Slashdot Mirror
War Driving To Be Protected In NH
AllMightyPaul writes "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks. Basically, it put the burden of securing a wireless network on the owner of the network and allows people to connect to open networks that they believe are supposed to be open. This is excellent news as I'm sure we've all tried to connect to one wireless network and ended up accidentally connecting to another one. Being from NH, now I can finally drive through Manchester and connect anywhere I want with little worry, but not until after January 2004, and that's if the bill passes the Senate."
...because now you can legally steal bandwidth other people paid for?
Yay theft of services!
Mac OS X and Windows XP working side by side to fight back the night.
This is what we should expect from New Hampshire
Live free or die!
Finally someone is passing the blame to those that are at fault.
So was it previously illegal? AKAIK, there are no laws against war driving, so while they may have protected this right, they didn't legalize it. Definately a step in the right direction, though.. it's so infrequent that we see lawmakers making laws to PROTECT our freedoms rather than remove them.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Where in the world is this place?
There are still real moral issues here with whether or not it's actually RIGHT to connect to other people's networks. Just because the networks are not completely secure, you're still not justified in connecting to them, specifically if your reason to connect is to abuse them.
The law has decent motivation, but it's basically saying "Go ahead and break into wireless networks, because if they're not completely secure, it's not your fault." What happens when people start snooping the traffic, stealing corporate secrets, and then claim that the wireless network wasn't secure, so they can't be responsible?
Mooniacs for iOS and Android
Shouldn't this article be on unwired.com?
Dammit!
:-b
Born 'n bred in Cow Hampshah.
Until recently, you could also drink and drive - that is, you could be sipping a beer while driving your car, as long as you were not legally drunk. Me? I prefer to get all my drinking done ahead of time so I don't spill my beer.
"No matter where you go, there you are." -- Buckaroo Banzai
The government passing reasonable digital rights legislation?
Come on, April Fool's was almost a month ago now.
Philip Sandifer's academic website
war driving lessons
Why do I h8 apple?
...it seems like you can apparently get most anything passed if you attach the word "War" to it. Even the theft of bandwidth.
For those who can't immediately infer what geographical area (or for that matter even what country) is being referred to, the article more clearly explains that they are referring to the U.S. state of New Hampshire.
-AlabamaMike (who now lives in Manchester)
Pimpin' all the Karma Hoes!
if it hasn't already, the ability for wireless access point and card manufacturers can further harden (at least within the 802.11x spec) their default configs.
a law like this can't do any harm, besides the harm that has been done (or is happening) already. it sounds like to me that this is a good thing. raising awareness around network security is always a good thing.
*well, except when it fosters more fear than actual security
And how many of those people (if any) were malicious hackers?
Why don't our legislators spend their time protecting innocent people (Skylarov, Felten, Serebryany, etc.) from laws like the DMCA that have been abused, instead of saying "hey, it's legal to wardrive, which nobody has ever been maliciously prosecuted for"?
I've set up a little Wireless LAN at home, wifey's laptop plus the PS2, Linksys, and it seems like I have to put in the an identifier for the...workgroup? Something, I forget the technical word, but I changed it from the default "Linksys" to something specific to my house...and I had to make sure everything that was connecting to the Router used the same ID.
So, setting aside that there are probably tons of home Wifi installs that still use "Linksys", and assuming lots of people don't use the encryption that requires a true password, how does wardriving work? Does it "wardial" the ID, or is my network broadcasting the ID to use? (I guess the latter is more likely)
And if I'm NOT using the password, is everything my wife is doing on her laptop being sent in the clear to the nearby neighbood?
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
I don't really see how wardriving itself could be illegal or legal, I mean, it's unethical to sniff the airwaves, but 2.4ghz is public. On the other hand, accessing the network without express permission is illegal, wireless or wired. Same goes for WEP... Breaking WEP is definitely illegal as someone is trying to protect their data and you have to break their security to read it.. Wardriving being illegal would mean that me walking with my laptop turned on downtown is illegal..
"That was your network I had Kazaa, WinMX, and Grokster running full-steam 24/7 on? I had no idea, honest. Hey, OW."
The coolest voice ever.
I don't recall the wording, but doesn't most of this equipment carry a message from the FCC that says that the device must accept any interference from other devices?
Maybe it's a bit backward, but I think that can justify your having picked up the signal; you were just accepting interference...
It won't surprise me if Comcrap starts port blocking to prevent "spamming" from open wirless acess points. Basically, turn their network into a port 80 output-only network slightly more sophisticated than a television.
The area alone the border between MA and NH is quite built up with tech firms (HP, Oracle, RedHat, etc...) - wonder if they'll be cracking down on their wireless networks? Also, what happens to someone in NH who grabs some bandwidth from MA or vice-versa?
However, if you have the ability to use someone's network "accidentally" how do you distinguish someone who is using a lot of bandwidth for an innocuous reason from someone using a little bandwidth for a protective screen? I seem to recall reading an article about SPAMmers using open links to anonymously go through SMTP sites to further propogate their "stuff"...
