yx3
join:2003-07-25
Clovis, CA
clubs: 
| Best friendly hacks to warn unsecured wifi owners
Like many of you probably, I come across unsecured wireless networks all over town and country. Lots of times these free WANs come in handy and I have no desire to inform the owners that they should really lock down their networks. But other times when I come across these open networks in my neighborhood, I think it would be neighborly to at least let the owners know any passing stranger could crawl through the airwaves into their homes and cause all sorts of mischief. I've e-mailed a couple people when I've found their e-mail addresses in their router config settings. Other times I rename their broadcast SSID with something creative or goofy. But who knows if these folks ever notice that their new SSID is "Hi Neighbor - Thanks for the free WiFi Access!!!"
So does anyone here think they have an obligation to warn neighbors or even strangers that they're putting their networks and PCs at risk by not taking the most basic steps to secure their Wifi networks? Any creative ideas on how to leave friendly reminders so that people realize their network has been infiltrated by a passing stranger?
--
An American Aquarium Drinker Assasinating Down the Avenue |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| Re: Best friendly hacks to warn unsecured wifi own
I feel the same way as you do about this.
-but-
You are potentially opening yourself up to trouble in considering warning such people. History has shown that people don't always respond like you might think to a friendly warning of security problems. Quite often, people want to shoot the messenger.
This is made more difficult by the confusion legally here. Personally, my feeling is that it is the responsibility of the owner of the network to secure it. Normally, I'm not the type that 'blames' the vulnerable party... however, in this case, it's easy - very easy - to honestly, accidentally use someone else's unsecured Wireless network... and there are many that purposefully open their networks... so how is someone to know?
But that's just me (well; not just me. Many others agree with me). For now, though, that's not what the law says (pretty much nothing, is what the law says)... so, who knows.
If, however, you feel comfortable with talking to your neighbors about this, that's what I would do; talk to them, in person. Explain - and perhaps demonstrate - that you 'accidentally' used their network, and immediately stopped when you discovered it, and offer advice for securing themselves. But only do this if you know they won't take you wrong.
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!
Real politics is much more interesting! www.georgewbush.com |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| reply to yx3
Re: Best friendly hacks to warn unsecured wifi owners
If more people thought about saying something to their neighbors, it might help, but I don't think that anyone is going to do that unless they really know that neighbor and cares about them. Otherwise, the people who might warn them are the very people who are going to get free access from those neighbors, so why warn them.
I do think that it is the responsibility of any good neighbor who knows anything about anything to help out ones neighbor, but I also think that all too many neighbors don't listen to what is said about their wifi or their security.
Wy would you warn your neighbors but feel free to use other connections in other parts of town btw.? I would think it would be one way or the other. How can you be the good bad guy or the bad good guy. Seems to me that you're a walking oxymoron. |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
1 edit | Re: Best friendly hacks to warn unsecured wifi own
My guess would be it's just a general 'neighborliness' type of feeling; He's really not doing anything 'bad' at all himself, but because he feels closer (literally) to his neighbors, he feels some 'obligation' to make some attempt to help them protect themselves from others, who may not be so harmless in their use.
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!
Real politics is much more interesting! www.georgewbush.com |
|
TerryMiller
Premium
join:2003-10-23
| reply to yx3
I'd tell neighbors that I know. I wouldn't bother with the others unless you wanted to send them a postcard. I don't think the response would be very positive if you walked up to the door of someone that didn't know you and said you'd connected to their lan.
--
My family site |
|
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| reply to yx3
Re: Best friendly hacks to warn unsecured wifi owners
said by yx3  :
Lots of times these free WANs come in handy and I have no desire to inform the owners that they should really lock down their networks.
Hmmm
quote:
when I come across these open networks in my neighborhood, I think it would be neighborly to at least let the owners know any passing stranger could crawl through the airwaves into their homes and cause all sorts of mischief.
That's the neighborly thing do and also the right thing to do "all over town and country." |
|
yx3
join:2003-07-25
Clovis, CA
clubs:
1 edit | reply to jaykaykay
Re: Best friendly hacks to warn unsecured wifi own
said by jaykaykay :
Wy would you warn your neighbors but feel free to use other connections in other parts of town btw.? I would think it would be one way or the other. How can you be the good bad guy or the bad good guy. Seems to me that you're a walking oxymoron.
