Queensland Police to Look For Unsecured WiFi Spots

← Back to Stories (view on slashdot.org)

Queensland Police to Look For Unsecured WiFi Spots

Posted by samzenpus on Thursday March 22, 2012 @06:54PM from the going-down-under-cover dept.

OzPeter writes "As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: 'The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.' While some people may like having an open WiFi AP its interesting to see that the Police also feel that 'Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'"

65 of 255 comments (clear)

Min score:

Reason:

Sort:

Just incase you want to jump on board. by zippo01 · 2012-03-22 18:59 · Score: 3, Informative

http://www.wardriving.com/code.php
1. Re:Just incase you want to jump on board. by pbjones · 2012-03-23 09:01 · Score: 2
  
  and like their burgers, it's crap!
  
  --
  There was an unknown error in the submission.
How times have changed by Aaron+B+Lingwood · 2012-03-22 19:01 · Score: 4, Interesting

Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.

--
[Rent This Space]
1. Re:How times have changed by davester666 · 2012-03-22 19:25 · Score: 4, Insightful
  
  Being able to flash a badge lets you get away with murder...why would wardriving be on the do-not-do list?
  
  --
  Sleep your way to a whiter smile...date a dentist!
2. Re:How times have changed by backwardMechanic · 2012-03-22 22:31 · Score: 2
  
  I expect you will receive a certain amount of harassment from the police if you try to arrest and jail somebody too.
3. Re:How times have changed by Anonymous Coward · 2012-03-22 22:35 · Score: 4, Funny
  
  LOL, you failed hard.
4. Re:How times have changed by mcgrew · 2012-03-23 02:06 · Score: 2, Insightful
  
  I wonder why you got downmodded? It's a true statement. In fact, sometimes you don't even need a badge, just be on the neighborhood watch.
  
  --
  Free Martian Whores!
5. Re:How times have changed by Grishnakh · 2012-03-23 10:22 · Score: 2
  
  Bullshit.
  Even in the Old West, the law was basically that you couldn't shoot an unarmed man, period. If he was unarmed and you shot him, you were hanged. There was only justification for deadly force if the other party had the capacity to also use deadly force.
  According to your moronic logic, all I need to do is go find some guy walking down the street I don't like, walk up to him, shoot him in the head, and then claim that he "attacked" me. As long as there's no witnesses to deny my story, I get to walk away scot-free. How about you post your address, so that I can do this to you?
It's Basic Infrastructure by mdm42 · 2012-03-22 19:03 · Score: 5, Interesting

I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.
If you're a guest in my home, you're welcome to use the bandwidth, along with the lights and water. Can you imagine visitig a friend only to be told, "Look, here's the PIN code to unlock the lights, and here's the key in case you want to wash your hands." Ridiculous. I accept that there's a risk of someone lurking in their car outside the property boundary to leech off my internet connection, but there's a risk of someone stealing water from my outside, unprotected taps, too. OTOH, if bandwidth were shared freely everywhere there'd be no need to sneak around "stealing" it, would there?
It's the 21st Century, man. Get over it!

--
New mod option wanted: -1 DrunkenRambling
1. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 19:11 · Score: 3, Insightful
  
  I'd be more worried about an identity thief stealing data than a passerby leeching bandwidth. Easier to just wall it off. FWIW, we just post the password on the fridge, so our actual guests can use it if they want.
2. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 19:23 · Score: 3, Interesting
  
  Fon router project allows this.
  you share 10% of your bandwidth on the open guest SSID, which is on a separate WLAN from yours.
  Good if you have couch surfers stay allot too.
  I agree that everyone locking down their wifi is just get sucked into the fear mentality. If all routers shared a small amount of their bandwidth you would not need to use GSM, and could make calls from almost anywhere using Viber for example or another SIP like service.
  The mobile phone companies would also be forced to provide a better service because there was another alternative available when your mobile.
  It maybe also be that the opens source routers like Tomatos USB offer multiple SSID's
  Ged
3. Re:It's Basic Infrastructure by gl4ss · 2012-03-22 19:34 · Score: 2
  
  I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.
  that's the problem when the wide area wireless isp's and local cabled isp's are the same entity.
  