And if the company is running Windows and has shared network resources, where does my 100 page accidental printing land on the scale of things?
I agree that you don't want to arrest someone for browsing through "linkedsys" when they meant "linksys" (or picking up the wrong "linksys" which is probably even more likely). But I'm not sure this is the answer.
FWIW,
Ewan
What about road rage? :)
-
ping -f 255.255.255.255 # if only
I do a bit of wardriving myself.
I think that if anything, the biggest kicks I get out of wardriving is generating maps of my results.
(I do like plugging my map - shameless self promotion I guess)
While I never connect to networks, it would be nice to know that if I ever did need to access one that I wouldn't have to worry about going to jail over it. Props to the government on this one.
Remember that you are unique, just like everybody else.
I don't care whether wardriving is legal or not. I don't do it. I do, however, use my laptop--with its wireless card in, I never bother to remove it, but not with any kind of extra antenna or anything--in the car when riding with other people, occasionally. Windows has on numerous occasions thoughtfully informed me, in the middle of nowhere, that it had connected me to whatever network it happened to find.
And as long as things are set up so that connecting to the network doesn't involve anything more than just happening to be where that network is, the idea that you could be prosecuted for 'breaking into' their network is a scary one. There's often no 'breaking' involved. If I end up connected to somebody's network, and it required nothing more than a laptop configured for my *usual* wireless access, then no, it's not my fault.
If you have a wireless network and you're using it to transmit 'corporate secrets', etc, then secure the thing. People who run around purposefully trying to find other people's networks to go online from are a little slimy, maybe, but it's not 'breaking in'. It's complaining that somebody's sitting on the chair you happened to leave on the sidewalk. It may be your private resource, but you've left it sitting in public space with absolutely nothing to indicate that people *shouldn't* sit in it. And the average stranger who does is probably just resting his feet, not sabotaging your property.
when did laws start allowing you do something? Laws are generated to stop things from happeneing, such as driving over 55 (or insert designated speed limit here), or stop you from killing, raping, putting babies heads on spikes, etc. I cannot think of any law that says it is ok to do something. Therefore i believe this to be fud, a bunch a whohaa, someone is giggeling themsleves silly right now for pulling on over on /.
Just because it's legal, that doesn't mean it's ethical.
Frankly, I'm kind of appalled at this line of thinking. When did it become out of fashion to be a decent human being?
If you are driving around LOOKING for wireless networks with poor security to exploit that is not the innocent stumbling upon open wireless networks.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
A others have mentioned, NH is a nice place to live. No state income tax, no sales tax.. It is a nice place to be.
I'm seeing a lot of "the idea is good but...", but I do think it's a good idea. I read the analogy of walking into someone's house if it's unlocked and taking their food, etc, but I don't think that's the right analogy.
A better one, (which also applies in NH) is that if you're hunting in the woods, you can't be prosecuted for trespassing unless it posted "No Trespassing" or the owner comes along and tells you to leave. This keeps people who are in the woods and might not have a convenient parcel map from the town from being prosecuted because they wandered into an adjacent lot. Do note that this is not the same as walking into land that is expected to be private, i.e. a house or an office building (during non-business hours).
Just my input.
Live Free Or Die.
We're on a mission from God.
...that would legalize the innocent stumbling upon open wireless networks...
Having not read the article and freely admiting that I could care less about the legality of war-driving (personally I find the concept of going war-driving to be rather pathetic), I have to question the title of this article. I would not define driving around actively seeking open wireless networks and connecting to them as "innocently stumbling upon" them. Guess that's just me.
I'll summarize it again as I have in other forums.
- My laptop sees a signal and requests access to the network by asking for a DHCP address.
- Access point sees my request and GRANTS me a lease on an IP address with which I can access their network
- I surf using the network
- I leave.
I asked, they said YES. They could have easily denied me, but they invited me into the network when I asked if I could. There are SO MANY different ways to keep people out, that owners of AP's just have to do something to secure themselves. Shame on them if they fail to do that.
-- There is no sig line, only Zuul.
Little-known fact: Manchester, New Hampshire, has the distinction of owning the longest street in the world that is capped at both ends by dead-ends. Main St. So sayeth Guiness. No joke.
A lot of people immediately ask "well how the hell do you get on or off of it then?" It has streets coming off it, but both ends are dead-ends.
How is that for a useless bit of info?
My
Limekiller
A state that believes that ppl should be responsible for their own actions. I though that it went out of fashion over the last 23 year.
I prefer the "u" in honour as it seems to be missing these days.
How long will it be until it's overturned?
If someone says he and his monkey have nothing to hide, they almost certainly do.
This story talks about this place, but I've never heard about it before. Would somebody care to clear this up?
well it's an unlicensed band, so the FCC could care less one way or the other... other parts of the legal system might come into play but in terms of FCC they don't care much about unlicensed band if you are within the power requirements
Classify war drivers as enemy combatants!
