 RayW
Premium
join:2001-09-01
Layton, UT
clubs:
1 edit | Wonder what type of enforcement? And what level of security is minimal? Fort Knox or home user?
edit: I know they point out firewalls, but that was stated as an example, not a requirement.
--
I am not lost, I find myself every time. | |
|
 | 
rf_engineer
join:2003-08-04
USA
| Re: Wonder what type of enforcement? And as anyone with a clue knows, even firewalls aren't a foolproof solution. What about the moron that configures an any-any rule so they can get something to work? How will the police enforce this? A port scan!!!??? ROTFL 
I'd have more respect for this county if they decided to pass a law to castrate people that give personal information in response to phishing attach emails or answer 419s. | |
|
| nguyen27
join:2003-05-14
Quincy, MA | Does the politicians know how to secure their own hotspot at home? I doubt that. Leave the companies alone, it is their responsibilities and their choice of open or closed hotspots. | |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| It may help? It may help a little, but most of the security measures for Wi-Fi are not that great anyhow?
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ | |
|
N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
 ·Verizon FIOS
 ·Verizon Online DSL
| Must be an election year... Must be an election year. I agree unsecured hot spots can be a problem, but where does the county think they draw the authority to regulate Wi-Fi devices. I say they don't have the authority, and if passed, this would be an illegal ordnance.
Another example is a small town in PA that passed a local ordinance against driving while talking on a cell phone. Technically, the law is illegal because the legislature writes the vehicle code, and the township does not have the authority to do so.... | |
|
rf_engineer
join:2003-08-04
USA
| IANAL ....but I don't think they have any jurisdiction as unlicensed wireless spectrum and devices are federally regulated. Also, how do you define "poorly secured"? Considering the vulnerabilities with WEP, a WEP-secured access point could be considered "poorly secured." To me this legislation reeks of a local politician wanting to get some airtime. | |
|
|
| 
JamesPC
join:2005-10-12
Orange, CA
| Re: The County has NO Jurisdiction here. if they are really worried about the integrity of the wifi network they should go right to the source. The manufacture, if the county really wants to get something done and not just 15 minutes of fame (which we know it is), they will tell the manufactues to make more secure devices. But they wont do that because why....THEY WONT MAKE MONEY | |
|
|
| 
Don Michael Corleone
@199.5.x.x | pols in Westchester County = Frankie Pentangeli "the old man had too much wine" | |
|
|
N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
·Verizon FIOS
·Verizon Online DSL
| Re: Big Man 12K a year?
Dear god man, that's INSANE.
I live in SE Pensy, and I thought my property taxes were bad. I'm dropping about $4,000 a year for a very average 3 bedroom ranch.
I live right on the PA/DE state line, and a house like mine in DE would be about $1100/yr in property tax... | |
|
| | 
koam
Pink Pecker
Premium
join:2000-08-16
East Puddle
clubs: | Re: Big Man I have 1.5 bathrooms and a small kitchen. | |
|
Pictor Guy
join:2004-06-21
Sammamish, WA
| lol This is another example of politicos creating laws about things they don't understand.
Question, can a hotspot be secure without WEP/WPA and no MAC filtering? How are they going to police the corporate sites that depend on other rules and VPNs without trying to crack into the site?
I would think Westchester County would have more important things to worry about. | |
|
| |
| 
Maarvin
Premium
join:2005-04-11
Denver, CO
 ·Comcast
1 edit | This is another example of legislators having just too much time on their hands. New laws of this type are completely useless. For instance, how would you enforce it? Would Starbucks have to shut down their Wi-Fi gear? This is absolutely ridiculous. If Joe Smith has decided not to secure his Wi-Fi router, then that is his problem and his choice. Don't make it the problem of the local law enforcement. I am having a difficult time envisioning the town sheriff cruising the streets with a laptop searching for unsecured router offenders. Give us a break! | |
|
Dirtyping
join:2001-10-30
West Haverstraw, NY
1 edit | Make it a state law It is one thing for home users to leave thier Wi-Fi unsecured but businesses that use wi-fi to transact your personal/credit card over unsecured wi-fi is insane.
