All of which supports my nickname for her: Sharron "Obtuse" Angle.:)
She's obtuse about the Constitution, obtuse about science, and obtuse about reality.
Religion has, historically speaking, been the greatest force for good our planet has ever seen.
And the greatest force for evil our planet has ever seen. Witness all the atrocities being perpetrated in the name of religion, from religious terrorism (9/11, the OK City bombing, the "witch hunts" in Africa) to whole wars (the Crusades and the current conflicts in the Middle East). No amount of "good" can ever outweigh the pain and suffering brought by acts like these.
Religion is a tool created by men to control other men by leveraging mankind's innate fear of the unknown and the different. Anyone who believes otherwise is too wrapped up in one's beliefs to see what is real or to think rationally or objectively -- what could be called "not seeing the forest for the trees".
These people usually also have a default admin password in the router that's trivially guessed. No kidding. A quick Google search will turn up a list of default SSIDs and admin usernames and passwords for almost every brand of router on the market.
Maybe iTunes hooks into Safely Remove Hardware, and closes out writes before letting Windows confirm it's safe to remove the device. This is probably what's broken in Vista.
Maybe not. According to Apple's iPod and iTunes documentation, Apple recommends using the Eject iPod command in iTunes before using the Safely Remove Hardware command in the Windows System Tray. They strongly emphasize doing the same (among other things) in their technical bulletin regarding the iTunes/Vista issue. This suggests to me that iTunes doesn't hook into the Safely Remove Hardware command at all.
I updated my iPod yesterday using the latest version of iTunes running under Vista Ultimate, following Apple's instructions in the tech bulletin to the letter (including activating Disk Mode on my iPod). My iPod came through the entire process -- which included a much-needed iPod software upgrade and a complete restore of my iTunes library -- safely.
Maybe this problem isn't so much an Apple issue or a Microsoft issue, but a PEBCAK issue.;)
Sorry for the belated reply... I needed to get some sleep and sort my thoughts out.:)
Left it open by accident? There is no way to "leave it open by accident." Either they configured it or they didn't. If they didn't, then them must have meant to leave it open.
Consider the following scenario:
Dad comes home and sets up a wireless AP. Just as he's getting ready to configure the wireless security, Junior comes down with his wireless-ready notebook PC, excited that he's now getting the Internet. Dad joins him for a few hours of male bonding and web surfing... and eventually forgets to set the AP's security functions.
Or this one:
Mom is setting up a wireless router, and is using the Web-based interface to make some configuration settings. She comes across the setting to enable the SSID, but notices that it's labelled
"Advanced Users Only". Not thinking herself an "advanced user", she decides to leave the SSID feature off. And since the other security settings are listed below that notice, she decides to leave those settings turned off as well.
In both scenarios, the APs' security features were turned off, in effect making the APs "open". Did their owners know they were open? Probably not, as I'll explain below.
The documentation included with the device TELLS you that.
Not in plain language. Not in so many words. And certainly not with any significant warning that leaving the security setting turned off may allow unauthorized access to the AP, the wireless LAN, or the Internet from outside the home. Moreover, the instructions are buried inside both the user manual and the devices' Web interfaces, sometimes under headers like "advanced users only", and the instructions are so heavily laced with technobabble that the average (i.e., non-tech savvy) user would be quite intimidated.
(At this point, the smart ones would get on the horn and call the store they got the device from, or a tech-savvy friend, or the manufacturer's tech support line for help. The more, um, clueless ones will likely either slog on the best they can, or just leave everything turned off.)
Your comment:
He or she chose to run the AP open, implicitly allowing all traffic.
itself implies that the user in question consciously and knowingly opened the AP and was fully aware of the consequences of doing so. Given the scenarios I've outlined above, it is entirely possible for an end user to "configure" a wireless AP so that it's "open" without knowing that it's open to outside access and without being aware of the consequences .
I probably am. Somewhere. Please feel free to guide me in the right direction.:)
Here's how I understand it:
I understand the process of how a wireless AP grants permission to a wireless user who wishes to connect. I also understand that an open AP is by definition granting permission for outside users to connect to the Internet via the AP. But AIUI this process presumes that the AP is configured properly and in accordance with the AP owner's wishes, and that the AP owner knows that the AP is configured properly.