It seems to me that this change essentially says that any network which isn't secured in any way is to be considered a public network; that is, if you find a network not using WEP or anything, you should assume that it was intentionally left open as a public resource (like people have started doing). I doubt that the defense provided for this behavior would apply to a network using even a small WEP key, though. Even if you sniff the key, it seems unlikely that you could then claim that the network's owner meant you to have the key. So, while people do have to secure their networks, they don't have to secure them particularly effectively; just well enough to block your defense.
What this law means is that, if you don't want people to use your wireless network, you have to use some sort of technological measure to let them know to stay out. This makes a lot of sense, because there's no way to find out that someone does want you to use their network.
Come on, that's like saying that if I'm allowed to enter a business with an open door, then I'm also allowed, by default, to rob the place and give the owner a Dirty Sanchez.
The law assumes that an open network was left that way intentionally (or that the owner doesn't much care). That's a very cool thing. But nowhere does it say that you are absolved of responsibility for your actions when using the network. So industrial espionage and cracking other, secured servers is still as illegal as it would be if you were doing these things from any other system.
I think we have to look at motivation here. For example, I just found out that someone in my apartment complex is running an unsecured wireless network. How do I know? Well, I was setting up my wireless PDA and noticed I was connected before setting my WEP keys. Checked the IP's and, yep, most definitely wasn't my wireless network.
Now, harmlessing stumbling upon someone else's wireless network shouldn't be a crime. I think that's part of the point here. Maliciously using someone else's wireless network, though, that's another matter. I don't think there's much debate about that.
Which brings this all to an interesting point? What about the "ignorant"? If my neighbor has no clue that he is sharing his bandwidth with the whole apartment complex, then how is my using his network anything less than theft of services? (Not counting that his ISP probably forbids it in the TOS anyway). From what I can tell from this law, it's saying that "ignorance" is no excuse, if you leave your wireless network open then anyone can use it for non-malicious purposes.
Hmm. Maybe a nice idea, but it also sounds like if I don't put a fence around my yard, anyone can come in and have a picnic!
Who said Freedom was Fair?
They paid for their connection (whatever speed that may be). You didn't - plain and simple.
That said, if you're putting in a wireless network in your house, it's in your best interests to lock it down, unless of course you want it to resemble cable access at 8PM, anywhere USA.
What about deliberate and intentional intrusions? I can understand how people can accidentally connect to a different network than they intended, but wardriving doesn't even come close.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
N.H. also legalized taking cars for a joy ride if the cars are left running in a convenient store parking lot. Give me a frickin' break... The BEST thing for gov't to do was to do NOTHING and let the courts sort it out on a case by case basis. It's like nerds are now a protected class. Please mod as flaimbait. tia.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
It seems that with every article posted on Slashdot I get a better picture of the lack of morals possessed by the average Slashdot reader.
They see no harm in taking goods and services that they did not pay for and are therefore not entitled to.
Now they see no problem with hijacking bandwidth someone else paid good money for simply because it's available over the airwaves and unsecured? Tell you what: let me know where you live so I can help myself to your water, electricity, and internet access if your door happens to be unlocked. It's not my fault if I sneak in, you were too stupid to secure your house!
Also, I don't really buy the whole "this is good, now we'll see some better security" argument. Right. You're telling me you'd like nothing better than to see ALL wireless networks secured so you can't go joyriding and stealing bandwidth? Right. A Slashdotter who doesn't want to get a free ride. Next thing you know you guys will be telling me that you'd be in favor of a foolproof scheme that protects your fair use rights for music and movies but prevents you from sharing with millions of random people.
This is really sad when you think about it. The prevailing morality among young people seems to be "screw everyone else, if it's not bolted down I'm taking it!" There used to be a time in this country when you could leave your doors unlocked because people were decent enough to respect each other's property. Not anymore, I guess.
Designtechnica.com has a fantastic article on War Chalking/driving that talks about a lot of this topic in detail.
The state would have been better served by passing a law that helps to easily identify public wireless access points. Connecting to a wireless network w/o permission is as wrong as connecting to a wired one. If I leave my office door unlocked, does that give you the right to plug into one of my data jacks? No. Granted the blame comes back to the inept admin who left the network insecure, but like many things in life, just because you can do something, doesn't mean you should.
Brian McWilliams obviously thinks this is a bad law, and he has slanted his article accordingly. I'd have thought Wired's editors would have caught this sort of thing.
First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance even though he finds the space to define WEP. Makes it sound a bit aggressive, and not by accident.
New Hampshire's existing statute says it is a crime to knowingly access any computer network without authorization. By analogy, just because someone leaves his house unlocked doesn't mean you are authorized to walk inside, sit on the couch or help yourself to the contents of the fridge. But HB 495 turns that thinking upside down, experts said.