This law should be implemented at the state level. I just see it now special wi-fi police cars and uniforms. Now that would be a fun job.
btw - think of it as a store owner taking your credit card and private information and putting it on a bulletin board in the alley or behind the store. (where you normally do not see it but where all the bums and criminals hang out). | |
|
| Pictor Guy
join:2004-06-21
Sammamish, WA
| Re: Make it a state law said by Dirtyping  :It is one thing for home users to leave thier Wi-Fi unsecured but businesses that use wi-fi to transact your personal/credit card over unsecured wi-fi is insane. I don't know about you but I don't think there are many businesses that use Wi-Fi for anything other than roaming laptops. | |
|
| | Dirtyping
join:2001-10-30
West Haverstraw, NY
| Re: Make it a state law said by Pictor Guy :said by Dirtyping :It is one thing for home users to leave thier Wi-Fi unsecured but businesses that use wi-fi to transact your personal/credit card over unsecured wi-fi is insane. I don't know about you but I don't think there are many businesses that use Wi-Fi for anything other than roaming laptops. As long as they are not transacting 3rd party business then it should not be an issue. I would only like to see the government involved in cases where blantantly open wi-fi networks where customer information can be had. For example in cases where someone popped in a wi-fi router into a store network. | |
|
| gpancner
join:2001-09-27
Nine Mile Falls, WA | Re: Make it a state law= Job Creation Look for new need of TAXPAYER funded jobs, filled by unqualified "workers" in constant need of annual pay raises and improved "benefit" packages. And all the workers need to do is remember to vote early - vote often. | |
|
| 
G_Poobah
join:2004-01-17
Schenectady, NY
| Re: Make it a state law I disagree. Much like the so called 'identity theft' and 'war on terror', causality is NOT equal to result.
Wifi has NOTHING to do with stolen credit card data. The punishment should be to punish businesses that loose credit card data. Wifi has nothing to do with it. Focusing on 'an issue' is not the way to solve 'the problem'. Focus on the problem (vendor not protecting data).
Now, how in the world do you possibly associate an open wi-fi with posting the credit card numbers on a bulletin board? The fact that someone has an IP address on a network in NO WAY guarantees them free access to all the data. Ever heard of login credentials?
--
Grand Poobah | |
|
| | Dirtyping
join:2001-10-30
West Haverstraw, NY
1 edit | Re: Make it a state law said by G_Poobah :The punishment should be to punish businesses that loose credit card data. Once credit card information is stolen you be lucky to find how and where the data was stolen from.
said by G_Poobah :Now, how in the world do you possibly associate an open wi-fi with posting the credit card numbers on a bulletin board? The fact that someone has an IP address on a network in NO WAY guarantees them free access to all the data. Ever heard of login credentials? These same people that do know enough to secure their wi-fi are these same people that typically use no or unsecure passwords. You would be suprised how many businesses do not use passwords on their PCs and servers, or they leave their router password as 'password'. | |
|
| | |
G_Poobah
join:2004-01-17
Schenectady, NY
| Re: Make it a state law "Once credit card information is stolen you be lucky to find how and where the data was stolen from." Ok, and your point is? The problem is the data was stolen. By your own definition, you can't tell where and how it was stolen. You logical argument is fallacious.
Read up on Monty Python and the Holy Grail (the witch part). (the fact that she weighs the same as a duck means she is a witch?)
»www.rit.edu/~smo4215/monty.htm#Scene%205
"These same people that do know enough to secure their wi-fi are these same people that typically use no or insecure passwords". I disagree completely. The VENDORS ship the wi-fi unsecured. No modern OS that I know has a 'no password policy' by default. Again, fallacious argument.
