Slashdot Mirror
War Driving To Be Protected In NH
AllMightyPaul writes "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks. Basically, it put the burden of securing a wireless network on the owner of the network and allows people to connect to open networks that they believe are supposed to be open. This is excellent news as I'm sure we've all tried to connect to one wireless network and ended up accidentally connecting to another one. Being from NH, now I can finally drive through Manchester and connect anywhere I want with little worry, but not until after January 2004, and that's if the bill passes the Senate."
This is what we should expect from New Hampshire
Live free or die!
Yes, if they are stupid enough not to secure their network.
So was it previously illegal? AKAIK, there are no laws against war driving, so while they may have protected this right, they didn't legalize it. Definately a step in the right direction, though.. it's so infrequent that we see lawmakers making laws to PROTECT our freedoms rather than remove them.
Everyone is entitled to their own opinion. It's just that yours is stupid.
Where in the world is this place?
There are still real moral issues here with whether or not it's actually RIGHT to connect to other people's networks. Just because the networks are not completely secure, you're still not justified in connecting to them, specifically if your reason to connect is to abuse them.
The law has decent motivation, but it's basically saying "Go ahead and break into wireless networks, because if they're not completely secure, it's not your fault." What happens when people start snooping the traffic, stealing corporate secrets, and then claim that the wireless network wasn't secure, so they can't be responsible?
Mooniacs for iOS and Android
Shouldn't this article be on unwired.com?
The government passing reasonable digital rights legislation?
Come on, April Fool's was almost a month ago now.
Philip Sandifer's academic website
war driving lessons
Why do I h8 apple?
...it seems like you can apparently get most anything passed if you attach the word "War" to it. Even the theft of bandwidth.
For those who can't immediately infer what geographical area (or for that matter even what country) is being referred to, the article more clearly explains that they are referring to the U.S. state of New Hampshire.
if it hasn't already, the ability for wireless access point and card manufacturers can further harden (at least within the 802.11x spec) their default configs.
a law like this can't do any harm, besides the harm that has been done (or is happening) already. it sounds like to me that this is a good thing. raising awareness around network security is always a good thing.
*well, except when it fosters more fear than actual security
And how many of those people (if any) were malicious hackers?
Why don't our legislators spend their time protecting innocent people (Skylarov, Felten, Serebryany, etc.) from laws like the DMCA that have been abused, instead of saying "hey, it's legal to wardrive, which nobody has ever been maliciously prosecuted for"?
I've set up a little Wireless LAN at home, wifey's laptop plus the PS2, Linksys, and it seems like I have to put in the an identifier for the...workgroup? Something, I forget the technical word, but I changed it from the default "Linksys" to something specific to my house...and I had to make sure everything that was connecting to the Router used the same ID.
So, setting aside that there are probably tons of home Wifi installs that still use "Linksys", and assuming lots of people don't use the encryption that requires a true password, how does wardriving work? Does it "wardial" the ID, or is my network broadcasting the ID to use? (I guess the latter is more likely)
And if I'm NOT using the password, is everything my wife is doing on her laptop being sent in the clear to the nearby neighbood?
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
...because now you can legally steal bandwidth other people paid for?
Why not? It's legal to listen to your neighbors phone conversation if he chooses to braodcast his phone conversation into your house using an older portable phone that doesn't have any anti-listening technology built into it even though you have politely informed them of this.
I don't really see how wardriving itself could be illegal or legal, I mean, it's unethical to sniff the airwaves, but 2.4ghz is public. On the other hand, accessing the network without express permission is illegal, wireless or wired. Same goes for WEP... Breaking WEP is definitely illegal as someone is trying to protect their data and you have to break their security to read it.. Wardriving being illegal would mean that me walking with my laptop turned on downtown is illegal..
Well, as the article says, if they want to use a wireless network, the burden falls apon them, nit the state to make sure that network is secure.
Frankly, I feel that this is a good approach to hacking in general. Why should buisineses, who often lobby to pay the state less in tax revenue and whatnot, still expect the state to prosecute people who break into thier networks because they were too lazy to apply a patch?
Now, as a caveat to this, I feel that if the company can show that they took all reasonable precautions to secure thier network, then the state should go ahead with prosecution. This way a company that is 'following the rules' is not unduly punished, but the company that is too lazy or too cheap to implement good security is, and cannot fall back on fear of the state to be thier security apparatus.
You say you want a revolution....
"That was your network I had Kazaa, WinMX, and Grokster running full-steam 24/7 on? I had no idea, honest. Hey, OW."
The coolest voice ever.
I don't recall the wording, but doesn't most of this equipment carry a message from the FCC that says that the device must accept any interference from other devices?
Maybe it's a bit backward, but I think that can justify your having picked up the signal; you were just accepting interference...
It won't surprise me if Comcrap starts port blocking to prevent "spamming" from open wirless acess points. Basically, turn their network into a port 80 output-only network slightly more sophisticated than a television.
This argument is weak anyways because very few consumers pay per bandwidth usage. Usually you pay a fee for the service of having unlimited internet connectivity with a capped speed. This is like accusing your friend who is watching Cable TV with you, and then accusing him of stealing your cable, because you paid for it.. not him. If you can't secure your wireless, don't get wireless. It's as simple as that.
The area alone the border between MA and NH is quite built up with tech firms (HP, Oracle, RedHat, etc...) - wonder if they'll be cracking down on their wireless networks? Also, what happens to someone in NH who grabs some bandwidth from MA or vice-versa?
However, if you have the ability to use someone's network "accidentally" how do you distinguish someone who is using a lot of bandwidth for an innocuous reason from someone using a little bandwidth for a protective screen? I seem to recall reading an article about SPAMmers using open links to anonymously go through SMTP sites to further propogate their "stuff"...
And if the company is running Windows and has shared network resources, where does my 100 page accidental printing land on the scale of things?
I agree that you don't want to arrest someone for browsing through "linkedsys" when they meant "linksys" (or picking up the wrong "linksys" which is probably even more likely). But I'm not sure this is the answer.
FWIW,
Ewan
It's good news because it explicitly says it's ok to connect to a network that you dont know to be closed. Computer do this automaticaly so this is a needed protection. It's about the same as a door if it's not locked and looks to be something open to the publi you can go through it but install one of those little luggage locks and now it's not legal to go through it even through it's trivial to break it.
No sir I dont like it.
What about road rage? :)
-
ping -f 255.255.255.255 # if only
You can legally use bandwidth other people have kindly provided to the general public. It's up to people who don't want you to use their bandwidth to do something to make it clear that they don't want you to use their bandwidth. This might actually make WEP somewhat useful; it's pretty easy to break, but not automatic, so it serves to signal that you shouldn't just use the network.
I do a bit of wardriving myself.
I think that if anything, the biggest kicks I get out of wardriving is generating maps of my results.
(I do like plugging my map - shameless self promotion I guess)
While I never connect to networks, it would be nice to know that if I ever did need to access one that I wouldn't have to worry about going to jail over it. Props to the government on this one.
Remember that you are unique, just like everybody else.
I don't care whether wardriving is legal or not. I don't do it. I do, however, use my laptop--with its wireless card in, I never bother to remove it, but not with any kind of extra antenna or anything--in the car when riding with other people, occasionally. Windows has on numerous occasions thoughtfully informed me, in the middle of nowhere, that it had connected me to whatever network it happened to find.
And as long as things are set up so that connecting to the network doesn't involve anything more than just happening to be where that network is, the idea that you could be prosecuted for 'breaking into' their network is a scary one. There's often no 'breaking' involved. If I end up connected to somebody's network, and it required nothing more than a laptop configured for my *usual* wireless access, then no, it's not my fault.
If you have a wireless network and you're using it to transmit 'corporate secrets', etc, then secure the thing. People who run around purposefully trying to find other people's networks to go online from are a little slimy, maybe, but it's not 'breaking in'. It's complaining that somebody's sitting on the chair you happened to leave on the sidewalk. It may be your private resource, but you've left it sitting in public space with absolutely nothing to indicate that people *shouldn't* sit in it. And the average stranger who does is probably just resting his feet, not sabotaging your property.
