As far as we can tell it could contain your name, your credit-card number, your SSN, your mother maiden name, and say that you've looked at animal porn yesterday.
Ahem:
c3QuYmluYXJ5LWVudmlyb25tZW50cy5jb20vqQKZ6jUcO
Come on, any fool can tell he's into watersports.
So you alreay knew WinRK gave the best compression? I didn't; never even heard of it.
Well thank heavens we have now! If there's one area of computing I've always felt I wasn't getting enough variety, it's compression algorithms and the associated apps needed to operate with them.
If there's one thing that brightens my day, is a client sending me a PDF compressed with "Hey-boss-I-fucked-your-wife-ZIP" right on deadline.
What means do I have as an operator of an open network, to let people know that my network really is open, not just poorly configured?
Exactly. It get's to be less and less a case of who's technically correct, and more what's reasonable.
If I park up in some residential street and notice an insecure AP, I'd have little doubt it's unintentionally so. Even if it is intentionally open, I would wonder if they're really aware how bad an idea that is. The only time I would think it's intended for free consumption by the public is if it has been made known to me before either verbally by the owner, by a sign, or deal I had made. Thousands of analogies have been tried here, and it's hard to find one that fits well, but at the end of the day you're connecting someone's network. Now that may have been made easier by the fact it's propagated with radio waves rather than well hidden copper, but I try to imagine it the same as hacking into the copper, without having to trespass & break.
That is to say, it somewhere halfway between innocence and tresspass for. I've enjoyed all of your comments, very well thought out. Thanks.
Oh come on. People use DHCP to ease network management, it was never intended as a means of authentication and authorisation, which is what we're talking about. The fact that some you were assigned a network address by DHCP has nothing to do with whether you were authorised or not.
If this guy hacked into a secure network, that's a different story, of course.
Why? What if he broke in, and went on to get a DHCP lease? Because what you're saying is that a DHCPOFFER/DHCPACK is explicit permission to go on using it.
Okay, you know the difference between implicit and explicit, but you don't know the difference between a certain byte value in a certain field of a DHCP PDU, and actual permission and authorisation in the real world. I know this is slashdot, but jeez - the amount of people here thinking that just because the DHCP RFC refers to Offers, Requests and Acknowledgments, that equates to actual authorisation and permission in the real world. As I said in another post, they're called offers and requests etc. to ease understanding of the protocol. The word "OFFER" never actually flies over the wires.
In summary, even if you are explicitly "offered" an IP, you weren't offered anything else, implicitly or otherwise.
It's existed in the NUL form going right back to early DOS days (and before, in CPM etc I think), which exists whatever directory you're in. Other device names include CON (console), AUX, PRN, COM1, LPT1 etc.
And to really rub your nose in it, Windows won't allow you to create a file or directory anywhere with any of those names. Just what I need from a filesystem: An historically bound list of arbitrary letter combinations that I can't use as a filename anywhere. Oh well, at least it's saved them the trouble of making any changes to command.com for 12 years.
And the thing that irks me about your post is that you think, in the absence of anything forbidding it, that the network "explicitly authorised him to access it". Do you know what 'explicit' means? There's nothing explicit here at all. While you might argue that the lack of security meant that authorisation was granted implicitly, I still don't agree. If you want to know why, read my other posts in this topic.
Hang on a minute - your original argument is still being challenged.
And that is to say: DHCP packets are as much "offers" and "invitations" as HTTP "cookies" are food.
Yes indeed, it's foolish to configure your DHCP server to hand out leases just as a public webserver hands out files. The fact that some operating systems will automatically join the first unsecured AP they see doesn't help - as many here view
If you don't want me using your connection (HTTP or DHCP) then set your server to not respond to my requests.
That's correct and I do this myself, just as I lock my car and house. It doesn't mean that by neglecting to do this I've implicitly invited anyone and everyone to make use of them. The protocols work this way for convenience of legitimate use. I agree with you as far as saying 'people should secure their APs', but don't believe they're open slather if never knew to.
Exactly what your opeating system makes of the information flying over the wires is up to it.
My point again, nothing in the packets from it actually "invited" you in, as much as you want to believe it. It's just jargon that makes the procedure easier to understand. As I said to another poster further down, (completely with a typo) these are as much "invites" as HTTP cookies are nutritious.
Look - I pretty much agree with you. We're both technical people and understand not only that we should secure our APs if we don't want them shared, but also that certain packets that eminate from them are called "Advertisments" and "DHCP offers" etc. That doesn't mean they translate directly into legally binding advertisments and offers.
In fact, little other than a byte or two carrying a special value that is understood by the software to represent "advertisements and offers" is transmitted. It's all very clear to us what's going on and what we've got to do to prevent unauthorised use, but don't expect the legislators to think the same way. They're going to see it as cut an dry as the "unlocked door" analogy which I believe is reasonably apt.
I hear what you're saying and I don't think you're misguided at all, it's just that I think that argument doesn't look at both sides.
