light in the house. Using network
bandwidth does.
Don't confuse the propagation of a radio wave with the data that it
carries. This whole issue of "well the RF was in my back yard" just
isn't the end of the story.
> Fair enough. But what's been stolen? Where's the intention to
> permanently deprive?
Similar to joyriding. Joyriding in a car isn't theft because there's no
intention to permanently deprive the owner, just go out and have a good
thrash in someone elses car with your mates. It never seems to become
theft when the car is set fire to either for some strange reason.
This will run and run and there's no point thinking up cute analogy
after analogy because it's for the legal folk to kick it around and just
like any other legal situation, it's the one with the best argument that
wins, nothing more.
Prosecution: "but my client had WEP enabled"
Defence: "well we all know that WEP is dead and can be cracked in 10
minutes, your client was negligent in not following network security
practice and for not knowing that wireless is by its nature insecure."
etc etc etc.
David.
The option "DHCP Client List" showed two entries with names I did not
recognise. So I asked other members of the family whether friends had come
to visit with wireless laptops and they said no, and I deduced that these
must be people living several houses away.
Turning to the "Security" option in my router setup, I found a choice of
four modes: 64 Bit WEP, 128 Bit WEP, WPA-PSK (No Server) and WPA With Radius
Server, none of which meant anything to me, and with computers it is always
tempting to bring in an expert or leave well alone.
> On Thu, 28 Jul 2005 13:16:15 +0100, Roderick Stewart
> <rj...@escapetime.nospam.plus.com> wrote:
>>Does this mean that you also think anyone who is careless enough to leave their
>>front door unlocked "deserves all they get" if they are burgled? Do you think
>>thieves should not be prosecuted if they steal from people who have not taken
>>adequate precautions against this?
>
> Your analogy and conclusion are both flawed.
>
> Having an unsecured and fully-announced wireless network is like
> leaving your door not only unlocked, but wide open with a "please help
> yourself" sign outside. In such an instance, I definitely have no
> sympathy.
Rather than an open domestic front door, I think it is more like a
shop or office with the sign "Internet Access Here" and an unlocked
door. Someone using WiFi will see your 'sign' (as a network available
to use) and when they attempt to use that connection it is like
pushing the shop door, finding it open, entering and making use of the
facilities inside.
Though maybe a better analogy would be a public convenience. You would
not expect to go along a street trying all the house doors and
entering one which was open and using the loo in one you found
open. But if a door has a sign "Ladies" or "Gentlemen", as appropriate
for your sex, and is unlocked then it is an invitation to enter if you
wish to relieve yourself.
>
> Turning to the "Security" option in my router setup, I found a choice of
> four modes: 64 Bit WEP, 128 Bit WEP, WPA-PSK (No Server) and WPA With Radius
> Server, none of which meant anything to me, and with computers it is always
> tempting to bring in an expert or leave well alone.
The best option for home users (if all the computers accessing it can use
it) is WPA-PSK.
It is much more secure than either of the WEP options, and WPA Radius
server requires one PC to be set up to act as the server, and to be
permanently on, which is overkill for a home network.
But if any of the computers you have accessing it cannot use WPA (it is
relatively new), then you will have to use WEP (128 Bit obviously better).
--
Alex Heney
Global Villager
Diplomacy - the art of letting someone have your way.
If the police monitored his IP swapping illegal material on Kazaa and
then raided his house, they would only need to find a couple of dodgy
thumbnails and he would get done, regardless of whether he was the one
doing the downloading.
What you describe as a "normal" router does still exist, for example, here
are some Netgear "wired" routers:
http://www.netgear.co.uk/routers_adsl_broadband_gateway.php
However, even wireless routers usually have "normal" wired connections
available . For example, I have just bought a Netgear WGR614
(http://www.netgear.co.uk/wireless_firewall_router_wgr614.php). This has
room for 4 *wired* PCs as well as the Wireless functionality; something that
will be useful should my dad or brother ever bring their laptops round here.
However, as I said, the wireless bit of the functionality is currently
disabled.