I don't see how this is "ripping them off". Unless you're in an area where the ISPs charge by how much data is transferred and not just for the bandwidth (very few places) then you're not stealing anything from the person.
Waitaminute. What you're saying -- in essence -- is that you think it should be *legal* for people to enter your house without your permission if you're too stupid/lazy to keep your door unlocked. I'm sorry, I have to disagree with you. Unlawful entry is unlawful entry, and unlawful hacking is unlawful hacking.
That being said, I think it's completely different with wireless networks precisely because you don't even know what network you're picking up -- and you can pick up the network completely by accident. This is in effect similar to the case where an non-scrambled phone conversation is picked up via a scanner accidentally...perfectly legal to listen in, at least in most states.
My journal has hot
Well, I don't know about you, but here in NC if I drive through a nearby office park with Kismet there's a spot with EIGHT IDENTICAL members of the "linksys public access network" if you know what I mean (LinkSys products with default unprotected configs).
... you might just be committing a crime and theft of service if you pick the wrong one.
.. how about just renaming your access point to "PRIVATE ACCESS" or something that takes half a brain cell)....
:-)
.. how do you KNOW we have a wireless network ... from OUTSIDE??? You must be a TERRORIST!"
If I were to hypothetically sniff some of these packets, I might hypothetically discover that they are going to different ISPs, which makes me hypothetically believe that most if not all of these belong to different companies.
So imagine you are an employee of one of these companies and the boss tells you "hook up to the linksys"
This law puts the burden on the hardware owner to make the fucking tiniest effort (I'm not talking IPsec or even turning on WEP
This is GOOD, not BAD.
The signal is physically going through my body and if it doesn't say "Don't Use Me", then by fuck, I'm going to use it! I figure that's in exchange for the 0.00001% increased cancer risk.
I debated going into these businesses and telling them that I'm a computer security professional and would be happy to give them some free consulting but then I decided at least one of them would get panicky and have me arrested. "But
No good deed goes unpunished you know.
Just because it's legal, that doesn't mean it's ethical.
Frankly, I'm kind of appalled at this line of thinking. When did it become out of fashion to be a decent human being?
If you are driving around LOOKING for wireless networks with poor security to exploit that is not the innocent stumbling upon open wireless networks.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
A house is not a network, trying to say it is is somewhat pointless.
And frankly, yes, I do believe that if you do not lock your door, you are just begging for people just to waltz in. I have lived in some pretty bad neighborhoods. To me these concepts are common sense. If you don't want people walking into your house, lock your door. If you do not want people accessing your wireless network, secure it. If you have taken these precautions, and somebody forcibly enters either, then you are well within your rights to press charges, and there is not a damn thing the perpetrator can use in thier defense.
You say you want a revolution....
A others have mentioned, NH is a nice place to live. No state income tax, no sales tax.. It is a nice place to be.
I'm seeing a lot of "the idea is good but...", but I do think it's a good idea. I read the analogy of walking into someone's house if it's unlocked and taking their food, etc, but I don't think that's the right analogy.
A better one, (which also applies in NH) is that if you're hunting in the woods, you can't be prosecuted for trespassing unless it posted "No Trespassing" or the owner comes along and tells you to leave. This keeps people who are in the woods and might not have a convenient parcel map from the town from being prosecuted because they wandered into an adjacent lot. Do note that this is not the same as walking into land that is expected to be private, i.e. a house or an office building (during non-business hours).
Just my input.
Live Free Or Die.
We're on a mission from God.
IMHO this will be shot down. I HATE to sound like the RIAA, but stealing is stealing. If I leave the my keys in my car and the door unlocked, does that mean that the person who steals my car is not guilty? The problem with notion of "reasonable" deterrence is what constitutes that? If I left my keys in the car, but locked the doors is that reasonable deterrence versus if instead I left the doors unlocked, but removed the keys? What if I left my locked car with no keys inside in a "bad" neighborhood or I own a car that is a prime target for thieves?
Okay, I'll bite.
If you're talking about this law protecting the innocent person who accidentally connects to a different network than they intended, I'd agree.
If you're talking about somebody who is intentionally wardriving looking for networks that he/she can get into and explore for juicy stuff, then I'll disagree.
Certainly, the admins of such networks have acted irresponsibly (assuming it wasn't some incredible new hack that broke into a secured network); but that doesn't mean the wardriver has no culpability in this situation.
This is one of those areas where the law can't cover everything. It's wrong to walk into an open house and take things when you know the owners didn't want you in there. Whether or not the door was open, and whether or not there was a welcome mat on the porch, you damned well know you shouldn't walk into a stranger's house and take their things.
And when you did, it wouldn't be the owner's fault that you're a worthless amoral turd. It would still be yours; whether or not they were stupid.
Hot Damn! It's the Soggy Bottom Boys!
...that would legalize the innocent stumbling upon open wireless networks...
Having not read the article and freely admiting that I could care less about the legality of war-driving (personally I find the concept of going war-driving to be rather pathetic), I have to question the title of this article. I would not define driving around actively seeking open wireless networks and connecting to them as "innocently stumbling upon" them. Guess that's just me.
I'll summarize it again as I have in other forums.
- My laptop sees a signal and requests access to the network by asking for a DHCP address.
- Access point sees my request and GRANTS me a lease on an IP address with which I can access their network
- I surf using the network
- I leave.
I asked, they said YES. They could have easily denied me, but they invited me into the network when I asked if I could. There are SO MANY different ways to keep people out, that owners of AP's just have to do something to secure themselves. Shame on them if they fail to do that.
-- There is no sig line, only Zuul.
Little-known fact: Manchester, New Hampshire, has the distinction of owning the longest street in the world that is capped at both ends by dead-ends. Main St. So sayeth Guiness. No joke.
A lot of people immediately ask "well how the hell do you get on or off of it then?" It has streets coming off it, but both ends are dead-ends.
How is that for a useless bit of info?
My
Limekiller
A state that believes that ppl should be responsible for their own actions. I though that it went out of fashion over the last 23 year.
I prefer the "u" in honour as it seems to be missing these days.
How long will it be until it's overturned?
If someone says he and his monkey have nothing to hide, they almost certainly do.
If I leave the my keys in my car and the door unlocked, does that mean that the person who steals my car is not guilty? The problem with notion of "reasonable" deterrence is what constitutes that? If I left my keys in the car, but locked the doors is that reasonable deterrence versus if instead I left the doors unlocked, but removed the keys? What if I left my locked car with no keys inside in a "bad" neighborhood or I own a car that is a prime target for thieves?
You're right in that stealing is stealing. But prosecution is not just prosecution. Perhaps the cars are a bad example, so let's look at houses. If you leave your house unlocked and someone enters, that's unlawful entry. If you lock your house and someone enters, that's breaking and entering which will impose a stiffer fine. There is a difference, and laws like these help to recognize them. Breaking into a network is still illegal. Wandering into it won't necessarily be illegal anymore, even though it's unauthorized (did they explicitly invite you in? it's unathorized)
We're on a mission from God.
Classify war drivers as enemy combatants!
It seems to me that this change essentially says that any network which isn't secured in any way is to be considered a public network; that is, if you find a network not using WEP or anything, you should assume that it was intentionally left open as a public resource (like people have started doing). I doubt that the defense provided for this behavior would apply to a network using even a small WEP key, though. Even if you sniff the key, it seems unlikely that you could then claim that the network's owner meant you to have the key. So, while people do have to secure their networks, they don't have to secure them particularly effectively; just well enough to block your defense.
What this law means is that, if you don't want people to use your wireless network, you have to use some sort of technological measure to let them know to stay out. This makes a lot of sense, because there's no way to find out that someone does want you to use their network.
Come on, that's like saying that if I'm allowed to enter a business with an open door, then I'm also allowed, by default, to rob the place and give the owner a Dirty Sanchez.
The law assumes that an open network was left that way intentionally (or that the owner doesn't much care). That's a very cool thing. But nowhere does it say that you are absolved of responsibility for your actions when using the network. So industrial espionage and cracking other, secured servers is still as illegal as it would be if you were doing these things from any other system.