--
Grand Poobah | |
|
| | | | Dirtyping
join:2001-10-30
West Haverstraw, NY
| Re: Make it a state law said by G_Poobah :"Once credit card information is stolen you be lucky to find how and where the data was stolen from." Ok, and your point is? The problem is the data was stolen. By your own definition, you can't tell where and how it was stolen. You logical argument is fallacious. Read up on Monty Python and the Holy Grail (the witch part). (the fact that she weighs the same as a duck means she is a witch?) » www.rit.edu/~smo4215/monty.htm#Scene%205 Go back and read. You made the statement "The punishment should be to punish businesses that loose credit card data."
That is not possible without knowing what company lost the credit card data. Therefore secure the wi-fi networks to prevent data from being stolen. Simple logic. Perhaps you watch too much Monty Python.
said by G_Poobah :" "These same people that do know enough to secure their wi-fi are these same people that typically use no or insecure passwords". I disagree completely. The VENDORS ship the wi-fi unsecured. You completely disagree then write "The VENDORS ship the wi-fi unsecured.". Therefore agreeing with me in the next sentance. Definitely too much Monty for you.
said by G_Poobah :" No modern OS that I know has a 'no password policy' by default. Again, fallacious argument. Windows file sharing, anonymous logins, guest accounts with full access, etc.
Not too long ago I was at a company where they were very strict on IT security. They had their HQ corporate IT team of security experts meet with all the divisions and present their phone book size handbook. Meanwhile I was able to traverse all their corporate HQ servers which included payroll and financial records via anonymous ftp.
Now considering the size of the company all it would have taken is one unsecured wi-fi router to gain access to it. This is with people that are supposedly prepared. | |
|
| | | | |
G_Poobah
join:2004-01-17
Schenectady, NY
| Re: Make it a state law "Therefore secure the wi-fi networks to prevent data from being stolen."
That is a fallacious argument. Securing the wi-fi does NOT mean the data is secure. Credit card data has NOTHING to do with WI-FI. Your assertion that securing the wi-fi makes the data secure is the fallacious argument (much like saying that a duck weighs as much as a witch, therfore, if we eliminate all ducks, we eliminate all witches is a fallacious argument. They have NO RELEVANCE. A secure wi-fi vs. an insecure wi-fi has NO BEARING on the security of credit card data.
You should study logic more...
"No modern OS that I know has a 'no password policy' by default. Again, fallacious argument."
Please point me to ANY documentation that shows that default FTP access on any machine gives you root access? It DOESN'T exist. Unsecured networks are based on POLICIES setup by the IT department. Where does wi-fi fit in? Sure they are dumbasses to setup insecure wireless, but wireless access is not related to dumbass security policies.
The bottom line is that securing wi-fi is no guarantee that your credit card data is safe. They are unrelated.
--
Grand Poobah | |
|
| | | | | | Dirtyping
join:2001-10-30
West Haverstraw, NY
| Re: Make it a state law said by G_Poobah :"Therefore secure the wi-fi networks to prevent data from being stolen." That is a fallacious argument. Securing the wi-fi does NOT mean the data is secure. ....................The bottom line is that securing wi-fi is no guarantee that your credit card data is safe. They are unrelated. Sure they are dumbasses to setup insecure wireless, but wireless access is not related to dumbass security policies. The problem is not with security policies it is with most companies having dumbasses not following security polices.
Prior to Wi-Fi this typically has not been a problem and your data is usually still safe since in most cases someone would still need access to the facility in order to steal it. That is unless you add an unsecured WI-FI gateway.
It is no guarantee your data is safe but the implications of not securing it are huge. | |
|
|
|
SCCutler
join:2001-02-22
Dallas, TX
| By What Authority? Fundamental issue is this: the county lacks jurisdiction over this issue,anyway. Use of EM spectum is a specifically-allocated federal power.
"Security concerns" is thin veneer of window-dressing to conceal an effort by local phone, cell & cable providers to cut down on what they perceive as competition for revenue.