Good point. In general I feel it's the owner's responsibility to make sure their network is secure and if they neglect that responsibilty, I have no problem with "borrowing" some bandwidth so I can check my mail and do a bit of surfing to check baseball scores. If I knew that's all others would do if I opened up my network, I'd go ahead and leave it wide open.
Now when it comes to my neighbors I feel I have more of a responsibility to look out for them. That's still what neighbors do for each other in most parts of our country. I still consider the word 'neighbor' to mean something more than 'stranger.'
So yeah, I'm a walking oxymoron if you like. Just don't call me a walking moron! 
Anyway, this all makes for interesting conversation and I do agree that warning a neighbor can definitely backfire if you're not careful.
P.S. Bandwidth to me is something like water and becomes more so every day. We pay for water but wouldn't scream at someone who was thirsty and used our hose or water cooler to quench his/her thirst. Now if s/he decided to fill their pool with our hose, we might have some objections... |
|
jaa
Premium,MVM
join:2000-06-13 | reply to yx3
Re: Best friendly hacks to warn unsecured wifi owners
Best friendly hack is to ignore their network. |
|
Sc0tt
Kneedragger
Premium
join:2000-11-13
Stockholm, NJ
·PenTeleData
2 edits | reply to yx3
i just installed a carputer in my truck. here's the wireless access points i found at 4PM, on my 6 mile drive home from work. people need to start reading their user manuals.........
--
my BBR gallery pics
Tri-State Sportbikes forums
|
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·Cingular Wireless
·AT&T CallVantage
·AT&T Southeast
| reply to yx3
Re: Best friendly hacks to warn unsecured wifi own
Some people use firewalls, WEP, etc for security. In my part of the world some people also use Smith and Wesson. Remember what Marilla said: "Quite often, people want to shoot the messenger".
--
The man who is a pessimist before 48 knows too much; if he is an optimist after it, he knows too little. |
|
VirtualLarry
Premium
join:2003-08-01
| reply to yx3
Wow. I'm absolutely amazed at the number of unsecured WiFi nets that you found during that drive, especially with default SSIDs. Then again, I was also a bit surprised that when I installed my WLAN, that there were already two existing ones in the vicinity here. But both had WEP128 and non-default SSIDs. So I guess my neighbors must have at least some clue. Somewhat frightningly, I had been running without any enabled security, as I was still in the setup phase. I changed my PPPoE password just in case.
As for open ones, you know what I would do? Unless you have to know that person on a personal basis, other than just "in the neighborhood", I would leave well enough alone, and don't even try to access their WiFi network. Their security, is their primary responsibility, not yours (well, to an extent).
On one hand, should you go door-to-door, rattling people's door handles, to check for ones that are unlocked, and then leaving a note slid under the door, informing them of that fact? I really don't think so, and that's the analog tha the OP is suggesting.
On the other hand, overall security is a neighborhood responsibility, and if you see someone actually trying to break into a neighbors' house, do you try to stop the burglar/call the cops/etc.? That would be the responsible thing to do, I think.
But the difficulty with the existance of an unsecured WiFi comes about because the first scenario can lead to the second (actual break-in), however, the second is generally largely undetectable while in progress, at least from the outside. So the first scenario could be seen as a pro-active way to prevent the second, but it does bring up serious privacy and respect issues likewise.
Of course the third argument could be, what if they *wanted* to allow free WiFi access? I've lived in neighborhoods, in which the front door was kept unlocked, specifically in case the neighbors needed to get in.
If you really want to bring about an awareness of this issue, perhaps consider a different tact? Put up some flyers somewhere, that will be seen in the community, like the grocery store. Instead of selling something, inform them of the dangers of unsecured WiFi access. There is the slight negative possibility of that actually making curious/nosey but non-technically-oriented neighbors aware of the issue, and they might start to spy around, but any really-malicious person would have been technically-oriented and have known about the issue for a long time now, so I don't think that the negative aspect of informing is anything to worry about.
Perhaps even better than that, you could consider advertising and organising some sort of neighbood WiFi "mesh" project, to set up a "community intranet", and also, willingly, allow some non-broadband-blessed neighbors to piggy-back using WiFi for internet access purposes. |
|
yx3
join:2003-07-25
Clovis, CA
clubs:
1 edit | reply to NetFixer
said by NetFixer :
Some people use firewalls, WEP, etc for security. In my part of the world some people also use Smith and Wesson. Remember what Marilla said: "Quite often, people want to shoot the messenger".