I think we have to look at motivation here. For example, I just found out that someone in my apartment complex is running an unsecured wireless network. How do I know? Well, I was setting up my wireless PDA and noticed I was connected before setting my WEP keys. Checked the IP's and, yep, most definitely wasn't my wireless network.
Now, harmlessing stumbling upon someone else's wireless network shouldn't be a crime. I think that's part of the point here. Maliciously using someone else's wireless network, though, that's another matter. I don't think there's much debate about that.
Which brings this all to an interesting point? What about the "ignorant"? If my neighbor has no clue that he is sharing his bandwidth with the whole apartment complex, then how is my using his network anything less than theft of services? (Not counting that his ISP probably forbids it in the TOS anyway). From what I can tell from this law, it's saying that "ignorance" is no excuse, if you leave your wireless network open then anyone can use it for non-malicious purposes.
Hmm. Maybe a nice idea, but it also sounds like if I don't put a fence around my yard, anyone can come in and have a picnic!
Who said Freedom was Fair?
They paid for their connection (whatever speed that may be). You didn't - plain and simple.
That said, if you're putting in a wireless network in your house, it's in your best interests to lock it down, unless of course you want it to resemble cable access at 8PM, anywhere USA.
What about deliberate and intentional intrusions? I can understand how people can accidentally connect to a different network than they intended, but wardriving doesn't even come close.
There's a Mercedes gap too. I want one and can't afford one, but it's not government's job to do anything about it.
N.H. also legalized taking cars for a joy ride if the cars are left running in a convenient store parking lot. Give me a frickin' break... The BEST thing for gov't to do was to do NOTHING and let the courts sort it out on a case by case basis. It's like nerds are now a protected class. Please mod as flaimbait. tia.
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
It seems that with every article posted on Slashdot I get a better picture of the lack of morals possessed by the average Slashdot reader.
They see no harm in taking goods and services that they did not pay for and are therefore not entitled to.
Now they see no problem with hijacking bandwidth someone else paid good money for simply because it's available over the airwaves and unsecured? Tell you what: let me know where you live so I can help myself to your water, electricity, and internet access if your door happens to be unlocked. It's not my fault if I sneak in, you were too stupid to secure your house!
Also, I don't really buy the whole "this is good, now we'll see some better security" argument. Right. You're telling me you'd like nothing better than to see ALL wireless networks secured so you can't go joyriding and stealing bandwidth? Right. A Slashdotter who doesn't want to get a free ride. Next thing you know you guys will be telling me that you'd be in favor of a foolproof scheme that protects your fair use rights for music and movies but prevents you from sharing with millions of random people.
This is really sad when you think about it. The prevailing morality among young people seems to be "screw everyone else, if it's not bolted down I'm taking it!" There used to be a time in this country when you could leave your doors unlocked because people were decent enough to respect each other's property. Not anymore, I guess.
Designtechnica.com has a fantastic article on War Chalking/driving that talks about a lot of this topic in detail.
This is like accusing your friend who is watching Cable TV with you, and then accusing him of stealing your cable, because you paid for it..
Yeah, well, I'm sure some marketeer somewhere would like to install a pay-per-viewer model for cable tv...
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
The state would have been better served by passing a law that helps to easily identify public wireless access points. Connecting to a wireless network w/o permission is as wrong as connecting to a wired one. If I leave my office door unlocked, does that give you the right to plug into one of my data jacks? No. Granted the blame comes back to the inept admin who left the network insecure, but like many things in life, just because you can do something, doesn't mean you should.
Nobody is stealing per se. The law pretty much says that if you don't take steps to prevent people from accessing your network, you are considered to be sharing it. The 'criminals' are not preventing you from using your network. You can still use it, so they are not stealing anything from you.
You'd be hard pressed in a court to show exactly how much of the shared bandwidth directly affected your attempts at receiving porn.
You think that I'm crazy, you should see this guy!
Brian McWilliams obviously thinks this is a bad law, and he has slanted his article accordingly. I'd have thought Wired's editors would have caught this sort of thing.
First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance even though he finds the space to define WEP. Makes it sound a bit aggressive, and not by accident.
New Hampshire's existing statute says it is a crime to knowingly access any computer network without authorization. By analogy, just because someone leaves his house unlocked doesn't mean you are authorized to walk inside, sit on the couch or help yourself to the contents of the fridge. But HB 495 turns that thinking upside down, experts said.
No, it doesn't, and if you new the first damned thing about this technology you would never repeat what your (unverified) experts have told you. Walking into someone's open house and helping yourself to the contents of their fridge, is trespassing and stealing, and in showing such low regard for their personal space it becomes reasonable for them to wonder if your are a threat to safety and bodily harm. We're not talking a simple risk of data here.
What's more, if an alleged intruder can prove he gained access to an insecure wireless network believing it was intended to be open, the defendant may be able to get off the hook using an "affirmative defense" provision of the existing law.
That's not "getting off the hook." That's having committed no crime in the first place.
And here we are pandering to the fears of the masses again:
A 10-minute war drive down the main business district of Manchester earlier this month using a laptop with a standard wireless card revealed nearly two dozen open wireless access points, including some operated by banks and other businesses.
To the sadly un-geek of the world this suggests that NH is passing a law that makes it legal for hackers to hack your bank accounts. Clearly untrue, clearly flamebait.
And in closing he reminds everyone that the committee is, "...still open to arguments from anyone."
And closes with, "We want to be sure that it wasn't the case that, through trying to protect people under certain circumstances, we were opening up greater opportunity for criminal activity," said Peterson.
If Brian had wanted a decent analogy to explain WAR driving he could have used the following: It's like passing a law that claims it is legal for someone walking by on the sidewalk to let their dog drink from your sprinklers. Technically their dog is trespassing, and technically it's your water it's drinking, and technically it's allowing strangers to loiter near your house where they might become more aware of your houses security vulnerabilities. But as the lawmakers might have said themselves, "let's just get reasonable"
I like the pretty pictures in Wired, but I cannot renew my subscription in good conscience as the folks in NH are making a rare stand for reasonable behavior and a technology magazine is issuing flaimbait articles in response.
So Brian, if you're walking by my house with your wireless card in the sleeve of your IPAQ, feel free to check your e-mail and grab some headlines from
I live in NH and now it will (maybe) be legal to do what i have for awhile now. I hope the rest of the country follows suit. --DS
In your example, would you think the person that takes your car is guilty if the city you lived in routinely leaves cars with the keys in the door as a public service, allowing anyone to use them.
The truth is, that your example is not even accurate. A better example would be if cars come with an optional LOCK. They give strict instructions that if you do not want everybody in the world to use your car, you should install a Lock. If asked, they say they build them without locks so that you can get your own lock, not one that they can open, and to allow pbulic oragnizations to make them available for general use without a Lock
If you get a car without a LOCK, then it is YOUR fault if someone takes your car, and the person that took it has the RIGHT to claim they thought it was a one of the cars made available to the general public for free.
excitingthingstodo.blogspot.com
This law does NOT make it legal to take things at all, let alone things that you know the owner did not want you to take.
All the law does is make it LEGAL to enter the house if you leave it open. Which makes a LOT of sense considering that a lot of people are intionally leaving their doors open so that if you want to get out of the rain, you can enter their house. (Analogy - public groups are offering free services).
The law does not allow you to steal data, it just lets you wardrive. war drive is using their network to access the internet. If you use their network to access the private, secret data of the company, that is theft, and you can still be prosecuted.
Admittedly, the law does make it harder to prosecute you, as you have to be caught with the goods, but that is fair. After all it SHOULD be harder to prosecute a theif when the MORON of an owner takes ZERO effort to protect their property.
excitingthingstodo.blogspot.com
I see lots of comments here about how this law protects innocent connectivity and how war driving isn't innocent. That is incorrect by itself.
War driving is going around looking for open networks to connect to and use. The person war driving isn't necessarily connecting to be malicious and this bill (that isn't law yet) wouldn't legalize malicious connections. However, what it specifically does is designate open wireless networks as networks that you can connect to without getting in trouble. As one person said, it's like the "No Trespassing" sign. If it's there, you have to follow it, but if it's not, you're allowed to walk onto the property (for the most part, there are exceptions).