So accepting people's invitation to use their Wifi (by not securing it) is a crime...
Judge: Oh, I'm sorry, I didn't realise you'd been invited to use that access point. Let's see your invite. Oh, wait - you mean since you weren't explicitly forbidden from using the access point, that's an implicit invitation.
It is the same as accusing someone of copyright infringement if they listen to their neighbor's CDs because their sound system is too loud...
Your analogy is missing a car or two. IOW, it's not a particularly apt analogy.
Why does the existance of an encrypted disk allow the Judge/Jury to presume that you are guilty? I think that an encrypted disk tells them nothing.
Nobody said the encrypted disk is a presumption of guilt. It's just that it in most courts, you either turn over the keys to allow the encrypted volume to be investigated, or be presumed guilty. This is likely what the OP meant by "your excuse why you can't show the court whats in it". If the defendant handed over the keys then the entire purpose of the encrypted FS would be defeated. If he refused to he'd be presumed guilty. Basically all he could say is "My dog ate it."
Slashdot Mirror
They can't cluck here or all their points in this thread will be reversed.
To clear up any confusion created by the parent comment:
Free != Free
c3QuYmluYXJ5LWVudmlyb25tZW50cy5jb20vqQKZ6jUcO
Come on, any fool can tell he's into watersports.
I should give credit to Profane MuthaFucka (574406) for the "Hey, boss..." name he coined here.
If there's one thing that brightens my day, is a client sending me a PDF compressed with "Hey-boss-I-fucked-your-wife-ZIP" right on deadline.
If you want me to go on arguing, you'll have to pay for another five minutes.
Yeah, but the first hit's free.
If I park up in some residential street and notice an insecure AP, I'd have little doubt it's unintentionally so. Even if it is intentionally open, I would wonder if they're really aware how bad an idea that is. The only time I would think it's intended for free consumption by the public is if it has been made known to me before either verbally by the owner, by a sign, or deal I had made. Thousands of analogies have been tried here, and it's hard to find one that fits well, but at the end of the day you're connecting someone's network. Now that may have been made easier by the fact it's propagated with radio waves rather than well hidden copper, but I try to imagine it the same as hacking into the copper, without having to trespass & break.
That is to say, it somewhere halfway between innocence and tresspass for. I've enjoyed all of your comments, very well thought out. Thanks.
Okay, you know the difference between implicit and explicit, but you don't know the difference between a certain byte value in a certain field of a DHCP PDU, and actual permission and authorisation in the real world. I know this is slashdot, but jeez - the amount of people here thinking that just because the DHCP RFC refers to Offers, Requests and Acknowledgments, that equates to actual authorisation and permission in the real world. As I said in another post, they're called offers and requests etc. to ease understanding of the protocol. The word "OFFER" never actually flies over the wires.
In summary, even if you are explicitly "offered" an IP, you weren't offered anything else, implicitly or otherwise.
And the thing that irks me about your post is that you think, in the absence of anything forbidding it, that the network "explicitly authorised him to access it". Do you know what 'explicit' means? There's nothing explicit here at all. While you might argue that the lack of security meant that authorisation was granted implicitly, I still don't agree. If you want to know why, read my other posts in this topic.
I'd just like to say you make very good points, which cause me to question my own judgement and information. Thank you.
And that is to say: DHCP packets are as much "offers" and "invitations" as HTTP "cookies" are food.
Yes indeed, it's foolish to configure your DHCP server to hand out leases just as a public webserver hands out files. The fact that some operating systems will automatically join the first unsecured AP they see doesn't help - as many here view That's correct and I do this myself, just as I lock my car and house. It doesn't mean that by neglecting to do this I've implicitly invited anyone and everyone to make use of them. The protocols work this way for convenience of legitimate use. I agree with you as far as saying 'people should secure their APs', but don't believe they're open slather if never knew to.
Yes, I know. It's nutritious
If there's a sign on the door that says "OPEN", then yes.
My point again, nothing in the packets from it actually "invited" you in, as much as you want to believe it. It's just jargon that makes the procedure easier to understand. As I said to another poster further down, (completely with a typo) these are as much "invites" as HTTP cookies are nutritious.
Stop confusing RFCs with legislation. Just because they're called DHCPOFFER and AP 'invitations' doesn't mean they're formal, legally binding terms.
In fact, little other than a byte or two carrying a special value that is understood by the software to represent "advertisements and offers" is transmitted. It's all very clear to us what's going on and what we've got to do to prevent unauthorised use, but don't expect the legislators to think the same way. They're going to see it as cut an dry as the "unlocked door" analogy which I believe is reasonably apt.
I hear what you're saying and I don't think you're misguided at all, it's just that I think that argument doesn't look at both sides.
Dump from your packet sniffer please. Should I expect to find those exact words, or just something along those lines?
My car displays its number plate "YE2242". Does that mean you're allowed to use YE2242 for anything I use it for?
The only info I can add is that 64-40=24. ;)