--
Carl Waring
http://getdigiguide.com/?p=1&r=1495
Exactly - you can easily go into the router's setup screen and disable the
wireless functionality. It is a useful option to have in case you ever need
it.
> blah wrote:
>
>| >I know of several people who not only are aware that their broadband
>| >connections are being piggy backed, but actually encourage it. This
>| >guy does exactly the same thing
>| >
>| >http://tinyurl.com/a7rsq
>|
>| Surely he is mad? The threat to his liberty from people using his
>| connection for copyright/illegal porn is a real one.
>
> Why? He's no more liable for the actions of people who use his WiFi node
> than an ISP is liable for the actions of its customers.
See Godfrey vs. Demon. Plus an ISP has customers and contracts with
them which forbid the use of the connection for illegal purposes and
state that any such use is the customer's responsibility (hire car
companies do the same).
> Indeed, he's acting as an ISP himself.
But without anyone to pass the blame onto, no proof that it wasn't
himself who acted illegally.
> I suppose that wouldn't stop plod from breaking his door down at four in
> the morning in the mistaken belief that it was him doing these things. That
> would cause some inconvenience but the case wouldn't reach court.
Really? Oh well, he'll find out. Think of it as evolution in action...
Chris C
> On Thu, 28 Jul 2005 17:57:27 +0100, blah <J...@sifjis.com> wrote:
>
>>On Thu, 28 Jul 2005 13:52:29 +0100, bigbrian <harr...@hotmail.com>
>>wrote:
>>
>>>I know of several people who not only are aware that their broadband
>>>connections are being piggy backed, but actually encourage it. This
>>>guy does exactly the same thing
>>>
>>Surely he is mad? The threat to his liberty from people using his
>>connection for copyright/illegal porn is a real one.
>
> I assume that, while people can access his connection, he's happy that
> he has sufficient security over access to his hard drives that no one
> can see them and plant stuff on them.
That's not the point. He is almost certainly against his ISPs terms and
conditions, all the ones I've seen hold the account owner responsible
for all activity and ban use of the connection for illegal purposes. Or
for spamming and other net abuse, which would likely get him closed down
by his ISP.
> Or did you mean the traceability of his IP address from someone access
> illegal material? His public statement about the wide openness of his
> connection *ought* to be a pretty effective defence, but I appreciate
> it comes at the cost of "pay to play" it. He might well have been
> without his PC (and his front door) for some time before he gets to
> make his case
If I make my car available to any takers, and it is used to commit a
crime, I will be charged as an accessory to that crime. I see no reason
that providing an "open to anyone" service wouldn't be treated as the
same. Plus unless he keeps detailed logs of all transfers he has no way
of proving that it was someone else who did the transfers. Since there
is no "common carrier" law in the UK, the person who provides the
facilities is liable for what is done with them.
And it probably won't just be his PC, they'll take anything which could
hold any 'dodgy' material and it will be up to him to try to get it back
(and no guarantees of the condition it will be in).
Chris C
I'm very familiar with that case. Demon was liable *only* because it
ignored a request to cease publication, *not* because its facilities were
used to publish the libel.
| > Indeed, he's acting as an ISP himself.
|
| But without anyone to pass the blame onto, no proof that it wasn't
| himself who acted illegally.
That's not how the law works (in general). The police would have to prove
that he had done the illegal act. He wouldn't have to prove that he hadn't.
Mike.
If we're going into analogies, utterly secured networks are a bit like
unfenced land, people will wander into them, either because they assume
it is allowed, or they just don't notice. Putting any kind of security
that someone will need to circumvent in place, no matter how easy it is
to bypass, tells people that you don't want them on your network.
--
=/\= Lt. Cmdr. Jim =/\=
By our chocolate, shall they know us.
Not on behalf of any committee, real or imaginary, in this or any other
universe.
>Personally I prefer the old-fashioned morality wherein theft is wrong, the
>wrongness being defined on the basis of who the stolen items belong to, and
>nothing whatsoever to do with whether it is easy or difficult for the thief to
>take them.