No, it doesn't, and if you new the first damned thing about this technology you would never repeat what your (unverified) experts have told you. Walking into someone's open house and helping yourself to the contents of their fridge, is trespassing and stealing, and in showing such low regard for their personal space it becomes reasonable for them to wonder if your are a threat to safety and bodily harm. We're not talking a simple risk of data here.
What's more, if an alleged intruder can prove he gained access to an insecure wireless network believing it was intended to be open, the defendant may be able to get off the hook using an "affirmative defense" provision of the existing law.
That's not "getting off the hook." That's having committed no crime in the first place.
And here we are pandering to the fears of the masses again:
A 10-minute war drive down the main business district of Manchester earlier this month using a laptop with a standard wireless card revealed nearly two dozen open wireless access points, including some operated by banks and other businesses.
To the sadly un-geek of the world this suggests that NH is passing a law that makes it legal for hackers to hack your bank accounts. Clearly untrue, clearly flamebait.
And in closing he reminds everyone that the committee is, "...still open to arguments from anyone."
And closes with, "We want to be sure that it wasn't the case that, through trying to protect people under certain circumstances, we were opening up greater opportunity for criminal activity," said Peterson.
If Brian had wanted a decent analogy to explain WAR driving he could have used the following: It's like passing a law that claims it is legal for someone walking by on the sidewalk to let their dog drink from your sprinklers. Technically their dog is trespassing, and technically it's your water it's drinking, and technically it's allowing strangers to loiter near your house where they might become more aware of your houses security vulnerabilities. But as the lawmakers might have said themselves, "let's just get reasonable"
I like the pretty pictures in Wired, but I cannot renew my subscription in good conscience as the folks in NH are making a rare stand for reasonable behavior and a technology magazine is issuing flaimbait articles in response.
So Brian, if you're walking by my house with your wireless card in the sleeve of your IPAQ, feel free to check your e-mail and grab some headlines from
Wow, so now all spammers have to do is set up in NH, find an unsecured wireless network, and poof! Free spam! And you can't even prosecute them for it! Great!
I live in NH and now it will (maybe) be legal to do what i have for awhile now. I hope the rest of the country follows suit. --DS
Your mastery of the English Language astounds me.
The law doesn't protect war driving. NHPR has a better version of the story which states:
If an operator doesn't take steps to lock down a wireless system, he or she could find it difficult to prosecute anyone who either deliberately or inadvertently gets access to the network.
Come on people, stop reading so much into things.
M@
Krispy Cream is people
I see lots of comments here about how this law protects innocent connectivity and how war driving isn't innocent. That is incorrect by itself.
War driving is going around looking for open networks to connect to and use. The person war driving isn't necessarily connecting to be malicious and this bill (that isn't law yet) wouldn't legalize malicious connections. However, what it specifically does is designate open wireless networks as networks that you can connect to without getting in trouble. As one person said, it's like the "No Trespassing" sign. If it's there, you have to follow it, but if it's not, you're allowed to walk onto the property (for the most part, there are exceptions).
War-driving isn't malicious. You're just looking for open networks, which this proposed law will protect. Once you're on the network, you're still subject to laws regarding spam and cracking and all those other things that are already illegal.
BZZZT! WRONG. Sorry, but manufacturing and selling devices capable of intercepting cell phone conversations is exactly what we do all day.
It is not even unlawful for us to sell such a device to anybody.
It is unlawful for you to use such a device to intercept a telephone conversation without a court order, but that is YOUR responsiblilty, not ours.
www.eFax.com are spammers
If you live in an affluent area where property taxes cover it, sure. Otherwise, you could be stuck living in places like Berlin, Franklin, Pittsburgh (amongst a whole host of others) where the high school class size drops 25% a year.
But I guess if you subscribe to the notion that Darwin's theory should play itself out in education, then yeah. Everything's just peachy.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
http://www.boycott-hollywood.us/boycott_list.htm - You're Freedom of Speech
Do you mean "YOUR Freedom of Speech"? I'm not sure what "YOU ARE Freedom of Speech" means.
The old analogy of the unlocked house might be good, but not quite right. Try this analogy if you will.
A homeowner is trying to sell a house and puts out a sign saying that his house is open for tours. You can request a key at the door. Well say he finishes the open house, but leaves the sign and still gives keys to people. Is it their fault that he did not remove the sign and did not stop issuing keys?
Put that in your pipe and smoke it...
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
The article seems to shed a positive light on the NH law proposal, which places the burden of network security on the operator, and the negligence for not securing the Access-Point if they get h@x0r3d. That makes a lot of sense because it not my fault that when I walk down the street and your Access point is bombarding me with your signal. I cannot help but to receive the signal if its there. The analogy is walking around at high-noon and being subjected to sunlight, because I cannot help this unless I burden myself to apply a coating of sun-screen. That sun-screen lotion is the wireless equivalent of a firewall but the major difference is that the sun screen is there for my optional protection. It not my burden to protect myself from your spewing of wireless packets since they do not cause me harm.