But what about those who have unwittingly left their APs open? This would be like your analogy:
It's a real estate agency you hire putting an OPEN HOUSE sign in your yard and then you trying to shoot people for trespassing when they come on your property.
(only in this case it would be as if the owner him/herself had unwittingly put up the sign, not knowing what it read)
Sure, in the above case, they probably didn't do things correctly, but do they deserve being screwed over (pardon my swearing) by some smarmy wardriver just because they left their cybernetic front door wide open? Or does the innocent wireless user, who thought he connected to a legitimately open AP, deserve getting busted for unauthorized access to a computer network? (AIUI, an AP that's been inadvertently left open looks pretty much like one intentionally opened, right?)
I'm sorry, I'm not being too clear here -- I'm just pissed off by the apparent attitude of those who say, "It's an open AP, so what? Plug in! Go online! Who cares if it's open? If they left it open by accident, it's their own fault." And when I get pissed off, I get distracted to no end, and that doesn't help things. ^^;;;;
I guess what I'm trying to say is that those who use APs, especially at home, should be careful in how they set them up and make sure that they're set up the right way, and that outside wireless users should be a little more careful in trying to access "open" APs, especially in residential areas.
I think that if everyone did this, we wouldn't worry about wardrivers taking advantage hapless AP owners, or about legit wireless users accidentally connecting to the wrong "open" AP.
[...] In the absence of any security measures, it must be assumed that the owner is NOT limiting the use of the WAP.
(Emphasis added.)
This is precisely where those who believe that open APs, particularly those in private residences, can be freely accessed without permission are making a mistake: they are ASSUMING -- accepting as true without proof or on inconclusive grounds -- that the WAP is open because the WAP's owner wants it open. But this assumption discards, out of hand, the possibility that the WAP may be misconfigured (either due to negligence or ignorance) or that the WAP's owner failed to activate the security measures (again, due to negligence or ignorance).
Given this possibility, I believe that no one should "assume" that it's OK to connect to an unsecured WAP, especially one in a private residence, unless one knows for certain that the WAP's owner has intentionally made it open -- by asking the WAP's owner personally.
If it doesn't mean it's OK, it should. The AP is an extension of the owner. The conversation between client and server AUTHENTICATES via handshake. That is implicit authorization.
Between the machines. Not the users. Just because the machines can connect and communicate doesn't mean that they should.
It's not analagous to an open door on your house.
It actually is, because the AP acts as the "door" between the mobile user's laptop and the resident's Internet access -- access that the resident pays a monthly fee for. An unsecured AP is thus analogous to an unlocked front door.
It's a broadcast in the public area.
That depends on how "public area" is defined. One could argue that an apartment complex or a gated residential community is not a public area.
That frequency is public domain. It's closer akin to listening to the radio in the car next to you while you're stuck in traffic, then beating that person in dialing in to win the free concert tickets.
Except that the other person in the car has the expectation that he's the only one listening to the radio at that moment. (Never mind that he's got the windows on his hoopty rolled down and is blasting the latest rap/country/smooth jazz/right-wing talk/whatever radio program out the speakers with the volume turned up to 12.) The second he sees that you're eavesdropping -- without benefit of a radio -- his expectation of privacy has been broken, and he would likely feel (rightfully) outraged at your intrusion.
The same is true of a residential Internet connection -- the home user has purchased it for his/her/family's exclusive use and thus expects to be the exclusive user of the service. If the user then installs a wireless AP and fails to configure it properly, of course all measure of "exclusive use" has gone out the window -- but the user may not know this and still expects to be the "exclusive user". If and when that user discovers that some wardriver is using his Internet account to do deity-knows-what, of course there'll be outrage, and of course it's the user's fault for not configuring the AP properly. But does that mean that it's OK for the wardriver to access the AP in the first place?
It's not stealing bandwidth either. Either the bandwidth is in use or it isn't, it's relatively in-exhaustable.
But it's not infinite. The bandwidth on cable Internet services is shared -- a limited amount of bandwidth is shared by users in a given area. If more users in a given area use that limited amount of bandwidth, they will each have less individual bandwidth (i.e., slower speeds) for file transfers and such. (Of course, DSL differs in this aspect in that bandwidth is limited by the distance from the CSO.)
And what about streaming audio and video? If both the residential user and the wardriver are online at the same time, and the residential user decided to play a high-resolution full-screen streaming video program, s/he is going to see things slow down rather noticeably for no apparent reason.