Do you also believe that it is morally wrong to offer complete
strangers something for free? Is it then wrong for such strangers to
take advantage of your offer? Especially when doing so is costing the
offerer nothing at all (above what they are paying anyway)?
Because that is the position a lot of the time.
--
Cynic
>Having an unsecured and fully-announced wireless network is like
>leaving your door not only unlocked, but wide open with a "please help
>yourself" sign outside. In such an instance, I definitely have no
>sympathy.
No sympathy for *what*? What harm has been done by using the person's
network? They probably would not know about it and never find out.
So why should they get upset at all?
I guess I am a bit unusual, in that I have always been pretty
unconcerned about people using whtever I have when it of no
diadvantage to me. When I owned a house with a swimming pool, my
retired neighbours knew they were welcome to have a swim whilst I was
at work, and frequently did so. In return I enjoyed an excellent
relationship with them and often arrived home to find a crate of beer
on the doorstep. People also got to know that they were welcome to
take fruit from the trees in my front garden so long as they did not
cause damage. I usually have a tin of biscuits on my desk that
everyone knows they are free to dip into when they pass. If I have
hired an aircraft and not all the seats will be used, I'll invariably
ask around to see whether anyone might like a flight.
I have never really thought deeply about the possibility that doing
such things may be seen as suspicious or put me at significant risk of
legal action.
--
Cynic
>>Having an unsecured and fully-announced wireless network is like
>>leaving your door not only unlocked, but wide open with a "please help
>>yourself" sign outside. In such an instance, I definitely have no
>>sympathy.
>
>
> No sympathy for *what*? What harm has been done by using the person's
> network? They probably would not know about it and never find out.
> So why should they get upset at all?
What harm could be done though? Lots.
--
Chris S.
> On Thu, 28 Jul 2005 13:41:45 +0100, Paul Harper <pa...@harper.net>
> wrote:
>
>>Having an unsecured and fully-announced wireless network is like
>>leaving your door not only unlocked, but wide open with a "please help
>>yourself" sign outside. In such an instance, I definitely have no
>>sympathy.
>
> No sympathy for *what*? What harm has been done by using the person's
> network? They probably would not know about it and never find out.
> So why should they get upset at all?
>
Well the harm *may* be that they may be using the connection for criminal
purposes.
Or they may be using a lot of bandwidth - quite a few ISPs charge by the
amount of bandwidth used, and he wouldn't know which ISP the hacked user
was with.
With Plusnet, for instance, you can have services capped at as little as
1Gb/month.
And even if they don't, all ISPs base their charges on what is a
sustainable level of usage for them. If this type of connection sharing
becomes commonplace, then the total useage per subscriber will be higher,
and costs for everyone will rise.
> I guess I am a bit unusual, in that I have always been pretty
> unconcerned about people using whtever I have when it of no
> diadvantage to me.
Which is no problem, except that it *may* be of disadvantage to you here.
>
> I have never really thought deeply about the possibility that doing
> such things may be seen as suspicious or put me at significant risk of
> legal action.
I don't think it does either, in itself.
It does put you at risk of *investigation* for any criminal activity that
is traced to your connection. Whether that is a significant risk, I would
not like to say.
--
Alex Heney
Global Villager
If I save time, when do I get it back ?
> Have you mentioned it to your neighbour, in case he's unaware of
> people using his unsecured network, or unaware that it should be
> secured? (Or is he likely to punch you out rather than thank you?)
>
> FWIW, I set up a laptop for my sister-in-law this past spring which,
> out of the box, was set up to search for networks. It picked up 5,
> exactly *none* of which were secured. 4 of them were wireless Internet
> connections, but one of them was an unsecured wireless LAN for the
> local branch of Deloitte & Co -- the accountants/whatever firm.
>
> I wasn't surprised to see the home networks, but an unsecured company
> LAN?