;)
The wireless protocol stands for themselves, and in a court of law they would be easy to examine line by line until the judge/jury is brain dead from the tech-jargon. Not to mention the various accredited folks who can demonstrate with freely available software that WEP is more of an annoyance. MAC based filtering is weak since it is possible to spoof the mac address with most 802.11b hardware drivers. Simply bombard the AP until the ARP table refreshes with you mac as the end point that *should* be getting the traffic. The solution most folks I know use is a hybrid of various methods. One way is to make each wireless node use VPN to the router behind the AP, and use WEP (as an annoyance) on the ether. Disabling the 802.11 beacon is the first thing that should be done, else it your fault for advertising the existence of your wireless network in the first place. As I mention before, MAC filtering helps as an annoyance to would-be-infiltrators. Finally, rename your SID to anything except "WIRELESS" as many folks get on by simply looking for the default SID.
This is my advice, as a war-driver, I know all the tricks. Enjoy!
It isn't a lie if you belive it.
Is that the state whose motto is "Live Free or Die, Motherfuckers!!!"?
If someone installs a Wireless Access Point in their house and then doesn't properly secure it from someone accessing it, it is their own fault. If you left your house unlocked and went away on vacation, whos fault is it that your house got broken in? If you don't take the proper precautions and secure your network yourself, then you only have yourself to blame if someone willfully access your systems and uses them for their own purposes. I have no empathy for people who invest in this technology, but do no invest in the security that is required to protect yourself. The information is provided by the vendors for a reason, and it is the home users choice wether or not to use it. If someone has questions on how to do something, there is always someone, or something willing to answer those questions. NH has drawn a line in the sand and has sided with those who use wardriving for one reason or another, wether it be malicious intent, or like myself who is interested in seeing the spread of this technology, and how well of a grasp people have on its security technologies built in.
We are trying to get a town-wide wifi/intranet going here, anyone want to play? email keith@wolfeboro.com
Just what I want to do...tap into a network that has self-confidence and low self esteem issues...it'd be like my ex all over again...
"This food is problematic."
By turning on WEP one would be clearly signalling that the network was not for public use...
live free or die.
this is an obviously live "free."
I write code.
The whold leaving your doors unlocked & open and then people walking into your house is a bad analogy. A better one would be:
You leave your T.V. pressed up against your window, and then people walking down the street watch it.
Or...
You put a speakerphone in the middle of the street, and then yell out your window whenever you make a call... and then people can listen to your conversation, and even add some comments in.
Your definition of war driving is rather naive...
i on /0,294236,sid7_gci812927,00.html
http://searchnetworking.techtarget.com/gDefinit
"War driving is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources."
Trespassing per se was not a crime. So you can stand in someones yard or unlocked house without committing a crime. Of course if you do criminal damage that *is* a crime. Breaking and entering is a crime - entering an open door is not.
If you want to extend the analogy to hacking, if someone puts their info on a web server with default security set to "serve all files to anyone who asks", that should not be a crime to view. If you are creating a special stack-smashing packet that happens to kill version 2.78.2a of a web server, that might be another matter.
Dammit. This is an international forum, so use proper place names in the "abstract", please. Btw, the country I live in is F and the region is P-K.
Have a nice life.
I am so sick of this house analogy being applied to wireless networks. It doesn't apply because a wireless network by its very nature is ephemeral. You can't broadcast a house.
It is more akin to having a conversation with someone. If you don't want others to hear what you're saying, then find a private place to do so (in other words, secure the network).
There are people (journalists, for example) who hang out in public places and listen to other people's conversations. It is your tough luck if you decide to disclose things in a public setting, and someone overhears, regardless of their intentions. You made the mistake of saying it in public, they just took advantage of it.
Lots of people are comparing this to making it legal for someone to come into an unlocked house and eat the food.
That's a bad analogy. Why? Because there is a widely growing movement of setting up open networks that anyone can connect to. There's no widespread movement to leave homes unlocked and free food in the kitchen.
This bill doesn't give people the right to break WEP encryption or spoof MAC filtering. They probably couldn't even use it for defense if the SSID had the word 'Private' or something similar in it. The bill simply recognizes the growth of free connections and tells people that if they don't want to be mistaken for a free connection then it's their responsibility to do something about it.
There's a few unused bits in every tcp packet, "room for developement" and all.. let's just have one of those bits say "This connection is meant to be public"
-- 'The' Lord and Master Bitman On High, Master Of All
Do you lean against the wall and listen closely, or do you just just think "Oh, they're having sex" and go about your day?
Wait. don't answer.
I only ask because, as a self-indulgent, self-described individualist, I don't like the idea of being forced into sharing. It should always be voluntary, or the idea of altruism is dead.
Against Best Buy, CompUSA, Linksys or anyone selling AP's for not having huge labels saying the default settings are such that anyone can connect to the network.
Works for me...