Also, many residential broadband Internet accounts in the US have download caps, which limit how much data the user can download in a given month. If that cap is exceeded, the ISP can either cut off all access until the next month, or bill the user for the excess bandwidth. If a wardriver piggybacking on a residential account via an unsecured AP starts slurping tons of warez via BT, the residents may find themselves with an unexpectedly large bill -- or no Internet access at all -- until the end of the month.
You might could argue that it's stealing access, but the Internet is, or should be, less a public utility and more a public roadway.
In the US, Internet access is most decidedly not a public utility (although it is trending that way in certain local
In 802.11 there are a few ways to communicate your intent. In this case, every possible means of this communication was saying "I'm open". How else, in your opinion, is an AP owner supposed to communicate an intent of openness to clients?
I think the problem WRT open APs has as much to do with those who access the APs as it does with AP owners.
It seems to me that the general assumption regarding open APs is, "if an AP is open, it's because the owner wants it to be open". But the assumption doesn't take into account any possibility that an AP may have been accidentally been left open due to improper configuration or negligence on the part of the AP's owner -- many AP owners have been known to use the devices straight out of the box without even changing the default passwords, as many black hat wardrivers can attest (in fact, the wardrivers in the UK and Florida cases may have been relying on such negligence).
My suggested advice, and one that I feel all wireless users should heed:
Wireless access point and router owners: Unless you truly and honestly intend to maintain an open access point, change the router's or access point's default settings to close off unwanted outside access. Read the AP's/router's instruction manual carefully if you have any questions on how to do this.
Mobile wireless Internet users: If you detect an open wireless access point or router that is located in a private residence, LEAVE IT ALONE -- DO NOT CONNECT TO IT until you contact the AP's owner and get permission to use it -- it's possible that they may have left the AP open by accident, and may not have meant to run it openly. Never assume that an open AP was intentionally set up that way.
Now, any suggestions on how we can get the above across to wireless newbies before bad things happen to them?:)
What does the time duration have to do with it? Do people who knowingly and explicitly intend to run open APs always keep them up for less than 3 months?
I'm sorry I wasn't clear, but the three month timeframe was from the BBC article referenced in the parent post, and was the amount of time that the wardriver used the unsecured AP in question before he was arrested. I may have inappropriately used it out of context. My sincere apologies if I muddied the waters. ^^;;;
If the AP owner left his AP open even after all the information in the manual indicated that this was probably a bad idea, then someone else using it after a proper handshake should be ok.
Sorry, but no. I find ridiciulous and without merit any notion that a wardriver or jaysurfer should be held harmless for accessing a private AP that was left open simply because the AP owner "didn't read the manual". (Besides, just because the AP says it's OK to connect does NOT mean that the AP's OWNER says it is.)
Sure, not reading the manual doesn't excuse AP owners from setting the AP's security properly, but then again, AP owners shouldn't be punished twice for their ignorance (once for not setting things up right, and once for having their bandwidth stolen from them).
If the "victim" did not intend for his AP to be open then you cannot possibly fault the guy who connected to it when *every* relevant standard of communicating such an intention had indicated that this was an open AP: The SSID broadcast, the accepted association request, the DHCP response giving him an IP address and telling him to send all his internet bound traffic to that particular router..
Irrelevant, in my mind. All the SSID broadcast told the wardriver was that the AP itself was open. It didn't tell him if the AP's owner knowingly and explicitly intended for the AP to be open -- an automatic connection does not imply consent, IMHO. Since the wardriver in this case took advantage of this situation for three months, it stands to reason that he (the wardriver) intentionally took knowing advantage of the AP owner's ignorance, and thus is at fault.
If I see a store with a sign labeled 'open' on the front of it, would you consider me a burglar if I walked into it without asking the shopkeeper first? If there's a bus sitting on the curb and the door is open, am I hijacking the bus if I just walk into it? If there's a house with a sign labeled "garage sale" out front am I tresspassing if I start wandering around the front yard looking at things sitting out?
Another set of bad analogies. All of these things -- the store, the bus service, and even the garage sale -- are offerings set up knowingly and intentionally by their proprietors for the explicit and express purpose of offering goods or services. The store vendor is expecting people to enter his store and buy stuff. The bus service operator is expecting people to board and ride their buses. And the garage sale vendor is expecting people to come over and buy stuff.
