doppler
join:2003-03-31
Blue Point, NY | Wireless is not a defense for clueless
Secure it or lose everything |
|
Mellow
Premium
join:2001-11-16
Salisbury, MD
 ·HostGator
 ·Cavalier Telephone
1 edit | wh0re driving
I predict 2004 as the first year we see some innocent war driver be put in federal prison under the terrorist law. I also predict we will see martha stewart acknowledge her affair with bill gates. And I cant wait to see the distance records for wi-fi this year! |
|
russotto
join:2000-10-05
Collegeville, PA
| reply to doppler
Re: Wireless is not a defense for clueless
On what grounds? 17 USC 512(a) removes liability for those who are deliberately providing access. If the access is being provided accidentally or even against the wishes of the provider (e.g. by someone hacking WEP), there's no grounds in the first place. |
|
schja01
I need to get a life.
Premium,MVM
join:2000-04-27
Morton Grove, IL
clubs:  
 ·AT&T U-Verse
·AT&T Midwest
| Just another example of "Blame Shifting"
So I accidentally leave my front door to my home unlocked or my car door unlocked. Does that give everyone carte blanche to steal me blind?
I hope not.
J
--
As the number of components in a system approach infinity the Mean-Time-Before-Failure approaches zero. |
|
drjim
Premium,MVM
join:2000-06-13
Torrance, CA
clubs:
| WEP is flawed, BUT.......
At least it serves as a "No Trespassing" sign on your network. Just by having enabled means the 'innocent' war driver had to deliberately collect enough packets, and then deliberately run the crack to break into your network.
--
One man's Magic is another man's Engineering. |
|
W8ASA
Tieng gi vay?
join:2000-07-31
Dayton, OH
clubs:
 ·magicjack.com
·AT&T Midwest
 ·RoadRunner Cable
·Vonage
| What worries me......
is the possibility that a crime will be committed over a wi-fi network, and some coffee shop AND the equipment manufacturer will be held liable. Don't discount that possibility, either. The deeper your pockets, the more likely you are to get sued.
Or, how about someone who changes the MAC address of his network card to that of an innocent person? Could the innocent person be held liable, particularly if he didn't have an alibi for the time period? You bet he could.
This all sounds preposterous, but in a litigious society such as ours, almost anything goes.
--
Microwave and RF Components at www.ohiomicrowave.com |
|
richk_1957
If ..Then..Else
Premium
join:2001-04-11
Minas Tirith
| reply to Mellow
Personally..
said by Mellow  :
I predict 2004 as the first year we see some innocent war driver be put in federal prison under the terrorist law. I also predict we will see martha stewart acknowledge her affair with bill gates. And I cant wait to see the distance records for wi-fi this year!
I don't approve of war driving, but I guess it's natural outgrowth of the wireless technology
Your second sentence is quite funny [good god...]
However, the first one might be closer to the truth than you think. Given the mindset on terrorism (and the fact that almost anything can be label that) and the fact that that people [including the government] are bad about securing networks, a innocent war driver,may just access a site that has 'secure' information,
and may wind up in jail as a terrorist, for hacking into a network. Hacking is a defined as being a act of terrorism, and a former version of 'war driving' was 'war dialing' or 'modem scanning' that was a popular for finding unsecured networks, and was a popular hacker activity (I don't like the word 'hacker', but the media has irrevocably tarred it, so..) |
|
richk_1957
If ..Then..Else
Premium
join:2001-04-11
Minas Tirith | reply to W8ASA
Re: What worries me......
In all respects, you're right
This could open a HUGE can of worms:( |
|
Mellow
Premium
join:2001-11-16
Salisbury, MD | reply to richk_1957
Re: Personally..
My definition of innocent war driving is a person that has tcp/ip unbinded from their wifi device. |
|
geek49203
join:2000-11-25
Jackson, MI
| Yeah, right
And the people who leave an open proxy or open relay are liable for all that spam? Or we're gonna prosecute inDUHviduals who have their DSL hacked with a bug, sending out spam like the kiddie porno spam I got today, sent via Ameritech DSL subscriber?
There is no law on the other side of your firewall people... get used to it.
Tim Wohlford |
|
ctceo
Premium
join:2001-04-26
South Bend, IN
clubs: | Duh
Could somebody tell me the idiot that decided to cough up the beans that wireless is less secure, Now the pictures of my cat & poems might fall into the hands of terrorists. Tell them to IM me when they get this message, I have some words with them. |
|
J D McDorce
Premium
join:2001-12-29
Westland, MI | reply to russotto
Re: Wireless is not a defense for clueless
17 USC 512(a) only refers to Copyright Infringement and is certainly not a Get Out of Jail Free Card for those providing (intentionally or not) wireless access. |
|
doppler
join:2003-03-31
Blue Point, NY
| reply to russotto
Personal responsibility.