:/)
(Too bad there aren't any tech jobs in NH
Free Mac Mini
Use WEP and MAC locks on DHCP, and make unauthorized forging of MAC addresses just that: forgery.
Perhaps this is a first step in addressing fedgov's 'issues' with open wireless networks, making net operators responsible for those networks' security and liable for illegal things happening on their (criminally) insecure net?
Wow, is that ever a refreshing story.
That is a good example of a law that puts the burden of responsibility on the person who's actually being the dipstick instead of the reverse.
I mean, you wouldn't leave the front door of your house open with arrows pointing to it and then feel violated when you have people walking around your living room. Why should wireless neworks be any different?
-brain
Plus, passive stumblers like kismet never connect to the networks in question
That's good to know. I can't keep kismet_server to stay up longer than a few seconds unfortunately. To get around the 99 logs per day limit, I setup a loop at the command line to set the log basename to be a word of my choosing plus the current minutes and seconds after the hour therefore increasing the maximum number of capture logs per day to 360,000 (60x60x100). Then, in between restarts, I grep the SSIDs out of all the log files and sort | uniq them into a text file.
Why does this matter? I don't know really.. maybe someone knows how to stop it from crapping out every 10 to 20 seconds..
Intelligent Life on Earth
Yes.
"This equipment compiles with part 15 of the FCC rules. Operation is subject to the following conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operations." (Back of computer)
-uso.
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
I go to SNHU in Manchester and will be spending the summer living on campus since I got an internship in the area. Looks like I will have to go searching for places where I have internet access.
BTW, that cafe called Fusion is great. Nothing like doing research for a paper with my laptop while having a coffee.
How are we going to catch terrorists now!?!??
That is all.
You shouldn't have attacked Slashdot's userbase because the readers are the moderators and vise versa. While you're being mod-raped for it, you still made a good point.
I have a wireless access point at my home and I've helped set up a few wireless networks. Yes, I enabled 128 bit WEP encryption. I imagine if the people I had helped set the network up had done it themselves, they would not have known about enabling encryption, even though none of them wanted unauthorized users on their networks.
If you want to sniff out the presence of wireless networks, fine. I have no problem with that. However, when you start trying to use someone else's bandwidth that they did not give permission to use, you are stealing.
Let me restate that... You are STEALING. We are not talking potential loss of profit for something you probably wouldn't have purchased anyway, as is the case with software or music piracy, but ACTUAL STEALING. The bandwidth you are using is no longer available to the intended users of the network, and if the owner of the network is paying for metered bandwidth, it's just the same as walking in and commiting a robbery!
It does not matter that the access point hardware is responding to a DHCP request, the permission needs to be given to you by the owner of the respective network. This is just like saying "I walked up to the grocery store, the electronic doors saw I was there and opened - so I let myself in and took whatever I wanted without paying."
This law was not needed and I am glad I do not live in NH. We already have a way of eliminating confusion over the difference between public and private resourses - signs. If a restroom is public, you put up a public restroom sign. If a network is public, put up a sign. "Welcome to Rick's Coffee House, public wireless access on SSID: rickscoffee" If there's no sign, assume the network is private and don't use it.
That's smart, but smarter would be to classify a WiPOP as an attractive nuisance, just like a swimming pool. Thus classified, the owner of a WiPOP would not only be responsible for securing it, he'd be liable for any damages due to failing to reasonably secure it.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
At the risk of being a troll....
...I must say I don't have an opinion either way on the bill...
...opening up greater opportunity for criminal activity.
That's surprising. It's hard to imagine that you could be at all familiar with a non-technical perspective and not know how incendiary were the images you used.
I wouldn't have imagined that you would have gone into the history of War Games style auto-dialing to explain "war driving"'s hacker origins, but the "bacronym" Wireless Access Recon. or some other indication that War (in this case) wasn't (as your link points out) "a battle," a "military operation," an "active hostility" or an "open armed conflict." would have been much appreciated by those of us who use this technology and aren't looking for conflict.
When you repeat something that is simply farcical, and end it with, "...experts said." That's not the same as saying "opponents of the bill claimed." Without stating what makes these people expert, or who they are, many would take this to imply that you believe they were experts. And by extension, that their opinions have some merit to you.
I would be very interested to know your actual opinion. What would be a good analogy to the physical world as to the actual impact of War Driving? I like the dog drinking from the sprinklers, as it highlights the pettiness by which someone would begrudge a few thousand free packets of Internet surfing or a few thousand grams of water (which is worth more in some places) to a passerby. What do you think?
This is what (when I read it in my non-techy persona) I get from the article.
War Driving
Just like being... authorized to walk inside, sit on the couch or help yourself to the contents of the fridge
New Law Lets'm "off the hook"
They can get into banks
Committee still open for opinion
I'm delighted by the suggestion that this interpretation of your article may have not been your intent, but if you give your article to a decent sample of people who are intimidated by these new technologies, I think you'll find their opinions to closely match mine, that this is a soft battle cry to fight those stupid lawmakers that are endangering our computers and checking accounts.