>
Sure, the same people who buy stuff and just cluelessly plug it in at
home also do it at work. Wireless maunufacturers took the easy way out
by producing equipment that comes up in pants down no security mode as
soon as you connect it.
You can easily shut a back door. I think there is a risk he would perhaps
say something like "oh, I don't understand these things, and the man from
BT/my brother/a friend of mine came in to set up my router. I wouldn't know
how to set up security. What are you saying - you can't stop your kids
accessing my system and maybe rummaging through my files or downloading
copyrighted music on my broadband connection? That worries me. I think I'd
better talk to my lawyer. And no, I don't want you fiddling with my router
and changing the settings in ways that I don't understand, thanks very much.
"
> What are you saying - you can't stop your kids accessing my system
Response from me would be - "I was alerted to the fact your network could be
accessed. It was an accident, and couldn't have happened if it had been made
a bit more secure. Although we're unlikely to ever access it again, it isn't
beyond the realms of possibility that someone else may find your network is
open, and either make use of the internet through it, or try 'breaking in'
to any computers you have on at the time. Just thought I'd better let you
know - oh, and here's a website [hand over post-it note with URL!] which
describes the need for security with Wi-Fi"...
I don't have a URL for such a site, nor do I have any wireless kit to even
know if someone around here is tempting fate, but it'd hopefully be taken
as constructive (and mild) 'criticism', or just a friendly word :-) PGM.
--
UK ADSL <http://tinyurl.com/5jpa4> - Happy to save cash with Plus.Net!!
Of course not. If a thing is yours, it's yours to give, lend or sell as you
please, and presumably you'd make the situation clear to all concerned. I thought
we were talking about the *taking* of something belonging to somebody else. I
simply offered the thought that we should not automatically assume that somebody
else's property is on free offer unless otherwise indicated. In fact, it has been
customary in the past to assume the reverse, i.e. leave alone unless otherwise
indicated, so why should it be any different just because it's an electronic
service and not a physical object?
Rod.
I had already picked out 2 or 3 promising items on the net, but I
didn't know there were dual routers available - I'm off to look again.
Thanks for the info.
But the real point I was trying to make is that wi-fi is being pushed
at an uncritical public as though it's the only way to connect
computers. We all know it isn't - which gives us a choice. But Joe
Public shopping on the High Street may well not be getting the
information he needs to make that choice.
John
> I thought we were talking about the *taking* of something belonging
> to somebody else. I simply offered the thought that we should not
> automatically assume that somebody else's property is on free offer
> unless otherwise indicated. In fact, it has been customary in the
> past to assume the reverse, i.e. leave alone unless otherwise
> indicated, so why should it be any different just because it's an
> electronic service and not a physical object?
It is not different. Consider how wireless networking must work. It
must work in one of 2 ways. Either the 'base station' periodically
broadcasts a message "I am here and available for connection" and when
systems wish to connect they contact a base station and politely ask
"May I connect to you, please?" then (possibly after further
negotiation) the base station either grants or refuses the request. Or
the system wishing to connect 'shouts' "I wish to connect, is anyone
willing to offer me a connection" and any base stations willing to
offer connection respond "You may connect to me"
In either case, the system wishing to connect has to seek permission
from the base station before it can connect and use its facilities,
and the base station (and hence the owner of the network) is
advertising its availability for use.
Except that not everyone that cluelessly buys and implements at home is
the whole IT department at work. Sometimes yes.
David.
My goodness it doesn't take much to pass the Turing Test these days. We
need to distinguish between, on the one hand, brainless electronic
equipment following automatic procedures which are built into them during
manufacture, and of which their owners are probably unaware, and on the
other hand, a human being knowingly making an offer. It's quite common to
talk loosely of electronic devices "talking" to each other, or
"negotiating", or asking and receiving "permission", but taking this too
literally leads to sloppy thinking as it isn't ther same thing. An
electronic device following its program and responding to another
electronic device doesn't amount to "permission" at all, unless it has
the backing of a sentient being who knows what it's doing and wants it to
behave in that way.
Rod.