  --
  world was created 5 seconds before this post as it is.
4. Re:It's Basic Infrastructure by Aaron+B+Lingwood · 2012-03-22 19:35 · Score: 3, Interesting
  
  My attitude is that connectivity has become basic infrastructure
  I concur. I would like to see connections open everywhere with the option of limited surfing as Guest (should the host feel generous) or having to authenticate to my ISP (or the NBN or some central authority/network) through this random open connection, and have all usage billed to my account.
  
  --
  [Rent This Space]
5. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 20:17 · Score: 2, Insightful
  
  Unfortunately the ISP cartel in Australia charge like wounded bulls and most (all?) plans are capped, so if your neighbour decides they like your connection you can burn your plan with ease.
  Guests in my home are also welcome to use my WiFi - let me type the password in for you.....In the same way I give them the spare key and travel pass.
6. Re:It's Basic Infrastructure by hawkinspeter · 2012-03-22 20:28 · Score: 5, Interesting
  
  What I do is use a WPA2 network that all my devices use and an open network for guests to use that is firewalled from accessing the other network. That gives me the best of both worlds.
  
  My attitude is that if I'm out and about and want to get WIFI, I'd like other people to provide open guest networks, so it makes sense for me to provide one for other people to use.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
7. Re:It's Basic Infrastructure by Chrisq · 2012-03-22 20:30 · Score: 2
  
  I'd be worried more about the fact everything you send over wireless may not be encrypted...
  But all the important stuff is over SSL/TLS anyway
8. Re:It's Basic Infrastructure by hawkinspeter · 2012-03-22 20:31 · Score: 4, Informative
  
  Use HTTPS Everywhere https://www.eff.org/https-everywhere/> and make sure that any confidential data is over https and then it doesn't matter that the WIFI is un-encrypted.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
9. Re:It's Basic Infrastructure by mvar · 2012-03-22 20:48 · Score: 4, Insightful
  
  You should be more worried if someone uses your WiFi internet connection to do something illegal. Next moment the cops will be raiding your house, seizing all your hard drives for further examination, while you go through all the hell of the legal process attempting to prove that you are not an elephant. No thanks, if a guest wants to access my wifi he should ask for the password and take the extra 30 seconds needed to type it in.
10. Re:It's Basic Infrastructure by im_thatoneguy · 2012-03-22 20:50 · Score: 4, Interesting
  
  I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.
  Screw the ISP I don't want my cheap-ass neighbors slowing my Netflix down to a crawl while they download 10 seasons of some anime shit.
  If we all "had internet" and people stuck to HTTP web traffic I wouldn't care. But I've had roomates before--hell I have myself as a roomate and I know that my internet is not big enough for the both of me from time-to-time let alone neighbors.
  If I had a gig-e pipe they could be free to do as they please but I don't pay for my apartment building's electric bill, I pay for mine. And based on the fact that I can't even leave my laundry detergent on my little spot of shelf in my apartment building without it being used up in a couple weeks (and 2 loads of laundry from me) I know if they could secretly plug their water into my tap they would.
  If I'm playing TF2 I expect there to be 0 torrenting and streaming on my connection so that my pings stay reasonable. It's bad enough knowing if one of my computers found an 'interesting' RSS feed let alone having two moochie neighbors.
11. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 22:39 · Score: 2, Interesting
  
  Me too. And that's why I think what the Queensland police is doing is sort of OK. I don't want to use someone's Wifi if the they don't mean to leave it open. My stance is that an open network is open to everyone, practically, legally and morally, because it uses a public resource, advertises itself as open and in no way gives any indication that it is not meant to be open, even though that is trivially easy to do. People who don't want strangers on their Wifi should turn on encryption, and if that's what the police tells them, then I'm fine with it. I have a hunch that the police will do quite a bit of fearmongering on top of that, and that's not OK. But I don't want to step on people's toes when I use someone else's Wifi, so if you don't want me there, put up the virtual fence.
12. Re:It's Basic Infrastructure by Stalks · 2012-03-22 22:41 · Score: 4, Informative
  