I live on a dead-end street which connects to another street with two dead ends at one end. Twin Circle Drive forms a 'T' There are six houses along the top and four more on both sides of the slope uphill. Here in New England, I would not be surprised to hear of streets with three or four dead-ends. Worcester, MA better known to natives as Woostah, has a Main street that ends in a dead end near the city center. You just have to love Yankee city planning! And, uh you can Wardrive there, too. I'm still on-topic, right?
http://en.wikipedia.org/wiki/Signature_bloc
Who gives a shit if you're on-topic. We're talking. =)
"Welcome to Woostah! That'll be a dollah twentee fyve." - Tollbooth Willie
My
Limekiller
I nominate the criminal taking advantage of the unlocked door.
Leaving your door unlocked is not a legal invitation for Joe Random to come in.
Is it a big mistake to leave your door or network unlocked? In many places, yes [unfortunately].
The flip side of the coin is that there are people not only wardriving, but silently sniffing, and not returning any indication that they are doing so. They don't hop on networks and use them, they simply sniff, grab passwords/etc via clear-text sniffing, and archive what they find. Completely untraceable unless you happen to be the FCC. These are scary times.
Also, one may lock down their wireless today, but someone can be archiving that encryption, then wait on it until it *is* crackable via later exploit or brute force is available. (crackable via later exploit being more likely) In general people's passwords 3-5 years ago (and 3-5 years from now) are pretty much still in use today.
These are very scary times.
fslg503-985-8686503-985-8686503-985-8686503-985-8
Why assume that sites with unprotected APs aren't unprotected precisely because they want to let visitors use them? We let our visitors use our 802.11b access points, and I have been at several sites that returned the favor. There isn't much risk if the AP is placed outside the firewall and port 25 is blocked.
I'd like to see a "community access" option in APs that would allow non-WEP access only to the Internet on the far side of the firewall, and would regulate total bandwidth consumed. That would let sites without an easy way to connect there APs outside the firewall to offer access to visitors. Visitors might like internal access to print, but we don't allow that. It is a good compromise.
I don't think much of argument by analogy, but our 802.11b infrastructure costs less than our drinking fountain, and we even let strangers use that.
War Driving
...opening up greater opportunity for criminal activity.
Just like being... authorized to walk inside, sit on the couch or help yourself to the contents of the fridge
New Law Lets'm "off the hook"
They can get into banks
Committee still open for opinion
Hmm. I guess you missed these other highlights:
operators of wireless networks must secure them
New Hampshire's proposed wireless law was hailed as "enlightened"
A variety of techniques can deter, if not eliminate, unauthorized access to wireless networks
the goal of the proposed law is to protect those who innocently stumble upon insecure wireless networks
FWIW, I like your sprinkler analogy. I also like another one that someone else pointed out: that the proposed law is akin to New Hampshire's rules about posting "No Hunting" signs on your property.
B.
I'm not saying as a mark of security, but as a thing which can default to true without bothering anybody. There's no standard way of saying "This connection is only meant for authorized users"
In reality, it should be illegal to tap in to a network that doesn't have something specifically saying "This is for everybody"
Just because you leave your door open doesnt mean that anybody should just be able to walk in. Everyone here seems to care nothing for protecting the ignorant. We don't have to do anything to protect them, we don't have to go out of our way to do so at all, but how hard would it be to come up with some standard which says "This is an open network, and it's okay to tap into it"?
Anyone who disagrees with things that I say is a fuckhead.
-- 'The' Lord and Master Bitman On High, Master Of All
A number of posters here seem to think that a network is "open" when they guess that the password to access has been left as the default.
To my way of thinking, that means the user does NOT intend for others to use their network. An open network would not require a password.
It does not strike me as moral, and it should be illegal, to access a network that is not CLEARLY open. Simply guessing the password should not grant one unrestricted, legal access.
Many admins intentionally place the wireless access points outside their firewalls. This is indicative of a good admin who only allows access through the firewall/vpn. There is nothing wrong with doing this. A side effect is that anybody can use the access point for public internet access, wich is not a problem either, since pretty darned few people use these things.
Actually I think we have. Open frequency, not WEP, no firewall/protection of any kind. This defaults to a standard. I do not get into these networks. Quite frankly I have better things to do. But progmatically speaking would be very difficult for you average detective to get anywhere with this case.
Unnoticed in the USA Patriot Act is the fact it has effectively made the harmless hobby of trainspotting - the recording of different types of train engines, cabs, and cars - illegal in the USA.
So we can now drive around and spot open connections if this house bill passes, but people will still be treated as outlaws for watching trains.
> --- All Of The Above --- >
Here are the technical parameters:
802.11 channel: 6
SSID: RickNet
IP addresses via DHCP, or if you want static, use 192.168.1.30, DNS server 192.168.1.1, gateway 192.168.1.1
Encryption is usually not enabled, but if you want, the key is 6036596363. If it's something else, that means I don't want anyone on my network.