> My goodness it doesn't take much to pass the Turing Test these days. We
> need to distinguish between, on the one hand, brainless electronic
> equipment following automatic procedures which are built into them during
> manufacture, and of which their owners are probably unaware, and on the
> other hand, a human being knowingly making an offer. It's quite common to
> talk loosely of electronic devices "talking" to each other, or
> "negotiating", or asking and receiving "permission", but taking this too
> literally leads to sloppy thinking as it isn't ther same thing. An
> electronic device following its program and responding to another
> electronic device doesn't amount to "permission" at all, unless it has
> the backing of a sentient being who knows what it's doing and wants it to
> behave in that way.
However, nowadays a lot of security access control is handled
electronically. So I think that, in the absence of evidence of
malfunction or tampering, the assumption must be that an electronic
security access system is acting with the authorisation of, and
implementing the policies of, its owner. This should apply just as
much to the case of a wireless router allowing (or blocking) access to
a laptop PC as to the case of an ATM validating your 'access' when you
use a Chip and PIN card to withdraw money.
>Sure, the same people who buy stuff and just cluelessly plug it in at
>home also do it at work. Wireless maunufacturers took the easy way out
>by producing equipment that comes up in pants down no security mode as
>soon as you connect it.
Not all wireless router manufacturers are that negligent. 2wire.com
wireless routers are delivered with a unique SSID, password
pre-assigned, encryption enabled, and a random encryption key
assigned. These are all printed on the label on the unit, which
methinks is not a great idea, but certainly better than totally
insecure by default. If asked, most cheapo wireless manufacturers
will proclaim that shipping units secure by default will be difficult
to administer and cost too much. Well, 2Wire has been doing it
successfully for several years, so it shouldn't be too difficult to
emulate. Setups for the major ISP's are also built in:
http://www.2wire.com/?p=268
--
Jeff Liebermann je...@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558
If Joe Public relied on the salesdroid in Dixons to tell him what's
what, he's only got himself to blame.
--
Email: zen19725 at zen dot co dot uk
Surely it would be better to make it as explicit as possible that you
intend for the network to be available to all and sundry? Perhaps you
could use a SSID like "OpenAccess", "FreeForYouToUse", or "Welcome"?
Chris
Makes a remarkable amount of sense... thanks.
Mike
--
http://www.corestore.org
'As I walk along these shores
I am the history within'
He is inviting only J. Random Hacker to use it.
You are inviting the *law* *abiding* *public*!
Subtle difference... ;-)
Another, even more subtle difference, is that what *he*
considers may not be what any given law enforcement agency
considers. Only a few test cases can differentiate the two.
In his one specific case might well mean that nobody will be
convicted (even if they might get arrested and spend a night or
two in jail and have all their computers seized for a few
months) for accessing *his* unsecured default network. But in
general accessing such networks might, in addition to the arrest
and seizure, follow with a conviction and serious jail time.
That may or may not happen to any particular person, but win or
lose, *I* don't want to be the test case...
Hence "unsecured default" is not what *I* consider an "open"
system or an invitation. An unsecured network with some other
indication, which the SSID may or may not provide, is required.
For example, the "OpenAccess" SSID would be. Likewise any
likely commercial name where it is *clear* that they might want
to allow any user to access it *and* that they have the
expertise to block users too. For example, I parked next to a
Hilton Hotel once and downloaded a couple files off the Internet
to my laptop through their open wireless access. I've also
connected to a wireless at such places as Burger King.
On the other hand, if the SSID is "LinkSys", I wouldn't touch it
with your ten foot antenna!
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) fl...@apaflo.com
I think you're missing the point, which was in reply to someone who seemed to
think that an unsecured network was fair game to anybody who felt like using it.
The fact that a network is unsecured may not necessarily constitute an
"invitation" to use it as it may simply be unsecured as a result of its owner's
ignorance. Ironically, as you've pointed out, the same general ignorance that can
result in one person's property (i.e. internet service) being inadvertently
vulnerable to theft can also make someone else inadvertently commit it.