War-driving isn't malicious. You're just looking for open networks, which this proposed law will protect. Once you're on the network, you're still subject to laws regarding spam and cracking and all those other things that are already illegal.
BZZZT! WRONG. Sorry, but manufacturing and selling devices capable of intercepting cell phone conversations is exactly what we do all day.
It is not even unlawful for us to sell such a device to anybody.
It is unlawful for you to use such a device to intercept a telephone conversation without a court order, but that is YOUR responsiblilty, not ours.
www.eFax.com are spammers
If you live in an affluent area where property taxes cover it, sure. Otherwise, you could be stuck living in places like Berlin, Franklin, Pittsburgh (amongst a whole host of others) where the high school class size drops 25% a year.
But I guess if you subscribe to the notion that Darwin's theory should play itself out in education, then yeah. Everything's just peachy.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
http://www.boycott-hollywood.us/boycott_list.htm - You're Freedom of Speech
Do you mean "YOUR Freedom of Speech"? I'm not sure what "YOU ARE Freedom of Speech" means.
The old analogy of the unlocked house might be good, but not quite right. Try this analogy if you will.
A homeowner is trying to sell a house and puts out a sign saying that his house is open for tours. You can request a key at the door. Well say he finishes the open house, but leaves the sign and still gives keys to people. Is it their fault that he did not remove the sign and did not stop issuing keys?
Put that in your pipe and smoke it...
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
The article seems to shed a positive light on the NH law proposal, which places the burden of network security on the operator, and the negligence for not securing the Access-Point if they get h@x0r3d. That makes a lot of sense because it not my fault that when I walk down the street and your Access point is bombarding me with your signal. I cannot help but to receive the signal if its there. The analogy is walking around at high-noon and being subjected to sunlight, because I cannot help this unless I burden myself to apply a coating of sun-screen. That sun-screen lotion is the wireless equivalent of a firewall but the major difference is that the sun screen is there for my optional protection. It not my burden to protect myself from your spewing of wireless packets since they do not cause me harm.
;)
The wireless protocol stands for themselves, and in a court of law they would be easy to examine line by line until the judge/jury is brain dead from the tech-jargon. Not to mention the various accredited folks who can demonstrate with freely available software that WEP is more of an annoyance. MAC based filtering is weak since it is possible to spoof the mac address with most 802.11b hardware drivers. Simply bombard the AP until the ARP table refreshes with you mac as the end point that *should* be getting the traffic. The solution most folks I know use is a hybrid of various methods. One way is to make each wireless node use VPN to the router behind the AP, and use WEP (as an annoyance) on the ether. Disabling the 802.11 beacon is the first thing that should be done, else it your fault for advertising the existence of your wireless network in the first place. As I mention before, MAC filtering helps as an annoyance to would-be-infiltrators. Finally, rename your SID to anything except "WIRELESS" as many folks get on by simply looking for the default SID.
This is my advice, as a war-driver, I know all the tricks. Enjoy!
It isn't a lie if you belive it.
If someone installs a Wireless Access Point in their house and then doesn't properly secure it from someone accessing it, it is their own fault. If you left your house unlocked and went away on vacation, whos fault is it that your house got broken in? If you don't take the proper precautions and secure your network yourself, then you only have yourself to blame if someone willfully access your systems and uses them for their own purposes. I have no empathy for people who invest in this technology, but do no invest in the security that is required to protect yourself. The information is provided by the vendors for a reason, and it is the home users choice wether or not to use it. If someone has questions on how to do something, there is always someone, or something willing to answer those questions. NH has drawn a line in the sand and has sided with those who use wardriving for one reason or another, wether it be malicious intent, or like myself who is interested in seeing the spread of this technology, and how well of a grasp people have on its security technologies built in.
We are trying to get a town-wide wifi/intranet going here, anyone want to play? email keith@wolfeboro.com
Just what I want to do...tap into a network that has self-confidence and low self esteem issues...it'd be like my ex all over again...
"This food is problematic."
By turning on WEP one would be clearly signalling that the network was not for public use...
My opinion is that yes it is theft. Laws are put in place to place known limits set by society on the actions of others. This puts the responsibiltiy for deciding and punishing guilt on society as a whole and removes it from one member of society. The problem New Hampshire is trying to define is Americans lack of ability to take responsibility. Society (police and courts) should only be required to assume the costs of problems that cannot be solved by much easier and cheaper means. This means the average person needs to be responsible enough not to leave his car ar house unlocked. He/She also needs to be responsible enough to use the basic protections built into the wireless equipement being used. Who in his right mind does not use a firewall to his or her DSL or Cable connection. In the article the author stated he sometimes connected to the CVS drug stores wireless network. The fact that a commercial entity would not have secured its network with some kind of stong firewall and its patents perscription information could be hacked should be considered to be criminal neglegence. Where is the prosecution of these bastards. The police and courts have there hands full handing the really bad people such as pot smokers. Why should they take your little problem seriously if you do not at lease enable WEP on your wireless network. And most of all why should my taxes pay to have somebody care about your stupidity.
If you have taken these precautions, and somebody forcibly enters either, then you are well within your rights to press charges, and there is not a damn thing the perpetrator can use in thier defense.
And, if you leave your door unlocked and someone takes all your shit, you are also "well within your rights" to press charges. There's no right, written or implied, that allows you to take advantage of stupid people.
OTOH, they might get less fat...
Come to think of it, that analogy is pretty good... When you share an internet connection, you both get less bandwidth, and that might drive you to leave your seat and do something else, and thus get less fat...
live free or die.
this is an obviously live "free."
I write code.
Actually the RIAA is trying to reverse much of what has been considered "fair use" in the past by redefining the concept of ownership. With intellectual property ownership can mean many different things based on the patent and copyright laws. With wireless there is not physical connection. Could it be more related to IP issues than the old try and true "momy he toke my toy"?
No sales tax and no income tax. It's great to live here, and your close enough to drive to New York, Boston, Hartford, and soem say the skiing in this area is great, but I don't ski. Living in New Hampshire is the best.
At the next eco-hypocrisy-meeting, count the private jets used to get to the meeting. Should be interesting to see that
The whold leaving your doors unlocked & open and then people walking into your house is a bad analogy. A better one would be:
You leave your T.V. pressed up against your window, and then people walking down the street watch it.
Or...
You put a speakerphone in the middle of the street, and then yell out your window whenever you make a call... and then people can listen to your conversation, and even add some comments in.
Surely what is needed is a way to distinguish between deliberately and accidentally open networks.
If the SSID is set to a default (like "linksys") that just seems like an oversight rather than an invitation.
For those networks which are deliberately open I suggest people use SSIDs such as "PublicAccessInvited". (The analogy here would be the difference between a door to a house which is unlocked and one which is unlocked and has a big sign saying "Welcome - Open House!"
TANSTAAFL
If a group of people regularly siphon use bandwith from other people's accounts, the ISP will see that it's costs are going up without a corresponding increase in revenue, and will raise prices. The cost will be distributed over a large number of people, but it certainly isn't free.
This sig wasn't worth reading, was it.
Trespassing per se was not a crime. So you can stand in someones yard or unlocked house without committing a crime. Of course if you do criminal damage that *is* a crime. Breaking and entering is a crime - entering an open door is not.
If you want to extend the analogy to hacking, if someone puts their info on a web server with default security set to "serve all files to anyone who asks", that should not be a crime to view. If you are creating a special stack-smashing packet that happens to kill version 2.78.2a of a web server, that might be another matter.
If you're talking about somebody who is intentionally wardriving looking for networks that he/she can get into and explore for juicy stuff, then I'll disagree. Certainly, the admins of such networks have acted irresponsibly (assuming it wasn't some incredible new hack that broke into a secured network); but that doesn't mean the wardriver has no culpability in this situation. This is one of those areas where the law can't cover everything. It's wrong to walk into an open house and take things when you know the owners didn't want you in there. Whether or not the door was open, and whether or not there was a welcome mat on the porch, you damned well know you shouldn't walk into a stranger's house and take their things. And when you did, it wouldn't be the owner's fault that you're a worthless amoral turd. It would still be yours; whether or not they were stupid.