Only in America (and some of the seedier neighborhoods in Baghdad)...
said by VirtualLarry :
On one hand, should you go door-to-door, rattling people's door handles, to check for ones that are unlocked, and then leaving a note slid under the door, informing them of that fact? I really don't think so...
This metaphor might work if your neighborhood were inhabited by folks not familiar with the purpose of keys and locks... |
|
Gohdan
join:2004-02-11
Maryville, TN
| reply to yx3
Re: Best friendly hacks to warn unsecured wifi owners
If I'm not mistaken, court cases have established that servers are private property. This leaves a glaring question as to whether this extends to routers or not, but I think it's safer to not alter other people's router settings.
The closest thing to the right thing to do is to knock on the door with your laptop ready and explain what's going on. Offer to help. That's the neighborly thing to do.
I'm not really surprised by the number of unsecured networks you found. Most of those people probably have a router because it's what the cable/phone company gave them to share connections, and don't know the first thing about what it does. |
|
Arathaen
Herding Cats
Premium
join:2001-08-06
Vancouver, WA
| Re: Best friendly hacks to warn unsecured wifi own
I think we're the rare exception (BBR members) when it comes to computer/data security. Most people treat their computer like just another appliance. The idiot box of the 21st century.
With that said, they don't know enough to lock down their computers. Locking down a wireless router isn't even in their minds. A wireless router is just another convenience. Like the remote to the television.
Until the media makes a big deal about it and it becomes more mainstream, you can tell your neighbors til you're blue in the face and most will look at you like you have 3 eyes.
Maybe I'm a bit cynical, but that's how I see it after talking with my neighbors about data security and the looks I get  |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
1 edit | reply to yx3
If I were you I wouldn't change your behaviour at all. I would probably be doing the same thing as you, as "these free WANS come in handy", perhaps checking out their mp3 collection as well. (But not sucking down too much of their bandwidth)
Read this thread before you do anything:
»www.security-forums.com/forum/vi···ghlight= |
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
·Verizon Online DSL
| reply to yx3
The days of whitehats doing good by reporting things like this, and letting people know they have problems are mostly in the past. They blame you for trying to get into their network, etc... Those IT admins don't like to be shown up, even if they don't have a clue what they are doing. These days you pretty much need to let people fall on their face if you can't alert them to the problem completely anonymously, preferably to someone other than the it department like their bosses, otherwise they usually will backlash onto you even if they are running a server known for exploits like IIS which hasn't been patched in years. This way they will take heat for not being pro-active in their stance.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
The biggest error is sitting in front of your keyboard. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to yx3
Well, this is not friendly but...
Personally I would like to commit denial of service attack against them so they could not use their net at all. Why? Because this is EXCATLY what will THEIR connection do to me and others in the net who have not done ANYTHING wrong. These morons who dont secure their computers or nets should spend that much time that they would get even the basics done on securing. If they dont bother doing that, stay out of the net. Nobody can grap a car and go driving in the highway if they dont know how to handle a car, why should people be allowed to surf in net if they dont know how to handle their computer?
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
cableb4me
join:2002-03-09
Dunlap, IL | reply to yx3
Re: Best friendly hacks to warn unsecured wifi owners
If you were my neighbor, I would thank you if all you did was notify me if my network was unsecured. BUT!, I would punch your ass out if you ever broke into my router and changed my settings... You should really think about changing your ways... |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Marilla
Re: Best friendly hacks to warn unsecured wifi own
said by Marilla :
History has shown that people don't always respond like you might think to a friendly warning of security problems. Quite often, people want to shoot the messenger.
*ding*
This is what I have called the "big surprise" of security consulting, and it's really been shocking. I used to make a lot of unsolicited security reports when I found a business open, and my reports were models of clarity, elaboration, and complete renunciation of any private interest.
About 80% were completely ignored, 10% were grateful and they fixed it, 5% were grateful and didn't fix it, and 5% were outright hostile. No less of a group than the Association for Computing Machinery, the oldest computer professional society, told me to "Get Lost" when I reported some serious problems.
It's really been a shock.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
yx3
join:2003-07-25
Clovis, CA
clubs:
| reply to cableb4me
said by cableb4me :
If you were my neighbor, I would thank you if all you did was notify me if my network was unsecured. BUT!, I would punch your ass out if you ever broke into my router and changed my settings...
Now THERE is a prosecutable crime!
--
An American Aquarium Drinker Assasinating Down the Avenue |
|