Was the victim knowingly and intentionally offering his Internet access by having his AP "open"? Most likely, he wasn't, at least knowingly -- given the way wireless internet devices are marketed nowadays (like "plug-and-play" devices), more often than not securing the AP/router is probably the last thing end users have in mind -- if it's on their mind at all.
You are correct in stating that the Prius, and other gas/electric hybrids, are not "alternative fuel vehicles" -- This page lists the various tax deductions for hybrids and other alternative fuel vehicles currently in effect in the US, and it does say that "hybrids are not eligible for the electric vehicle tax credit".
I have apparently made a bad assumption, for which I humbly apologize. -_-
which comes from the US Environmental Protection Agency, shows that, of the 10 most-fuel efficient cars currently available, the top 7 are hybrids, with four diesels -- the VW New Beetle, Golf and Jetta (tied for 8th), and the Jetta Wagon (9th) -- coming up just behind. (A caveat: the EPA fuel economy testing methodology unwittingly favors hybrids, but in the real world, hybrids still maintain a significant edge in fuel economy.)
Moreover, diesels typically have worse emissions than hybrids, especially in particulates and greenhouse gases. These figures may improve, however, when federally-mandated low-sulfur diesel fuel begins to be sold in the US starting next year, but how much of an improvement that will be remains to be seen. Even so, hybrid emissions will still likely be lower than those of diesels. See
Diesel is cheaper than petrol too.
Actually, according to the Energy Information Administration (a subdivision of the US Department of Energy), in the United States, diesel fuel is more expensive than gasoline -- on average, prices for diesel fuel are currently 12.2 cents per gallon higher than regular unleaded gasoline, mostly due to higher taxes and refining costs.
In Britain, it's worse -- according to the Automobile Association, diesel fuel prices last month were 4.1p/liter more than unleaded petrol -- which translates into a whopping 27.6 US cents per gallon difference:
The trouble with hybrids is that they simply don't make ecomomic sense.
Actually, taking into account the total cost of ownership (fuel and maintenance costs, depreciation and other factors), hybrids may save enough money over the long term to more than make up for the "cost" of the hybrid drive system ($2,500 to $3,000, in the case of the Prius).
I only know that I've heard enough people here in the U.S. talk about getting a tax credit for buying an alternative fuel vehicle that it's become almost a habit of pointing out to them that hybrids don't qualify as an alternative fuel vehicle.
Actually, the Toyota Prius does qualify for the US$2,000 alternative fuel vehicle credit -- in fact, the IRS document that certifies the Prius as qualifying for the credit can be found here:
I'm saying the toyota Prius costs $40,000 dollars to make. Toyota sells it to the car companies for $40,000. USA pays off $20,000 dollars, and then the car sells for $20,000 dollars. Hence, the word subsidized. Consumers get the hybrid cars for cheaper than what it's worth.
From what I've heard, neither the US nor the Japanese government are subsidizing the Prius in any way, shape or form. Could you please provide proof of your assertion? A verifiable link or document, perhaps?
Slashdot Mirror
All of which supports my nickname for her: Sharron "Obtuse" Angle. :)
She's obtuse about the Constitution, obtuse about science, and obtuse about reality.
Religion has, historically speaking, been the greatest force for good our planet has ever seen.
And the greatest force for evil our planet has ever seen. Witness all the atrocities being perpetrated in the name of religion, from religious terrorism (9/11, the OK City bombing, the "witch hunts" in Africa) to whole wars (the Crusades and the current conflicts in the Middle East). No amount of "good" can ever outweigh the pain and suffering brought by acts like these.
Religion is a tool created by men to control other men by leveraging mankind's innate fear of the unknown and the different. Anyone who believes otherwise is too wrapped up in one's beliefs to see what is real or to think rationally or objectively -- what could be called "not seeing the forest for the trees".
I updated my iPod yesterday using the latest version of iTunes running under Vista Ultimate, following Apple's instructions in the tech bulletin to the letter (including activating Disk Mode on my iPod). My iPod came through the entire process -- which included a much-needed iPod software upgrade and a complete restore of my iTunes library -- safely.
Maybe this problem isn't so much an Apple issue or a Microsoft issue, but a PEBCAK issue.