The point is, how can I tell that I'm not supposed to be on a network?
In New York State, where I live, the computer crime laws state a person must defeat an access control mechanism when accessing a computer for it to be considered tresspass. That means: If your computer is accessible via a public network and with no password, it can assumed to be open to the public.
If you leave your "juicy stuff" on a computer with no password, on a publicly accessible network, it your fault. It's like posting it on a webpage (they fall under that definition). If I visit the webpage, passwordless FTP server, windows share, etc where you put all this information I should be legally in the clear. You are the one who put out there for the public. If you didn't meant to: "How the hell should I know?" Your incompetentcy shouldn't mean that I'm a criminal. There shouldn't be any arguement over what my intent was in looking for/accessing that information. You put it there! You made it publicly accessible.
This law just makes sense. If you want to be able to take someone to court for accessing your network, you should have an access control mechanism in place on that network. If you aren't making minimal the effort to control who gets onto your network, then you shouldn't expect the courts to care.
I have no problem with the assumption that open APs are meant to be that way.
Finding an open AP is like finding a PC set up and running in the town square. If I sit down at it and it doesn't ask me for a password, then I can assume that the public was meant to be able to access it.
Your "It's wrong to walk into an open house and take things when you know the owners didn't want you in there." analogy fails for lots of reasons. The airwaves are a public resource. You don't own them and neither do I. The obviousness of entering someone else's house isn't there with wireless networks. If I see an ESSID "linksys" how do I know if that person doesn't want me using their network? Maybe they want me to so they left the router in is default open state. Maybe they didn't, but were too incompetent to configure the router to implement their desires. Maybe they want me to, AND didn't know how to to configure the router to implement their desires and it just happend to work for them that way.
The point is, it's more like leaving something by the side of the road and having it get taken then inside your house. As a little kid I left my bigwheel at the end of our driveway and someone took it. They had a reasonable right to assume that it was there for anyone who wanted it to take, or it was going to get picked up with the trash. I'm sure the guy who took it wasn't an "amoral turd" for taking it. It was my fault for leaving it there. I may have been too young to understand what would happen at the time, but that doesn't make they buy who took it home to his kid a bad guy.
I left something publily accessible and in such a position that someone could reasonably assume they could just take it. You're doing the same thing with your bandwidth when you set up an unsecured AP.
Life is too short to proofread.
I am so sick of this house analogy being applied to wireless networks. It doesn't apply because a wireless network by its very nature is ephemeral. You can't broadcast a house.
It is more akin to having a conversation with someone. If you don't want others to hear what you're saying, then find a private place to do so (in other words, secure the network).
There are people (journalists, for example) who hang out in public places and listen to other people's conversations. It is your tough luck if you decide to disclose things in a public setting, and someone overhears, regardless of their intentions. You made the mistake of saying it in public, they just took advantage of it.
TANSTAAFL
If the number of paying consumers decreases because some potential consumers are pirating, and the cost of providing the service remains constant, the provider will raise the price for the payers. Thus, you really are stealing from the people who are buying their cable.
This sig wasn't worth reading, was it.
Lots of people are comparing this to making it legal for someone to come into an unlocked house and eat the food.
That's a bad analogy. Why? Because there is a widely growing movement of setting up open networks that anyone can connect to. There's no widespread movement to leave homes unlocked and free food in the kitchen.
This bill doesn't give people the right to break WEP encryption or spoof MAC filtering. They probably couldn't even use it for defense if the SSID had the word 'Private' or something similar in it. The bill simply recognizes the growth of free connections and tells people that if they don't want to be mistaken for a free connection then it's their responsibility to do something about it.
Why compare to obviously different cases (walking into someone's front door versus wireless networking)? The difference between clearly marked physical resources and wireless resources is a clear one, both ethically and legally.
The NH law would seem to inject some much needed personal responsibility into the equation. Somebody sitting at a cafe shouldn't be accused of breaking into an unsecured network across the street, unless they really do break some security.
There's a few unused bits in every tcp packet, "room for developement" and all.. let's just have one of those bits say "This connection is meant to be public"
-- 'The' Lord and Master Bitman On High, Master Of All
I only ask because, as a self-indulgent, self-described individualist, I don't like the idea of being forced into sharing. It should always be voluntary, or the idea of altruism is dead.
Against Best Buy, CompUSA, Linksys or anyone selling AP's for not having huge labels saying the default settings are such that anyone can connect to the network.
Free Mac Mini
Use WEP and MAC locks on DHCP, and make unauthorized forging of MAC addresses just that: forgery.
Perhaps this is a first step in addressing fedgov's 'issues' with open wireless networks, making net operators responsible for those networks' security and liable for illegal things happening on their (criminally) insecure net?
Waitaminute. What you're saying -- in essence -- is that you think it should be *legal* for people to enter your house without your permission if you're too stupid/lazy to keep your door unlocked. I'm sorry, I have to disagree with you. Unlawful entry is unlawful entry, and unlawful hacking is unlawful hacking.
...)
(At the risk of putting words in his mouth
Nope.
What we're saying is "If you leave the door open and put up a sign that says 'open', don't gripe if someone walks in. Even if the door had an 'open' sign painted on it and a crowd-bar but no lock when it came from the hardware store. It's up to YOU to close the door and/or put up the no-tresspassing sign if you want a private space."
For half a century the convention on computing systems that have a permission system is that, unless otherwise flagged somehow, the permission settings are ALSO the expression of the user's intent. If it's read-all it's OK to read it, if it's read-write all it's OK to change it. If it's read only it's OK to look but not touch, etc.
If the system had a "guest" account with an open password, or a "newuser" automatic-account-generation login, or no-password do-some-function accounts or commands, it was assumed that the owners WANTED people to make SOME use of the system. If all accounts have passwords it was assumed you were supposed to ask for access.
WiFi has a perfectly good mechanism for flagging whether the user intends to let it be used: WEP. As a security measure it is TOTALLY cracked. But as an expression of intent it's perfectly usable.
If WEP is off the implied intent is that the system owner is not worried about you making non-destructive use of the access point. (Doubly so if it also is running DHCP and ACTIVELY HELPS you hook up.) If WEP is on, the implied intent is that you ask permission. Simple, no? And there are LOTS of people who WANT you to use their access points for free.
Now it's unfortunate that many of the devices are shipped in the open-sign-glowing rather than the posted-no-tresspassing state. But IMHO the government would be acting properly (and consistently with property law) to put the trivial burden of putting up the no-tresspassing sign on the access-point owner, rather than putting the burden of discovering the ower's unanounced intent on the users.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Wow, is that ever a refreshing story.
That is a good example of a law that puts the burden of responsibility on the person who's actually being the dipstick instead of the reverse.
I mean, you wouldn't leave the front door of your house open with arrows pointing to it and then feel violated when you have people walking around your living room. Why should wireless neworks be any different?
-brain
Plus, passive stumblers like kismet never connect to the networks in question
That's good to know. I can't keep kismet_server to stay up longer than a few seconds unfortunately. To get around the 99 logs per day limit, I setup a loop at the command line to set the log basename to be a word of my choosing plus the current minutes and seconds after the hour therefore increasing the maximum number of capture logs per day to 360,000 (60x60x100). Then, in between restarts, I grep the SSIDs out of all the log files and sort | uniq them into a text file.
Why does this matter? I don't know really.. maybe someone knows how to stop it from crapping out every 10 to 20 seconds..
Intelligent Life on Earth
Hm. Interesting Idea. Lets take it further:
People should be required to put on "LEGAL TO WALK ON MY GRASS" signs instead "No Tresspasing Signs"
"You are allowed to Park here!" rather than "No Parking here"
"Smoking is allowed Here!" rather than "No smoking"
"Admittance Allowed" must be placed on EVERY door a business wants the public to use instead of "No Admittance" signs on restricted doors.
Beaches should put up "Bathing Suits, Swimming, sunbathing, sand-castle building, frisbee games, picnicing allowed" rather than "No alcohol, no dogs, no nudity" signs.
and on the other side of that admittance allowed sign, their should be a "Exit allowed" instead of "No Exit, alarm will sound".