  A linux box, iptables experience and a couple of WiFi cards/AP would be ideal, however there is an easier way..
  Your ADSL/Cable router plugged into your ISP offers unprotected WiFi.
  Buy another cable router and plug it into the above router offering protected WiFi behind its own NAT/Firewall.
  Internet <--> ROUTER <--> ROUTER <--> LAN
13. Re:It's Basic Infrastructure by cmdr_tofu · 2012-03-22 22:56 · Score: 3, Funny
  
  "is your password a complicated password?"
  "no its simple"
  "what is it"
  "acomplicatedpassword"
  "i thought you it was simple" ...
14. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 23:02 · Score: 4, Insightful
  
  By everyone locking down their wifi you provide credibility to the claim that an IP equals a perpetrator.
  If I were to say, brute force your WPA2 using my graphics card, you would have a harder time making your case than if your wifi was open and it could have been anyone.
  I care more about protecting the innocent than persecuting criminals I guess.
15. Re:It's Basic Infrastructure by Anonymous Coward · 2012-03-22 23:11 · Score: 2, Funny
  
  My neighbor did this for about 2 weeks till they discovered that i use a lot more bandwidth then them. It took 3 months before it came up in conversation where he talked about some punk kid maxing out his internet pipe. I just smiled and agreed that those punk kids need to cut it out. :P Sure that can be easily fixed by limiting the guest network bandwidth but not every user or router allows/knows how to do this.
  it was nice though to use two separate networks for torrents.
16. Re:It's Basic Infrastructure by neo8750 · 2012-03-22 23:15 · Score: 3, Insightful
  
  The mobile phone companies would also be forced to provide a better service because there was another alternative available when your mobile.
  I doubt this i see them just making it easier to make calls off wifi and claiming its a cool new feature.
17. Re:It's Basic Infrastructure by eyenot · 2012-03-22 23:48 · Score: 2
  
  I think you're right.
  The ISP model is based on net scarcity, isn't it? We're talking about the internet, something which many people today might just take for granted in that it has not always existed.
  The relative scarcity of ways to get online was, at one point in time, a profitable market. You could take advantage of that scarcity and charge people to get online.
  But it's a corrupted and oppressed market, much like the diamond trade. Consider the whole DSL thing. The phone companies didn't win the war against 14.4 (when they wanted subscribers to start paying more for 'data usage') and things kept going until 56kbps and the next iteration up in baud (I seriously can't remember.) Suddenly any modem that came next was part of their DSL wrapper / profit scheme.
  So what we end up seeing are projects to create free wifi for the entire city get tagged by ISPs, phone companies, and cable companies (there's actually a lot of money and political power concentrated in those three) as "the enemy" and the funding or the public interest never shows up.
  I think it all generates the wrong attitude about the internet. There's no reason to require that a wireless network is secure. The only people it hurts are those who have to ultimately share the bandwidth.
  Cops could argue all day long about, people using it as a gateway to hacking and so on, and frankly, cops and their legislator lapdogs don't know anything about the internet. Just as there is no real security on the internet, and no real identity, the inescapable future for these various net-related laws is that they are all going to be broken increasingly until they are broken constantly, and enforcing them will become increasingly expensive until it becomes an unacceptable expense to the public.
  
  --
  "Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
18. Re:It's Basic Infrastructure by thePowerOfGrayskull · 2012-03-22 23:56 · Score: 3, Insightful
  
  Indeed. People seem to think that leaving it open will be sufficient defense -- either glossing over or ignoring the fact that their equipment will be seized under warrant well before the authorities start asking questions that might reveal this defense. Ultimately the lack of offending content will be what saves them - not the fact that their APs are open.
19. Re:It's Basic Infrastructure by hawkinspeter · 2012-03-23 00:45 · Score: 2
  
  But there wouldn't be any evidence of wrongdoing on your PC, so they'd have to get some more evidence. IP addresses do not correspond to people - you need more than just a log entry to convict someone.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
20. Re:It's Basic Infrastructure by alphred · 2012-03-23 01:02 · Score: 5, Interesting
  
  Yes, but in order to discover that there is nothing on your PC, the police will break down your door, search your house and remove all computer-related devices that they can find. After a few months in their possession, and a thorough search of the contents, they will conclude that you must have hidden the illegal content on a thumb drive or some other device that they must have missed. In the meantime, your name and details of the search incident will have been released to the local press and the court of public opinion will have already reached a verdict of guilty that you and your family will have to live under forever. Lack of evidence in this case is not the same as innocence.
  