Follow (as always) the money. | |
|
| 
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
·Comcast
| Re: By What Authority? said by SCCutler :Fundamental issue is this: the county lacks jurisdiction over this issue,anyway. Use of EM spectum is a specifically-allocated federal power. "Security concerns" is thin veneer of window-dressing to conceal an effort by local phone, cell & cable providers to cut down on what they perceive as competition for revenue. Follow (as always) the money. They aren't trying to control WiFi spectrum use and the FCC and federal power is totally besides the point.
Whether they have the legal power or not to control business practices is another issue outside of any FCC involvement.
--
--
Join Red Room Forum
My Web Page | |
|
rradina
join:2000-08-08
Chesterfield, MO
| This is B.S. I don't doubt we need to raise awareness and get these issues resolved.
HOWEVER, the Payment Card Industry (PCI) (Visa/MC/Amex/Discover/etc.) is taking steps to audit retailers. It's very much a SOX-like compliance process. It forces firewalls, WPA/WEP/rotating keys, encryption of customer data using strong encryption methods, regular intrusion audits, intrusion detection, change management policies. Hell, it even has a paragraph that deals with deletion of credit card data from a disk and ensuring that the data cannot be recovered after it's deleted.
Let the industry police itself. The government simply doesn't need to get involved. Besides, if the government makes it a law, who is going to police this? Exactly, they'll need more money and raise your damn taxes to pay for it. | |
|
| fiberguy
My views are my own.
Premium
join:2005-05-20
| Re: This is B.S. said by rradina :Let the industry police itself. The government simply doesn't need to get involved. Besides, if the government makes it a law, who is going to police this? Exactly, they'll need more money and raise your damn taxes to pay for it. The industry has done a great job doing that! Hell, they can't even protect their own back yard much less their merchants. (CitiBank anyone? How many numbers did they loose again?  )
Not all laws made have to be "enforced" by law enforcement. Government and the laws do have to exist in order for the individual to bring action on their own when these types of things do happen. These laws, if enacted, would simply give more teeth for biting into those that don't follow rules.
Personally, I would like it if credit card numbers were not allowed to be stored at all. I would like to see a process it and loose it method be in place as it should have been all along and if there is need to refer to the transaction later, they'd use the merchant and approval code number. Merchants have no need to store credit card information in the first place. They do so for their own convenience.
I don't know the whole issue behind the sudden need to make another law, but I do agree that it's probably an election time issue. I am surprised he didn't call for a ban on gay marriage though. lol | |
|
| | rradina
join:2000-08-08
Chesterfield, MO
| Re: This is B.S. I work for a large retailer with multiple banners. Some of our retail locations use a payment system that also provides daily settlement with a bank (around 280 stores). These locations don't need to store the card number. The authorization number is sufficient to reference disputed transactions. However, our payment processor does store the card number.
Some of our other locations (around 150 stores) use a different POS and they are not as automated. We must store the credit card number and provide these numbers on a settlement feed to our settlement bank. In these locations, we certainly don't store the card number for our own convenience.
Should we change to the method that does not require us to store the card number? Yes but that would cost us millions since we have to replace the POS terminals and back office controllers.
To become PCI compliant, we are investigating upgrading the software on the terminals and hiring a Colombian software firm to integrate the systems with a different payment system. The cost of this approach should be less than replacing the POS but it's still nearly a million dollars. However, we must do this to become PCI compliant since continued storage of the credit card number subjects every store to a strict audit which we would like to avoid.
As you can see, the industry is doing something about this and more government isn't necessary. Perhaps if the NY politician did some research, he would be more aware of what's already taking place within the industry. | |
|
Ga Dawg
join:2003-09-11
Marietta, GA | Outlaws When unsecured wi-fi is outlawed, only outlaws will have unsecured wi-fi. | |
|
|
koam
Pink Pecker
Premium
join:2000-08-16
East Puddle
clubs: | Re: Outlaws that's a good one. | |
|
Primis1
join:2005-06-13
Coldwater, MI
| You Know What... ...I can't find fault with this.
Is it perfect? No. Are their motives 100% pure? Probably not.