The situation is a minefield, but I don't think it gives anyone the right to
exploit someone else's ignorance by knowingly taking something that isn't theirs
simply because the owner is unaware of how to stop them.
Rod.
> Ironically, as you've pointed out, the same general ignorance that can
> result in one person's property (i.e. internet service) being inadvertently
> vulnerable to theft can also make someone else inadvertently commit it.
It's a bit different, because in this case there are many people that
intentionally allow others to use their "product." While few people
would invite strangers to use their car, or their house, many people do
in fact allow, and even encourage, strangers to use their wireless
connection.
Rather than simply associating with unsecured networks, the OS should
display a warning (at least once) that the user should obtain permission
from the owner of any unsecured wireless network before using it,
because some unsecured wireless networks are not intended for their use.
Of course there is really no way to find the owner of a wireless network.
> The fact that a network is unsecured may not necessarily constitute
> an "invitation" to use it as it may simply be unsecured as a result
> of its owner's ignorance.
But, in a legal scenario, should the owner's ignorance be taken into
account? Should there not be the presumption that the owner/operator
is responsible for correctly configuring and operating the equipment?
If someone bought a house which had a backdoor, accessible from an
alley, to the garage with the sign 'Free Apples Here' affixed to it,
put apples in the garage, did not remove the sign and kept the back
door unlocked then I am sure they would not have any valid legal
grounds for complaint if people came into the garage via the back door
and helped themselves to the apples even if they never use the back
door to the garage, did not notice it was unlocked and never walked
along the alley so were not aware of the sign.
While this may seem a ridiculous analogy, it is almost exactly the
situation of someone who (by ignorance) runs an 'open' wireless router
without changing the configuration.
>Of course there is really no way to find the owner of a wireless network.
debatable, often you could find the IP address and hence get to the
owner via ISP etc.
Phil
--
Remember - Global Warming is only a weather forecast :-)
That is indeed a ridiculous analogy, because there is *no sign* which
says "Free Apples Here". All there is is the unlocked back door.
Now, if the SSID gets changed from "Linksys" to "OpenAccess", then
yes there is a sign... and the analogy would fit that scenario.
There is one HUGE difference.
There is no big sign saying "Free wireless connection here".
If somebody left apples in their unlocked garage, but without any sign to
say they were free, then they *would* have a complaint if somebody walked
off with some.
--
Alex Heney
Global Villager
Put on your seatbelt. I'm gonna try something new.
>There is one HUGE difference.
>
>There is no big sign saying "Free wireless connection here".
There *is* if they are broadcasting (that's they key word, right
there) the SSID of the network.
Paul.
--
. A .sig is all well and good, but it's no substitute for a personality
. Humour is very subjective. One man's light-hearted comment is another's insult.
. Is there a moron carrot above? Have you replied to it? Are you sure?
. EMail: Unless invited to, don't. Your message is likely to be automatically deleted.
I think there should be a presumption that someone else's property, be
it a physical object, access to premises, or access to a service of some
kind, is NOT offered freely to all and sundry unless there is a clear
indication that it is. The mere absence of active prevention should not
be taken as such an indication.
Rod.
No there isn't. The SSID is simply an identification, not an
invitation. The registration plate on your car isn't an invitation for
somebody to drive it away, is it?
If the owner of a network has taken the trouble of changing the default
setting to something equivalent to "help yourself", then that's a clear
sign that they understand what they are doing and are consciously
making an offer, but most network owners will have no idea of what
their equipment is doing, having bought it in the simple expectation
that it will just do its job. They may be ignorant, they may be naive,
but what's theirs is still theirs and nobody has the automatic right to
take it simply because of this.
Rod.
> On Tue, 2 Aug 2005 15:02:47 +0100, Alex Heney <m...@privacy.net> wrote:
>
>>There is one HUGE difference.
>>
>>There is no big sign saying "Free wireless connection here".
>
> There *is* if they are broadcasting (that's they key word, right
> there) the SSID of the network.
>
Rubbish.