  Now, this scenario may or may not be likely, but you do have to ask yourself if it's worth it to have an open connection.
21. Re:It's Basic Infrastructure by halcyon1234 · 2012-03-23 01:04 · Score: 2
  
  I do like this idea, but I worry that it'll breed a whole new vector for phishing. Put up a wifi spot with a fake login page, and collect the accounts of "roaming wifi" users. Then use their airtime elsewhere, or worse-- make it seem like they've connected OK, but keep a MITM to sniff all their traffic.
  
  --
  UTF-8: There and Back Again
22. Re:It's Basic Infrastructure by Dcnjoe60 · 2012-03-23 01:15 · Score: 2
  
  A guest in your home is fine. Of course, even with WPA2, as a guest you can give them the password. Then again, you take responsibility for a guest in your home. What if your neighbor's kid uses your intentionally free access to do something illegal, like child porn. Are you not then contributing to the activity? In addition, the authorities are going to come after you, because it is your IP address they will have.
  Now one may argue that they were not a party to the activity, just like an ISP is not a party to it, however, unless you are registered and operate as an ISP, then you lose that argument.
  It seems that your position, while laudable, is also very naive, It puts you and your family at an unnecessary risk.
23. Re:It's Basic Infrastructure by hawkinspeter · 2012-03-23 01:33 · Score: 2
  
  On the other hand, if you're on an unlimited broadband deal, you can't bank unused bandwidth, so you might as well let other people use it (with appropriate QOS so that they don't cause a problem with your own access).
  
  I refuse to bow down to the idea that an IP address resolves to a person. If you've got a log somewhere with an IP address and some "illegal" file, you've got to prove that it was me. It's easy to fake logs and typically ISPs don't perform security checks on their workers. If you accept that you have responsibility for anything done with an IP address that was assigned to your router, then you open yourself up to all kinds of spoofing attacks. They need proof, not just an IP address log.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
24. Re:It's Basic Infrastructure by fast+turtle · 2012-03-23 02:34 · Score: 2
  
  and if there's even the hint of CP being involved, you will be convicted by the newspaper and your neighbors with yours and your families lives possibly threatened. Sorry but it's a witch hunt out there and "We wont stop until sombody gets burned" (Petra - Witchhunt) and that's why you need to secure you wifi. If everyone had open wifi throughout the country, we'd all have a plausible defense but they've already won that battle because people are running scared and now that the ISP's will become Copyright cops in June of 2012, it's reached the point that what I'm paying for bandwidth is no longer worth while. In that case, I am already planning on dropping down to the absolute basic service level of 256/128. It's good enough for what I'll be able to do w/o pissing off the ISP and loosing my connection or having it throttled anyhow.
  
  --
  Mod me up/Mod me down: I wont frown as I've no crown
25. Re:It's Basic Infrastructure by hawkinspeter · 2012-03-23 03:42 · Score: 2
  
  Just apply some QOS so you're guaranteed to get as much bandwidth as you want and other people can use whatever's spare. You can't bank the unused bandwidth on unlimited connections, so you might as well let someone else use it if they want.
  