I see no difference between what you are requesting and ANY of the above rules. They are all equally stupid. If people own something and do not want other people to use it, it is the owners responsibility to at least take MINOR steps to secure that property. Failure to do so should mean that you can not prosecute people for entering your property looking around and NOT harming anything.
excitingthingstodo.blogspot.com
Yes.
"This equipment compiles with part 15 of the FCC rules. Operation is subject to the following conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operations." (Back of computer)
-uso.
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
yep... from my house i can connect to 3 different networks - ours, our accross the street neighbor, and our next door neighbor. Of course the accross the street neighbor's internet is 3x as fast as ours so i use that one when i'm downloading a bunch of stuff or if i need a new IP address. nextdoor neighbor is just a network... no internet... pretty fun though... i'll IM my accross the street neighbor and tell him i'm using his internet, then make it slow for him by downloading stuff.
"All the law does is make it LEGAL to enter the house if you leave it open."
Uhh, why so many housebreaking analogies? Connecting to a network is nothing like using someone's property. As previous posters have mentioned, (a) the network specifically allowed you to connect when you asked for permission, and (b) radio devices must accept interference.
Nobody is going into anyone's house here.
I go to SNHU in Manchester and will be spending the summer living on campus since I got an internship in the area. Looks like I will have to go searching for places where I have internet access.
BTW, that cafe called Fusion is great. Nothing like doing research for a paper with my laptop while having a coffee.
How are we going to catch terrorists now!?!??
That is all.
The only real semantic difference between my definition and theirs is the MOTIVE ascribed for doing the war driving.
They talked about how people would war-drive so as to possibly engage in illegal activities.
I talked about taking advantage of charity, advertising, public service and other legal activities.
When I say that an activity can be legal, and someone else says it can be legal, that does NOT make me "naive", any more than it makes them paranoid.
What it means is that I am not a criminal, and they have been robbed.
As a legal person that does not engage in crime (cripes, I do not even download music.), I should not have MY rights taken away simply because some idiot refused to take standard precautions against theft. I should not be forced to take a Paranoid stance to save them the trouble of taking minimal pre-cautions.
excitingthingstodo.blogspot.com
That's smart, but smarter would be to classify a WiPOP as an attractive nuisance, just like a swimming pool. Thus classified, the owner of a WiPOP would not only be responsible for securing it, he'd be liable for any damages due to failing to reasonably secure it.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I understand anc appreciate the subtlety that people have been bring to this conversation. However I stil think it is a question of private property. I don't think a car without a lock is a good example. If I leave my wallet on the bus and someone picks it up and doesn't return it, I believe that is still considered theft. Similarly if you leave your bike not locked up and someone walks off with it, you are being dumb, but that is also theft.
At the risk of being a troll....
...I must say I don't have an opinion either way on the bill...
...opening up greater opportunity for criminal activity.
That's surprising. It's hard to imagine that you could be at all familiar with a non-technical perspective and not know how incendiary were the images you used.
I wouldn't have imagined that you would have gone into the history of War Games style auto-dialing to explain "war driving"'s hacker origins, but the "bacronym" Wireless Access Recon. or some other indication that War (in this case) wasn't (as your link points out) "a battle," a "military operation," an "active hostility" or an "open armed conflict." would have been much appreciated by those of us who use this technology and aren't looking for conflict.
When you repeat something that is simply farcical, and end it with, "...experts said." That's not the same as saying "opponents of the bill claimed." Without stating what makes these people expert, or who they are, many would take this to imply that you believe they were experts. And by extension, that their opinions have some merit to you.
I would be very interested to know your actual opinion. What would be a good analogy to the physical world as to the actual impact of War Driving? I like the dog drinking from the sprinklers, as it highlights the pettiness by which someone would begrudge a few thousand free packets of Internet surfing or a few thousand grams of water (which is worth more in some places) to a passerby. What do you think?
This is what (when I read it in my non-techy persona) I get from the article.
War Driving
Just like being... authorized to walk inside, sit on the couch or help yourself to the contents of the fridge
New Law Lets'm "off the hook"
They can get into banks
Committee still open for opinion
I'm delighted by the suggestion that this interpretation of your article may have not been your intent, but if you give your article to a decent sample of people who are intimidated by these new technologies, I think you'll find their opinions to closely match mine, that this is a soft battle cry to fight those stupid lawmakers that are endangering our computers and checking accounts.
I live on a dead-end street which connects to another street with two dead ends at one end. Twin Circle Drive forms a 'T' There are six houses along the top and four more on both sides of the slope uphill. Here in New England, I would not be surprised to hear of streets with three or four dead-ends. Worcester, MA better known to natives as Woostah, has a Main street that ends in a dead end near the city center. You just have to love Yankee city planning! And, uh you can Wardrive there, too. I'm still on-topic, right?
http://en.wikipedia.org/wiki/Signature_bloc
Who gives a shit if you're on-topic. We're talking. =)
"Welcome to Woostah! That'll be a dollah twentee fyve." - Tollbooth Willie
My
Limekiller
The flip side of the coin is that there are people not only wardriving, but silently sniffing, and not returning any indication that they are doing so. They don't hop on networks and use them, they simply sniff, grab passwords/etc via clear-text sniffing, and archive what they find. Completely untraceable unless you happen to be the FCC. These are scary times.
Also, one may lock down their wireless today, but someone can be archiving that encryption, then wait on it until it *is* crackable via later exploit or brute force is available. (crackable via later exploit being more likely) In general people's passwords 3-5 years ago (and 3-5 years from now) are pretty much still in use today.
These are very scary times.
fslg503-985-8686503-985-8686503-985-8686503-985-8
peripherals.guide wrote:
> The NH law would seem to inject some much needed
> personal responsibility into the equation. Somebody
> sitting at a cafe shouldn't be accused of breaking into an
> unsecured network across the street, unless they really
> do break some security.
First of all, the story mentions war driving, not sitting in a cafe accidentally encountering a network. War drivers are out looking for networks. If they are also war chalkers, they share the location of networks they found, so others can prey upon them. These are the people who should be taking personal responsibility for their actions.
Secondly, look at the target audience of wireless networks. They are generally aimed at small businesses, schools, and private homes (at least the ones in CompUSA), not huge megacorps with a big IT department full of people with networking certificates.
The people who purchase wireless networking equipment and install them are ordinary people. They might not be very computer literate. They just want a gizmo to let the family's/business'/school's multiple computers share an internet connection, and maybe some files. They have no concept of "security", it is a computer gizmo and it just works some kind of magic. They buy what the nice salesperson tells them to, and follow the directions to install it. Miraculously it works, and they are happy with it.
Sometime later, they start to see some weird chalk marks on the sidewalk. They pay it no mind, just some hooligan's vandalism. Their network connection starts to slow and their computers get sick. Their ISP shuts down their internet connection, citing some "DMCA" legal thingy. Before they know it, the RIAA and the local marshal are at their door, to arrest them for sharing 10,000 music files. They are puzzled, as the only file they shared was one of the family's favorite recipe. They might not have even known that a computer can play music.
Expecting, like the NH law does, that people like these would be able to secure a network well enough to keep war drivers and others out is unreasonable. They need a working wireless network, they bought it in a box, they can barely manage to install it. They have no clue on security. If they had to get a clue, they would have to hire an expert. That would cost enough money to make them do without the wireless network in many cases.
You could ask or require manufacturers of such devices to configure them with a high level of default security, and to include easy to understand instructions on setting it up that way. Put the brains in the box, so any idiot could set one up securely.
Best of all, people could get an ethical clue, and stop breaking into other people's networks. If people can't maintain ethical behavior on their own, the government could step in with wise laws to protect society, as they do with speeding, bank robbery, murder, and other less than ethical acts. That is, after all, why we have laws in a democratic society.
"What do you think Mothra would do?"
Moll, "Mosura" 1996
However if you then try claiming on the insurance and the company learns you took no precautions to secure your home, you'll have a very hard time getting your insurers to pay up.
Why assume that sites with unprotected APs aren't unprotected precisely because they want to let visitors use them? We let our visitors use our 802.11b access points, and I have been at several sites that returned the favor. There isn't much risk if the AP is placed outside the firewall and port 25 is blocked.