If they change the SSID to something indicating it was providing free
access, fair enough.
But just broadcasting it is absolutely NOT enough.
--
Alex Heney
Global Villager
My karma ran over my dogma
>No there isn't. The SSID is simply an identification, not an
>invitation.
That is an opinion, not a legal ruling.
Please explain how that is true?
That is like saying the back door to the garage has to be
camouflaged to hide the fact that a door exists.
Just as with broadcasting the SSID, if anyone actually uses that
hidden door it will be spotted by everyone standing in the
street watching.
Every packet sent by the AP includes the SSID in clear text; the
only thing that "broadcasting" it does is provide it at a
frequent enough rate that a quick scan (by someone who wants to
avoid interference) will spot it. Not broadcasting it merely
means the scan has to last a little longer (someone has to stand
in the street watching the garage until the door gets used).
The only way the SSID is a sign is if it is something like
"FREE_ACCESS". If it says "Linksys" that is no different that
the lock on your door saying "Shlage" on it.
>On Tue, 02 Aug 2005 12:30:34 GMT, SMS <scharf...@geemail.com>
>wrote:
>
>>Of course there is really no way to find the owner of a wireless network.
>
>debatable, often you could find the IP address and hence get to the
>owner via ISP etc.
Yes, *if* the ISP is able to map an IP address to a specific customer.
Not all do this.
>Paul Harper <pa...@harper.net> wrote:
>>On Tue, 2 Aug 2005 15:02:47 +0100, Alex Heney <m...@privacy.net> wrote:
>>
>>>There is one HUGE difference.
>>>
>>>There is no big sign saying "Free wireless connection here".
>>
>>There *is* if they are broadcasting (that's they key word, right
>>there) the SSID of the network.
>
>Please explain how that is true?
Easy.
You are broadcasting the presence of your network outside
of your premises. You are explicitly inviting people to use it,
especially if you do not put any security around it.
If you *don't* want people to use it, you would a) not broadcast it
and b) put security around it.
It's the direct equivalent of putting "help yourself" in front of a
pile of goods you leave outside your property boundary. It is
*exactly* the same as that.
>That is like saying the back door to the garage has to be
>camouflaged to hide the fact that a door exists.
No. It is nothing like that at all. Not remotely like that.
Paul (all IMO, of course)
> I think there should be a presumption that someone else's property, be
> it a physical object, access to premises, or access to a service of some
> kind, is NOT offered freely to all and sundry unless there is a clear
> indication that it is.
> The mere absence of active prevention should not
> be taken as such an indication.
In this case, the type of property is often offered freely to all,
without indication.
When a certain type of product is often given away for free, an owner of
the product that decides to not give it away, needs to make it clear
that they are not giving it away, either with a sign, or with some sort
of security.
Analogies are tough on this one. Maybe air and water from a gas station.
Many stations give it away free, even to non-customers. If free use got
out of hand, then the gas station would secure the air and water
station, and require a token to activate it, as some gas stations have
done. But normally the gas station that does give it away to anyone,
does not post a big sign that says "free air and water," they just leave
it available for anyone that wants it, because it's more trouble than
it's worth to secure it. Everyone just knows that unless it's secured,
or unless their is a sign that says "customers only" that it's okay to
use it.
Of the unsecure wireless networks I can pick up from my house, I happen
to know that some of them are offered freely, even there is no
indication in the SSID that they are free, while others are probably
just the result of the laziness of the owner to setup a secure network.
> Rubbish.
>
> If they change the SSID to something indicating it was providing free
> access, fair enough.
>
> But just broadcasting it is absolutely NOT enough.
Many of the intentionally free wireless networks do not give any
indication in the SSID that they are free. Nor do the unintentionally
free networks give any indication in the SSID that they are not free.
Windows makes it worse by simply connecting to the insecure network as
if it is available to anyone, with only a warning that the data sent
over the insecure network may not be secure.
There are so many intentionally free wireless networks, especially in
some areas, that the presumption is that any unsecured network is
available to anyone that wants to use it.