  If people are happy to share the remaining bandwidth then I'm quite happy for them to drop their service. I've already paid for my agreed bandwidth, so I'm not cheating the ISP out of anything. If their business model relies on re-selling the bandwidth that I've already paid for, then that's their problem.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
26. Re:It's Basic Infrastructure by gknoy · 2012-03-23 04:45 · Score: 2
  
  Would keeping logs of the MACs that connect to your open wifi help? (" ____ is not my laptop, nor my pc, nor my refrigerator, nor any of our phones.")
27. Re:It's Basic Infrastructure by webnut77 · 2012-03-23 06:34 · Score: 2
  
  "What's the password?"
  "idontknow"
  "Well then, how do you login?"
  "I use the password."
  "Alrighty, what's the password?"
  "idontknow"
  "Arrg, you just said you use the password to login."
Accountability by rwa2 · 2012-03-22 19:06 · Score: 5, Insightful

Plus, it's easier for them to book you for thought crimes they catch you committing via their IP taps. They'll have none of that "but my wifi is open -- it could have been anyone" defense. That won't work for you, sir, you'll be held accountable for whatever flows through your pipes!
1. Re:Accountability by Aaron+B+Lingwood · 2012-03-22 19:29 · Score: 2
  
  Including Simpsons porn
  
  --
  [Rent This Space]
2. Re:Accountability by Aaron+B+Lingwood · 2012-03-22 20:21 · Score: 2
  
  Gosh is that Simpsons thing a joke?
  No joke. Photos of small-breasted woman, regardless of age, is also considered child-porn.
  
  --
  [Rent This Space]
3. Re:Accountability by NoMaster · 2012-03-22 21:19 · Score: 2
  
  No joke. Photos of small-breasted woman, regardless of age, is also considered child-porn.
  
  Bullshit.
  As to the actual story, the police already wander around public car parks checking to see if you've secured your car, and leave a flyer under the wiper. If the car is secure they tick the "Congratulations!" box; if not, they tick a box describing why your car is insecure. A quick Google tells me that this is also fairly common in the Good Ol' US of A.
  Don't see anybody complaining about that, though. Apparently, the police knowing that somebody within a street or two has an open WiFi AP is worse than them physically touching your property and potentially building a database of who habitually doesn't lock their cars...
  
  --
  What part of "a well regulated militia" do you not understand?
4. Re:Accountability by Anonymous Coward · 2012-03-22 23:30 · Score: 2, Interesting
  
  Uh no, it doesn't work that way. If your government does its job properly then no-one needs to lock their cars, and you hardly need cops.
  Only if you're deluded.
  Crime is part of the human condition, even in a mythical perfect communist state there would still be outliers who steal shit. That is just a foolish line of thought because it is foisting responsibility of protecting your property from casual small scale crime on to society just because you're too god damn lazy to lock your doors. The GP's offered social environment is basically a monoculture and, like crop monocultures, it is highly vulnerable to disease wiping out the lot — if you trust everyone by making no effort to protect your stuff then the first crook who comes along will make an absolute killing robbing everyone blind.
  Government and society are nice in that they provide herd safety but it is still the responsibility of each individual within the herd to manage their personal interests themselves, you don't get to externalise (Remember that thing we really hate corporations for doing?) all your personal responsibilities onto everyone else. At least, not unless you're rich enough to afford to pay people to run around cleaning up your mistakes after you.
5. Re:Accountability by Capt.DrumkenBum · 2012-03-23 06:36 · Score: 2
  
  Locking the doors of your car is a foolish waste of time.
  If you lock the doors they break a window, and steal your stuff. If you don't lock the doors you tend to not leave anything in your car for them to steal, and your window doesn't get broken.
  My car doesn't even have door locks. I would say 3 or 4 times a year I get back to me car after work and I can tell someone has gone through my car. (I park in a very high vehicle crime area.)
  I do put the club on the steering wheel though, and have a hidden kill switch.
  The funny thing is I get the same notice on my care about once a year and it never notes that my doors are unlocked. :)
  
  --
  If I were God, wouldn't I protect my churches from acts of me?
Google by Aaron+B+Lingwood · 2012-03-22 19:09 · Score: 4, Interesting

Doesn't google already have this data?
This looks like a money grab from this years' budget
The QPS is always complaining that they do not have enough funding to pay their staff. Now they are wasting precious manhours to mine data that they could easily purchase (or even receive for free) from Google.

--
[Rent This Space]
Finaly! by V!NCENT · 2012-03-22 19:10 · Score: 2

Finaly an actual initiative to protect and serve the people! A little faith in government restored.