I'd like to see a "community access" option in APs that would allow non-WEP access only to the Internet on the far side of the firewall, and would regulate total bandwidth consumed. That would let sites without an easy way to connect there APs outside the firewall to offer access to visitors. Visitors might like internal access to print, but we don't allow that. It is a good compromise.
I don't think much of argument by analogy, but our 802.11b infrastructure costs less than our drinking fountain, and we even let strangers use that.
War Driving
...opening up greater opportunity for criminal activity.
Just like being... authorized to walk inside, sit on the couch or help yourself to the contents of the fridge
New Law Lets'm "off the hook"
They can get into banks
Committee still open for opinion
Hmm. I guess you missed these other highlights:
operators of wireless networks must secure them
New Hampshire's proposed wireless law was hailed as "enlightened"
A variety of techniques can deter, if not eliminate, unauthorized access to wireless networks
the goal of the proposed law is to protect those who innocently stumble upon insecure wireless networks
FWIW, I like your sprinkler analogy. I also like another one that someone else pointed out: that the proposed law is akin to New Hampshire's rules about posting "No Hunting" signs on your property.
B.
Yo - lus3r!
It was just a joke. FYI - I'm a software engineer working in Southern NH. I've been developing software for 20 years, always living in NH, working in NH about 1/2 those years.
Yes, there are a lot less cows.
Fuck off and die.
"No matter where you go, there you are." -- Buckaroo Banzai
I'm not saying as a mark of security, but as a thing which can default to true without bothering anybody. There's no standard way of saying "This connection is only meant for authorized users"
In reality, it should be illegal to tap in to a network that doesn't have something specifically saying "This is for everybody"
Just because you leave your door open doesnt mean that anybody should just be able to walk in. Everyone here seems to care nothing for protecting the ignorant. We don't have to do anything to protect them, we don't have to go out of our way to do so at all, but how hard would it be to come up with some standard which says "This is an open network, and it's okay to tap into it"?
Anyone who disagrees with things that I say is a fuckhead.
-- 'The' Lord and Master Bitman On High, Master Of All
A number of posters here seem to think that a network is "open" when they guess that the password to access has been left as the default.
To my way of thinking, that means the user does NOT intend for others to use their network. An open network would not require a password.
It does not strike me as moral, and it should be illegal, to access a network that is not CLEARLY open. Simply guessing the password should not grant one unrestricted, legal access.
Many admins intentionally place the wireless access points outside their firewalls. This is indicative of a good admin who only allows access through the firewall/vpn. There is nothing wrong with doing this. A side effect is that anybody can use the access point for public internet access, wich is not a problem either, since pretty darned few people use these things.
I fail to see why it's unreasonable to expect them to do *something* to indicate that it's private. As far as I can tell, the bill does not require your WiFi network to be completely secure, merely to have been confiqured in a way that indicates that you've tried to secure it.
In other words, if you turn on WEP or use IPSec, the law definitely won't protect me if I connect to your WiFi AP; it doesn't matter that WEP is broken, or that you've used a silly password. What matters is that I've had to bypass your security to use your AP.
I appear to have a blog. Odd.
Actually I think we have. Open frequency, not WEP, no firewall/protection of any kind. This defaults to a standard. I do not get into these networks. Quite frankly I have better things to do. But progmatically speaking would be very difficult for you average detective to get anywhere with this case.
Unnoticed in the USA Patriot Act is the fact it has effectively made the harmless hobby of trainspotting - the recording of different types of train engines, cabs, and cars - illegal in the USA.
So we can now drive around and spot open connections if this house bill passes, but people will still be treated as outlaws for watching trains.
> --- All Of The Above --- >
Here are the technical parameters:
802.11 channel: 6
SSID: RickNet
IP addresses via DHCP, or if you want static, use 192.168.1.30, DNS server 192.168.1.1, gateway 192.168.1.1
Encryption is usually not enabled, but if you want, the key is 6036596363. If it's something else, that means I don't want anyone on my network.
I've also given out enough information that anyone who wants to get on my network is able to. If you can't figure out my general location from the information above, then I don't want you on my network anyway.
--RickTheWizKid
Again, I agree that this is stealing. But if you invest in a technology that can easily be abused (such as 802.11) and do not take the time to learn how to prevent basic intrusions you are asking for problems. If you are not willing to invest the time and money, should society be willing to invest the time and money in investigating problems with your network. This law is basically saying to wireless network owners "here is a potential problem do something about it or we will not help you". I see other problems with not recognizing this situation. If a company, such as the CVS example in the article, is placing customer information on an open wireless network with no protections should they not be prosecuted for criminal neglegense?
Finally, something that makes sense comes out of the government. This is a free country, so you should be free to do anything, as long as you don't deliberately harm someone, and if you don't want people getting into your networks, then secure them for cryin' out loud!
I live in Manchester, and have to say I'm all for this concept. I've also got three WAP's in my apartment and will be dedicating one as filtered (and possibly use limited) net access to anyone that happens by. Of course, being on the third floor of a building in the Sunset Ridge apartment complex may make it a bit difficult to connect to... but the point is, I'll make something available. Hell, it's available now. I think laws like this will protect people taking advantage of one of the more -fun- aspects of current-day networking.
However, I do think there is a missing link in the mix for true wireless sharing with some level of protection and security for the operator. I'd like something, preferably Linux based of course, that'd let me see all the people connected to the wireless network by IP and MAC, and possibly have some form of operator-paging request for access system. Anyone game to do it?
My own pointless vanity vintage computing page
Not quite. In physical property, there are several levels of security. Most people, when they see a house, know that they shouldn't go into it, but that doesn't mean it's not incredibly easy to get in. It's somewhere in between a highway and a barbed-wire fence: a highway is open to everyone (with a driver's license), a barbed-wire fence forcefully keeps people out, but an unlocked door to an unfamiliar house tells you that you shouldn't go in, without actually keeping you out.
In wireless networks, you are either a highway, or you are surrounded by a barbed-wire fence (of course, with WEP, the barbed wire is installed backwards, but that's a different matter). There's no way of telling people that they shouldn't enter, without actually forcefully keeping them out (never mind that the encryption is very weak and flawed). If someone's looking for a highway, and they find your accidentally-open network, they just have to assume that it's the highway they're looking for and use it. It's only when they go out of their way to break into a place where they obviously shouldn't be, that they should be breaking a law.
I found the meaning of life the other day, but I had write-only access.
Damn...I just made a comparison of a similar nature in response to a comment above, but your example is far superior. My hat is off to you, sir.
I found the meaning of life the other day, but I had write-only access.
No, no, no. Sure, if someone walks into your house and takes stuff, that's illegal. But what if the door isn't just unlocked--what if there is no door? What if there's no house, and no sign to say that anyone in particular owns that property? What if you just leave your stuff out in the middle of nowhere? That's abandoned property, and I, for one, will take it.
Since a lot of people put up wireless nodes with the intent of having random passers-by use them, and declare them open to the public only by not securing them, the above analogy doesn't even go far enough. If you have an insecure wireless network, you've even put a road through the middle of your property. It's a major road, and a lot of businesses are on it. It's called the Internet. You've strewn your TV and furniture and so on by the side of that road and put a sign near it that says,
"Free stuff!"
I found the meaning of life the other day, but I had write-only access.
"War Driving To Be Protected In Nethack"?
Hmm... Too much Nethack for me tonight...
As far as your personal files being up-for-grabs, wouldnt it be nice of us if we defaulted to "leave it alone" instead of "party at 3992 LaVista Drive for a 300meter radius!"?
Having no protection is just stupid, it's not an explicite invitation to do whatever you want.
-- 'The' Lord and Master Bitman On High, Master Of All
This is correct, but if you did not lock your door, you were just asking for it to happen sooner or later.
Basically, the gist of all that I am saying here is one should take responsibility for thier own networks, instead of bogging down the legal system because you want to skimp in the tech department.
You say you want a revolution....