But I can't come up with one good reason that commercial wifi hotspots should be left unsecured. And to be honest, there's no reason at all residential ones shouldn't have at least one layer or step of security as well.
Wide open AP's can be good things, but they're becoming a problem more and more and if this is the sort of thign it takes to kick some people in the butt to secure theirs... good for them I guess. | |
|
| |
runingamuck
| This is when Politicians RUN-AMUCK! If security of the 'unbewitting' users is at stake here, then the only thing they COULD really do is to REQUIRE that a sign be posted about cautioning the 'sending of sensitive data' over the network, but a law telling people what they can and CAN'T do with equipment and servies they pay for?!?!? WTF, I'd think something this STUPID and smacking of big brother would come out of washington dc, or hicktown (pick ANY republican southern state), usa. | |
|
| ReneM
join:2003-07-18
Cockeysville, MD | Re: This is when Politicians RUN-AMUCK! Why is this stupid. Small business have access to customer credit card information (and a few other infos as well) and i want that secured. If they are not willing to do so by common sense then a law has to be passed. period. | |
|
RayW
Premium
join:2001-09-01
Layton, UT
clubs: | What party is he? He sounds like a Democratic. | |
|
|
rf_engineer
join:2003-08-04
USA
| Re: What party is he? How so? I could see a Republican or Democrat proposing this as most politicians are technologically clueless. A Republican could argue open wireless access points are bad for business and bad for the economy. A Google search on Spano seems to indicate he's a Democrat, btw, I'm just curious as to your line of thinking. | |
|
| | RayW
Premium
join:2001-09-01
Layton, UT
clubs:
·XMission
| Re: What party is he? said by rf_engineer :How so? I could see a Republican or Democrat proposing this as most politicians are technologically clueless. A Republican could argue open wireless access points are bad for business and bad for the economy. A Google search on Spano seems to indicate he's a Democrat, btw, I'm just curious as to your line of thinking. Just found it, he is a democrat. He just sounded like one from the politics in my town.
--
I am not lost, I find myself every time. | |
|
| |
koam
Pink Pecker
Premium
join:2000-08-16
East Puddle
clubs: | he's an idiot. | |
|
| |
an0n
@reachone.net
| bah why not make a law prohibiting any sensitive information, such as SSN, credit card info etc etc not be accessible via an unsecured connection such as WIFI or anything else if they are so concerned about identity theft. This would make more of a difference than some law saying no unsecured APs, if they're too lazy to care about security in the first place, what makes you think they are capable enough to secure it? | |
|
|
Yeah About time
@susc.susc
| Re: bah Amazing,I work in that area by the county office. And it took 2 years I guess to finally tick them off because there has been an open WIFI system that everyone ends up on in the area of where the westchester county offices are located. Is it a good idea to create a law to secure systems that I cannot answer. But knowing the spoiled brats in the westchester county office I think the real reason is that it must cost them alot of wasted time because their computers must keep locking on to it, maybe because most of them are running open WIFI them selves. | |
|
woody7
Premium
join:2000-10-13
Torrance, CA | hmmmm....... you get what you pay for....or....maybe some stuff you shouldn't do at a hot spot?
--
BlooMe | |
|
WestVillageEastCkr
| not to mention You know what will happen, if they do acutally pass this unnecessary law, a news person(s) will do a story on finding government based hotspots which are 'wide open' and exposing potentially sensitive information about the public... one should look in one's own closet for security problems before playing big brother to the public. The best they can hope to accomplish is a public 'education' campaign... for people to be smarter about the use of wifi... that's about it. Anything else is just a waste of good tax dollars. Did I mention the 'use it or lose it' proposition of useless laws-- if they don't spend your tax money on stupidness they can't keep it and have to return it to you before they can ask for 'MORE' money? Its true, look it up! | |
|
|
|
|
Westchester County to Ban Unsecured Wi-Fi?
·
·
Hillsboro, Oregon USA
Secure WiFi law wrong tack; need secure data law