--
Here be signatures
I wonder what they will say by Anonymous Coward · 2012-03-22 19:15 · Score: 5, Funny

NSW police may be interested in my wifi ssid "Police_Surveillance_Van_71A"
1. Re:I wonder what they will say by lexsird · 2012-03-22 20:47 · Score: 4, Funny
  
  I name mine "Warning: Virus Detected!"
  
  --
  Take the Red Pill.
Re:wifi security by Anonymous Coward · 2012-03-22 19:17 · Score: 5, Interesting

Insecure WiFi != Insecure network.
At home I have two WiFi network over the same AP, one is open an the other use WPA2, they are in independent networks and with a firewall between both, plus the open is capped to use at max 2mbps.
Possible Abuse by Aaron+B+Lingwood · 2012-03-22 19:26 · Score: 3, Interesting

I find it odd that QPS Media has failed to supply the public with any technical information on what tools they are using and the scope of the exercise
Are they simply searching for wireless networks? Or going as far as trying default passwords?
Are they geocaching MAC Addresses and SSIDs that will be used in other investigations?
Are they sniffing traffic? Are they collecting any personally identifiable information?
While this is a nice service, I do think this does not fall under the purview of the state police
If this is simply a SIGINT operation in disguise, it is better left to the DSD or ASIO
If this is simply a community service, the state governement should use grants to coerce the industry to extend their voluntary code of practice so that ISP's are responsible for making their customers aware of the risks as part of the signup process.

--
[Rent This Space]
1. Re:Possible Abuse by FireFury03 · 2012-03-22 20:27 · Score: 2
  
  While this is a nice service, I do think this does not fall under the purview of the state police
  Why not? The police are in the business of crime prevention as well as catching criminals.
  Breaking into someone's house and stealing their stuff is a crime. If you do it, the police will (hopefully) come after you and lock you up. The police also have programmes whereby they will tour the neighbourhoods and if they spot some bit of bad security they will knock on the door and tell you about it so you can fix it *before* someone takes advantage of it.
  Breaking into someone's network is a crime*. If you do it, the police will (hopefully) come after you and lock you up. In this case, the police are also running a programme whereby they will tour the neighbourhoods and if they spot some bit of bad security they will knock on the door and tell you about it so you can fix it *before* someone takes advantage of it.
  What's the difference?
  (* cracking someone's security, even if it's lowly WEP, is a crime and should be punished - if someone is running any kind of encryption then it is clear that they don't want to let you into the network. On the other hand, I very much believe that it should _not_ be a crime to use an open network, because there is no reasonable way to know that it wasn't intended to be an open hotspot. I would, however, expect these police to tell you "did you know your network is open, here's how to lock it down" to help people who may have left it open by accident. Getting helpful information from the police does *not* mean you can't ignore it if you actually want to run an open network though).
  
  If this is simply a community service, the state governement should use grants to coerce the industry to extend their voluntary code of practice so that ISP's are responsible for making their customers aware of the risks as part of the signup process.
  What kind of "voluntary code of practice" are you talking about? Its true in the past that access points shipped with encryption turned off, but that hasn't been the case for years. So these days the people with open APs are generally either still running old hardware, or are intentionally running them open. I can't see what "code of practice" is going to help with either of these situations.
  
  --
  http://blog.nexusuk.org
2. Re:Possible Abuse by FireFury03 · 2012-03-22 22:15 · Score: 2
  