I am a member of the NRA. I will not leave a loaded gun
laying around for anybody to use. I use a wireless
connection. IT'S SECURE.
I can't get my boss to realize how bad it is to leave
an open connection via wireless. Things that could
happen because of an unsecured connection.
1. Lawsuit from RIAA/MPAA etc etc because someone
was out front of the business protesting RIAA tactics.
"Gee, your honour. I didn't know about those 10,000
illegal music files offered on my T1".
2. FBI/Local enforcement sting for child porn.
"Gee, your honour. I didn't know about those 1,000,000
illegal child porn files offered on my T1".
3. Getting blacklisted from every spam block list.
"Gee, I didn't know about those billions of spam messages
being passed through my T1".
Even if there is no legal standpoint. There is a point
where you must take responsibility. |
|
WeKnSmith
join:2001-08-09
Noblesville, IN
·AT&T Midwest
| reply to drjim
Re: WEP is flawed, BUT.......
said by drjim :
At least it serves as a "No Trespassing" sign...
Come to think of it, why not make your SSID "NoTrespassing".  |
|
TooLazyToLogin
@indiana.edu | reply to doppler
Re: Wireless is not a defense for clueless
Totally agree. If they had bothered to even read the manuals, they would know. And if they did read the manual and did nothing to secure their networks, shame on them. |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| I've already made my sentiments clear...
... can a thief be prosecuted for making his entry through an unlocked door? People are responsible for their actions... and leaving a 5 dollar bill on your desk shouldn't be seen as surrendering your rights to it... nor should an insecure network be regarded as a legal red carpet for cyber-trespassing.
The only complexity comes in when you consider how many legitimate hotspots there are, and it may become difficult to prove knowledge or intent, in some cases. But where knowledge and intent are clear, why should a common cracker be exculpated because the "door is unlocked?"
On the other hand, it's like any other network appliance. It's the owner's responsibility to secure it... and leaving it insecure after being constructively notified it's insecure is irresponsible, and may certainly create liabilities on the part of the negligent owner... of course, any insecure router can be exploited, wireless or wired, given the right holes and the right tools and toys. But wirelesses are more exploitable, because it's rather trivial to do the work, once an open one is found...
What we need is to work out a sound, very strong universal authentication and encryption scheme, I think... something that's a no-brainer to activate, and that raises the stakes for the cracker such that it's not so significantly easier to crack a wireless than a hardwired network.
--
The willow bends unbroken when angry tempests blow, The stately oak is levelled and all its strength laid low...Oliver Wendell Holmes |
|
Budman1018
join:2003-04-14
Camp Hill, PA
·Verizon FIOS
|  reply to doppler
Re: Wireless is not a defense for clueless
For a number of years I have been installing computers and computer networks for people who still cannot figure out how to program their VCR. Recently, some of my 'customers' have been requesting wireless networks installed. I will only install them if they agree to sit down with me and hear my lesson about basic wireless network security. I will not install a network without, at a minimum WEP encryption, and MAC filtering. The customer realizes if they do not pay attention to my little lesson about how to access the router and enter MAC addresses and WEP keys they are not going to be able to add any more computers or get back on if the network goes down. I don't install a lot of wireless because most customers don't have the time to hear me out, or they are not savvy enough to comprehend what I'm saying. Some are so ignorant they tell me to F**** off they will find someone else to do it. The majority of computer users don't care. Their computers are full of virus and malware. What's one other thing like giving a hacker a free ride on your IP. |
|
technick
Premium
join:2000-12-16
Loganville, GA
| reply to Mellow
Re: Personally..
quote:
My definition of innocent war driving is a person that has tcp/ip unbinded from their wifi device.
Well why would someone do that? Half of war driving is looking to see whats on the wireless network. Any idiot can get one of those little wifi key chain finders, and find access point after access point.
Being able to look around is half the fun. |
|
technick
Premium
join:2000-12-16
Loganville, GA | reply to schja01
Re: Just another example of "Blame Shifting"
You point out a very good point of view, and I agree 110% with your point of view. You can not be held responsible for anyone else's actions. |
|
technick
Premium
join:2000-12-16
Loganville, GA
| reply to W8ASA
Re: What worries me......
You bring up a very good point with this post. I believe it can all solved with better end user hardware, and better logs from network devices. But with this in light, it would raise hardware cost, and TCO of a wireless network. If someone has the knowledge to ghost mac addresses, you will need the technology to log this, and track where it came from. Just my 5 cents. |
|