I am not disagreeing with you. It should not be an invitation. Be that as it may, the 802.11 specification is flawed in that it did not contain anyway to inidicate the network is not open except to at least use the WEP security. As I said before according to the technical specs the only way to indicate I am an open network is to simply leave security turned off. This is the way the technology works. If you do not use at lease the WEP security, which then needs to hacked even if it is easy you have indicated I am an open network. As I have also said I do not war drive, I pay for my internet connectivity, have an 802.11a/b network at home ahd have security in place. I take the responsibility of providing a reason for the authorities to react if something happens. Americans (yes I am an american) think that the laws are a free ride to be lazy and stupid. In this case they are simply either too lazy, stupid or cheap to actually protect themselves in any way. They have not only not locked the house but have opened the door placed the contents on the driveway and placed a big sign with "steal it, I dare you."
On the contrary, there a millions of laws set up to protect stupid people from other stupid people. There are also a few setup to protect stupid people for smart people. Both sets tend to only sort of work and cost many billions of dollars a year in the legal system for what a few 10 dollar locks properly used could have preventd. This law simply recognizes the fact that as an american citizen you also have the responsibility for not wasting public resources. After all thats what we have politicians for.
farnz wrote:
> I fail to see why it's unreasonable to expect them to do
> *something* to indicate that it's private. As far as I can
> tell, the bill does not require your WiFi network to be
> completely secure, merely to have been confiqured in a
> way that indicates that you've tried to secure it.
Please remember the lowest common denominator of the target audience. Their experience with "wireless" is cordless phones and cell phones. They are going to assume the wireless network is private and secure, just like their cell phone is (or appears to them to be).
> In other words, if you turn on WEP or use IPSec, the law
> definitely won't protect me if I connect to your WiFi AP; it
> doesn't matter that WEP is broken, or that you've used a
> silly password. What matters is that I've had to bypass
> your security to use your AP.
Okay, now you have given them a headache with all those acronyms. To be obvious and simple, give them a nice big fat animated button with a picture of a padlock on it, and a caption: "Privacy". If they click it, ask them for a password, and tell them how to make a good one. Let the software handle the acronyms and the security.
"At this moment, it has control of systems all over the world.
And...we can't do a damn thing to stop it."
Miyasaka, "Godzilla 2000 Millennium" (Japanese version)
Absolutly correct. Every WiFi AP I have seen so far has a tab in the control interface that ways security. This is obvious enough even for the beginner. Go there and enable WEP. At this point you have closed the door to the house and locked the door knob. A security bolt is not yet in place but you have now indicated my house/network is now available to those that ask and I grant permission only. If I buy a house I am expected to protect it. If I set up a network I should also be expected to protect it. It is also true that computer stores do not give all the information to buyers because if they over inform they turn them off. They are not deceiving by doing this. Both situations come down to it being the network owners responsibility to be a good network citizen by closing his network if he does not want intrusion.
All the law does is let people BORROW your internet access, and if they do not commit any other crime, they can not be prosecuted.
I.E. If someone sees your wallet on the ground, picks it up and uses it as a flat surface to write a letter on, then puts your wallet back down WITHOUT taking any money, then they have not committed any crime.
Similarly, if you leave your network open, and someone logs in, goes to their own personal yahooo account, writes an email, sends it, then logs out and goes home, this law says they have NOT committed any crime.
The law still does not make it legal to break into the companies confidential records, or use them for spamming, or any other illegal activity.
excitingthingstodo.blogspot.com
Part of the problem you guys are having, is that you are not reading the actual law, and are making a TON of assumptions that are false.
All the law does is say it is not illegal to log into a network if you do not otherwise commite a crime.
You and some other people have a twisted idea that war driving involves breaking into networks THEN committing other crimes, becuase that is what the media reports. They do not talk about the poeple that just use it to access their hotmail, which is what the majority of war-drivers do. All "wardriving" is, is logging into networks that you did not create. Off line, the equivelent word for "entering without invitation". If you enter and steel it is a crime. If you enter and say, woops, wrong house, that is not a crime. If it is raining and you enter someone's barn to get out of the rain, it is not a crime. Online version: if you war drive for internet access, and only check your hotmail account, then you are NOT a criminal according to this law. That it all the law says. It does not in any way say, OK, you got on the network, so now you can copy their confidential records, copy credit card numbers, etc. etc.
excitingthingstodo.blogspot.com
Yes, I must be 12 if I think folks that are too stupid to secure their network should expect to have bandwidth leeches. Actually, I'm 33, and most likely have many times more experience regarding security then you. So blow me.
If the manufacturers don't tell you to turn on security (or have WEP on by default), then I'd say they are at fault. My cellphone (a GSM phone) came with a warning in the manual that it would indicate if I was using an insecure connection; why shouldn't WiFi equipment have a similar warning in it's setup guide?
I appear to have a blog. Odd.
You said his analogy sucked, but you then proceeded to make an elaborate argument that agreed completely with the point of his analogy. Frankly, when you can get a point across quickly with an analogy to a more familiar situation, that's better for helping people understand this idea than constructing a detailed argument...which ultimately also depends on an analogy:
Off line, the equivelent [sic] word for [sic] "entering without invitation". If you enter and steel [sic] it is a crime. If you enter and say, woops, wrong house, that is not a crime. If it is raining and you enter someone's barn to get out of the rain, it is not a crime.
I found the meaning of life the other day, but I had write-only access.
If you leave your door open and someone walks in, it *is* legal. They are not "breaking and entering." Unless you have some notification of private property, they are not "trespassing," either. Although, when you tell them to leave, if they don't, *then* it's a crime.
- Consult the dictionary frequently to avoid mispelling
If you leave your door open and someone walks in, it *is* legal. They are not "breaking and entering." Unless you have some notification of private property, they are not "trespassing," either. Although, when you tell them to leave, if they don't, *then* it's a crime.
Nope. Entering a private home, door open or no, is considered 'unlawful entry'. 'Breaking and entering' is actually two separate crimes: 'breaking' the door (which causes damage to private property), and 'entering' or 'unlawful entry' into a private dwelling.
These are U.S. laws for most states. If you live elsewhere, YMMV.
My journal has hot
If the Gov. paid any attention to this, they would have to conclude that 90% of Gov. is illegal.
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
I asked for an ipaddress with DHCP, and it gave one to me. Therefore I got "permission".... To get back to the crappy house analogy. Its like this: I knocked on the door (DHCP), and you let me in. (gave me address). DHCP gave me a default gateway as well. So when I pull up slashdot, I'm not stealing bandwidth. I gave my request to the gateway, the NAT server then routed the packet to slashdot, and gave the response to me. This is like I asked you to turn the tv on for me, and you said, "OK", and walked over and turned the tv on. Therfore I didn't steal anything. If you didn't want me to do any of this, than thats your fault for obliging :)
Since the guy used DHCP to get the IPAddress, and you gave him a gateway address, and provided NAT translation, it would be more like:
You were sitting at the side of a road in your car, a guy came buy, knocked on the window, and asked for a ride to the library, and you opened the door, and said sure no problem. Then you dropped him off at the library. are you then going to the police station to press charges against him? How was he supposed to know you didn't want to do that?
When you got hired you were given an employee hand book, which said you can't dl porn. If I'm sitting in a park, and happen to connect to your wide open network, and get a DHCP address, there was no TOS as you put it.
/. in a park, your equipment in effect, grants my request, by NAT translating my HTTP session, forwarding my DNS query for slashdot.com, etc etc. So yes, I WAS given authorization.
And having an address is giving you permission to send IP traffic. Since your gateway is also doing NAT and DNS resolution/forwarding, when I ask for
How am I supposed to know that you didn't mean for me to have net access from the park?
A lack or an authorization system is the same as authorizing everyone right? :)
:)
:)
And your analogy is a bit off. Yes, they buzzed you in when you got that IP address. But when you dind't rummage through their documents. You asked for something to read, and they handed you something to read. If they hand you their financials, instead of people magazine, than its their own darned fault.
You see, when you got that IP address, and you use the internet, you are still going through their NAT translator, and using their DNS forwarding mechanism. You are not rummaging through anything, you are always "asking" and they keep giving.
If you must, and don't think what I said is true, then the documents you read, were the ones sitting on the table in the waiting room. What they put there is their responsibility