  On the other hand, I very much believe that it should _not_ be a crime to use an open network, because there is no reasonable way to know that it wasn't intended to be an open hotspot.
  By your logic, it's reasonable to assume anyone without a fence and locked door is inviting me in for dinner.
  No. Public areas (parks, etc) are usually clearly marked as such - it is pretty easy to tell the deifference between a park and someone's unfenced garden.
  On the other hand, wifi has a flag in the protocol explicitly to tell you if it is public or private and there is no other sensible way to tell this. Unfortunately, access points that are accidentally left open will also be broadcasting an "I am a public hotspot" flag, even though the owner didn't intend to do this.
  As an example, if you go for a coffee in "Bob's café" and you find an open access point called "bobs_wifi", are you to assume that this is intended to be used by the customers of the café, or should you assume that Bob lives above the café and this is his personal wifi that has been set up incorrectly? (And yes, it's pretty common for cafés to provide free wifi in the form of an open access point and not even bother to advertise the fact).
  Another example: I have accidentally used someone's personal wifi in the past - it was an open access point that was broadcasting a pretty generic SSID (something like "BTOpenSpace"). BT provide internet connections to homes and businesses (with associated wifi kit), but they also provide public hotspots under a variety of names (BTOpenZone, BTFon and a few others). Without a good knowledge of all the hotspot providers and ISPs, it is impossible to know which ones are private and which are public without trusting that the ones that advertise themselves as public really are (as it turns out, the BTOpenSpace one was someone's home ADSL, but I didn't realise this until afterwards).
  Also, anything that automatically looks for public wifi hotspots can *only* trust what the access point is advertising itself to be - since no human is reviewing its decisions, there are no judgement calls. My SIP handset will auto-associate with any public network if it can't find my private one - it isn't going to ask me every time it needs to change network, so even if your network has the SSID of "private_keep_out", it'll still happilly use that network if your AP is advertising itself as a public hotspot.
  So sorry, since legitimate public hotspots are very common and there is no way to tell them apart from incorrectly configured private access points, I can't see how it can be considered a crime for someone to use a private hotspot that is advertising itself as being public. This isn't like an obvious private garden not having fences, it's more like an unfenced garden with a bloody great sign outside it saying "please come in".
  
  --
  http://blog.nexusuk.org
australian Accountability by johnjones · 2012-03-22 19:35 · Score: 3, Interesting

thats exactly it !
realistically hacking a wpa setup by a person with no experience is pretty unsecured
(do you really want to know how many people have password1 or changeme...)
have a look at this:
http://open.youyuxi.com/
australia is censored beyond what I certainly expected...
regards
John Jones
Re:Broken security by SilentChasm · 2012-03-22 19:38 · Score: 4, Informative

As far as I know WPA/WPA2 isn't broken, only WPS's PIN mode (enter an easy 8 digit number instead of a complicated alphanumeric passphrase). Granted you can still bruteforce the PSK itself instead of the PIN but then you've just got the same problem of weak passwords that many other things do.
Re:what's next by Aaron+B+Lingwood · 2012-03-22 19:40 · Score: 2

police going around to everyone's door trying to open it?
Some police beats in shopping centres check parked cars and leave a nice little letter with a nice big fine if they find one unlocked.

--
[Rent This Space]
Re:what's next by Aryden · 2012-03-22 19:54 · Score: 3, Informative

Then you're littering.
Re:Safe wi-fi spot by Aryden · 2012-03-22 19:56 · Score: 2

If your WiFi is secured, then you don't need the defense because only those who really want to will use your WiFi to download files.
FTFY
Re:Broken security by thegarbz · 2012-03-22 19:58 · Score: 4, Informative

WPA and WPA2 isn't broken. There's only a configuration problem in WPS (a system designed to bypass having to enter a WPA key, who thought that was a good idea anyway?). Even that isn't broken as such. The effect is that the brute force attack has been simplified to the point where it is achievable to actually perform rather than having to brute force the entire array of usable keys. A simple configuration change that either fixes the problem or better yet limits the number of tries or the rate of tries for connecting using WPS would instantly make it secure again.
The irony? Older access points which support WPA and WPA2 but don't support WPS are quite secure.
The double irony? I have never had WPS actually work on my access point even when the PIN is known, so I'm amazed that this is a suitable attack vector in the first place.
Money must grow on trees in Queensland by anarkhos · 2012-03-22 20:10 · Score: 2

to pay for this crap

--
>80 column hard wrapped e-mail is not a sign of intelligent
>life
Re:what's next by Aaron+B+Lingwood · 2012-03-22 20:17 · Score: 2