I've also given out enough information that anyone who wants to get on my network is able to. If you can't figure out my general location from the information above, then I don't want you on my network anyway.
--RickTheWizKid
Finally, something that makes sense comes out of the government. This is a free country, so you should be free to do anything, as long as you don't deliberately harm someone, and if you don't want people getting into your networks, then secure them for cryin' out loud!
I live in Manchester, and have to say I'm all for this concept. I've also got three WAP's in my apartment and will be dedicating one as filtered (and possibly use limited) net access to anyone that happens by. Of course, being on the third floor of a building in the Sunset Ridge apartment complex may make it a bit difficult to connect to... but the point is, I'll make something available. Hell, it's available now. I think laws like this will protect people taking advantage of one of the more -fun- aspects of current-day networking.
However, I do think there is a missing link in the mix for true wireless sharing with some level of protection and security for the operator. I'd like something, preferably Linux based of course, that'd let me see all the people connected to the wireless network by IP and MAC, and possibly have some form of operator-paging request for access system. Anyone game to do it?
My own pointless vanity vintage computing page
"War Driving To Be Protected In Nethack"?
Hmm... Too much Nethack for me tonight...
As far as your personal files being up-for-grabs, wouldnt it be nice of us if we defaulted to "leave it alone" instead of "party at 3992 LaVista Drive for a 300meter radius!"?
Having no protection is just stupid, it's not an explicite invitation to do whatever you want.
-- 'The' Lord and Master Bitman On High, Master Of All
It's so the law or agencies can war drive and snoop networks. Also, don't be suprised to see MPAA/RIAA vans cruising your block sniffing for victims.
I am not disagreeing with you. It should not be an invitation. Be that as it may, the 802.11 specification is flawed in that it did not contain anyway to inidicate the network is not open except to at least use the WEP security. As I said before according to the technical specs the only way to indicate I am an open network is to simply leave security turned off. This is the way the technology works. If you do not use at lease the WEP security, which then needs to hacked even if it is easy you have indicated I am an open network. As I have also said I do not war drive, I pay for my internet connectivity, have an 802.11a/b network at home ahd have security in place. I take the responsibility of providing a reason for the authorities to react if something happens. Americans (yes I am an american) think that the laws are a free ride to be lazy and stupid. In this case they are simply either too lazy, stupid or cheap to actually protect themselves in any way. They have not only not locked the house but have opened the door placed the contents on the driveway and placed a big sign with "steal it, I dare you."
If the Gov. paid any attention to this, they would have to conclude that 90% of Gov. is illegal.
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
for those of you that would like som background on bmcw, the nice people from phc has some: http://phrack.efnet.ru/eyeball-bmcw, http://phrack.efnet.ru/pr/pr3.txt
I asked for an ipaddress with DHCP, and it gave one to me. Therefore I got "permission".... To get back to the crappy house analogy. Its like this: I knocked on the door (DHCP), and you let me in. (gave me address). DHCP gave me a default gateway as well. So when I pull up slashdot, I'm not stealing bandwidth. I gave my request to the gateway, the NAT server then routed the packet to slashdot, and gave the response to me. This is like I asked you to turn the tv on for me, and you said, "OK", and walked over and turned the tv on. Therfore I didn't steal anything. If you didn't want me to do any of this, than thats your fault for obliging :)
Since the guy used DHCP to get the IPAddress, and you gave him a gateway address, and provided NAT translation, it would be more like:
You were sitting at the side of a road in your car, a guy came buy, knocked on the window, and asked for a ride to the library, and you opened the door, and said sure no problem. Then you dropped him off at the library. are you then going to the police station to press charges against him? How was he supposed to know you didn't want to do that?
When you got hired you were given an employee hand book, which said you can't dl porn. If I'm sitting in a park, and happen to connect to your wide open network, and get a DHCP address, there was no TOS as you put it.
/. in a park, your equipment in effect, grants my request, by NAT translating my HTTP session, forwarding my DNS query for slashdot.com, etc etc. So yes, I WAS given authorization.
And having an address is giving you permission to send IP traffic. Since your gateway is also doing NAT and DNS resolution/forwarding, when I ask for
How am I supposed to know that you didn't mean for me to have net access from the park?
A lack or an authorization system is the same as authorizing everyone right? :)
:)
:)
And your analogy is a bit off. Yes, they buzzed you in when you got that IP address. But when you dind't rummage through their documents. You asked for something to read, and they handed you something to read. If they hand you their financials, instead of people magazine, than its their own darned fault.
You see, when you got that IP address, and you use the internet, you are still going through their NAT translator, and using their DNS forwarding mechanism. You are not rummaging through anything, you are always "asking" and they keep giving.
If you must, and don't think what I said is true, then the documents you read, were the ones sitting on the table in the waiting room. What they put there is their responsibility