They NEVER leave a Fine on a car for being unlocked.
Never Say Never

--
[Rent This Space]
Re:what's next by blackest_k · 2012-03-22 21:28 · Score: 2, Insightful

That law is ridiculous, i've had several locked cars broken into and the damage due to breaking in has always cost more than anything stolen. Generally the only thing of value is a couple of euro and the radio which although it has bluetooth, mp3 cd cost 56 euro a new door or window costs a lot more to fix than replacing the radio.
The engine immobiliser still works you need a proper coded key for the ignition to work, you might still steal the car but the door locks are not going to be much of a barrier honestly.
Sure sometimes i might be carrying something of value when it makes the cost of repairing the car less than the cost of the stolen goods but then i would lock it.
however in practical terms the cost of a break in is my insurance excess (500 euro) + the loss of noclaims discount which is around 75% a loss of (750 euro).
A friend of mine had his lorry fuel tank syphoned in a locked patrolled yard no less, the police said he should have a locking cap on the tank. well that is all well and good until you realise the tank would still have been broke into and the tank damaged in the process and his lorry would have been off the road making him unable to meet his contracts. While annoying and expensive to lose fuel that way the alternative could cost him a lot more maybe even his business.
Security is a trade off and it makes no sense to ensure the cost of flimsy security measures costs more than the things stolen in the first place.

--
Blarney Quality Restaurant, Plants
I broadcast about 120 open AP's by Lumpy · 2012-03-22 22:29 · Score: 4, Funny

All of them named Linksys, Dlink, Wireless, etc... and all to a single router that is connected to nothing at all.
It significantly reduces the volume of idiot neighbors that do not configure their new wireless as many times they will connect to me instead.
Works great, when I shut it off, I see no more default router names.
It also screws with the wardrivers, I look at some of the maps every few months and see my location with a giant pile of AP names around my building.

--
Do not look at laser with remaining good eye.
1. Re:I broadcast about 120 open AP's by Richy_T · 2012-03-23 06:31 · Score: 2
  
  That's a terrible idea. The channels overlap somewhat.
Re:Broken security by FireFury03 · 2012-03-22 23:16 · Score: 2

google got a lot of trouble for doing so. because its inevitable they capture some actual content of connections on insecure wlans.
Google got into trouble for _storing_ that data, not capturing it.
(IMHO they shouldn't have got into trouble for any of it anyway, if you broadcast something into a public space you should have no expectation of it not being captured, stored, analysed, etc.)
Incidentally, why did the law enforcement authorities complain about Google storing data (which could have been analysed later, even though Google said they weren't going to do this), whilst shopping centres are starting to get away with capturing cellphone beacons and analysing them to build a picture of shopper movements? I'm much happier about Google capturing some random data that people have _chosen_ to transmit in the clear than someone capturing data that is mandated by international protocol standards to be transmitted in the clear.

--
http://blog.nexusuk.org
Do what I did by fast+turtle · 2012-03-23 01:17 · Score: 2

and buy a router with the a guest network capability. One device that offers dual AP - protected full speed for the home - un/protected guest ap that's restricted to 1/10 network bandwidth and isolated from the lan. Cost was $45 at Walmart

--
Mod me up/Mod me down: I wont frown as I've no crown
The *proper* solution... by IGnatius+T+Foobar · 2012-03-23 02:56 · Score: 2

The *proper* solution is to *accept* that some folks have open wifi, are ok with sharing their bandwidth, and therefore a consumer IP address is *not* to be admitted as evidence of a "crime" that has been committed using the public Internet.

--
Tired of FB/Google censorship? Visit UNCENSORED!
Pure Paranoia by Belial6 · 2012-03-23 03:21 · Score: 2

Clearly that is not how it works. If it was, every McDonald's, Starbucks, and half the other retail stores out there would not be offering free unencrypted WiFi. Fear that some criminal is going to drive around town looking for your open WiFi so that they can commit a crime is complete paranoia. There are open WiFi hotspots everywhere that wouldn't draw attention if a stranger was sitting in their car using it. They are even put on maps, and advertised by the businesses offering the open WiFi.