(At this point, the smart ones would get on the horn and call the store they got the device from, or a tech-savvy friend, or the manufacturer's tech support line for help. The more, um, clueless ones will likely either slog on the best they can, or just leave everything turned off.)
Your comment: itself implies that the user in question consciously and knowingly opened the AP and was fully aware of the consequences of doing so. Given the scenarios I've outlined above, it is entirely possible for an end user to "configure" a wireless AP so that it's "open" without knowing that it's open to outside access and without being aware of the consequences .
Here's how I understand it:
I understand the process of how a wireless AP grants permission to a wireless user who wishes to connect. I also understand that an open AP is by definition granting permission for outside users to connect to the Internet via the AP. But AIUI this process presumes that the AP is configured properly and in accordance with the AP owner's wishes, and that the AP owner knows that the AP is configured properly.
But what about those who have unwittingly left their APs open? This would be like your analogy: (only in this case it would be as if the owner him/herself had unwittingly put up the sign, not knowing what it read)
Sure, in the above case, they probably didn't do things correctly, but do they deserve being screwed over (pardon my swearing) by some smarmy wardriver just because they left their cybernetic front door wide open? Or does the innocent wireless user, who thought he connected to a legitimately open AP, deserve getting busted for unauthorized access to a computer network? (AIUI, an AP that's been inadvertently left open looks pretty much like one intentionally opened, right?)
I'm sorry, I'm not being too clear here -- I'm just pissed off by the apparent attitude of those who say, "It's an open AP, so what? Plug in! Go online! Who cares if it's open? If they left it open by accident, it's their own fault." And when I get pissed off, I get distracted to no end, and that doesn't help things. ^^;;;;
I guess what I'm trying to say is that those who use APs, especially at home, should be careful in how they set them up and make sure that they're set up the right way, and that outside wireless users should be a little more careful in trying to access "open" APs, especially in residential areas.
I think that if everyone did this, we wouldn't worry about wardrivers taking advantage hapless AP owners, or about legit wireless users accidentally connecting to the wrong "open" AP.
Now... am I still missing the point?
This is precisely where those who believe that open APs, particularly those in private residences, can be freely accessed without permission are making a mistake: they are ASSUMING -- accepting as true without proof or on inconclusive grounds -- that the WAP is open because the WAP's owner wants it open. But this assumption discards, out of hand, the possibility that the WAP may be misconfigured (either due to negligence or ignorance) or that the WAP's owner failed to activate the security measures (again, due to negligence or ignorance).
Given this possibility, I believe that no one should "assume" that it's OK to connect to an unsecured WAP, especially one in a private residence, unless one knows for certain that the WAP's owner has intentionally made it open -- by asking the WAP's owner personally.
Between the machines. Not the users. Just because the machines can connect and communicate doesn't mean that they should.
It actually is, because the AP acts as the "door" between the mobile user's laptop and the resident's Internet access -- access that the resident pays a monthly fee for. An unsecured AP is thus analogous to an unlocked front door.
That depends on how "public area" is defined. One could argue that an apartment complex or a gated residential community is not a public area.
Except that the other person in the car has the expectation that he's the only one listening to the radio at that moment. (Never mind that he's got the windows on his hoopty rolled down and is blasting the latest rap/country/smooth jazz/right-wing talk/whatever radio program out the speakers with the volume turned up to 12.) The second he sees that you're eavesdropping -- without benefit of a radio -- his expectation of privacy has been broken, and he would likely feel (rightfully) outraged at your intrusion.
The same is true of a residential Internet connection -- the home user has purchased it for his/her/family's exclusive use and thus expects to be the exclusive user of the service. If the user then installs a wireless AP and fails to configure it properly, of course all measure of "exclusive use" has gone out the window -- but the user may not know this and still expects to be the "exclusive user". If and when that user discovers that some wardriver is using his Internet account to do deity-knows-what, of course there'll be outrage, and of course it's the user's fault for not configuring the AP properly. But does that mean that it's OK for the wardriver to access the AP in the first place?
But it's not infinite. The bandwidth on cable Internet services is shared -- a limited amount of bandwidth is shared by users in a given area. If more users in a given area use that limited amount of bandwidth, they will each have less individual bandwidth (i.e., slower speeds) for file transfers and such. (Of course, DSL differs in this aspect in that bandwidth is limited by the distance from the CSO.)
And what about streaming audio and video? If both the residential user and the wardriver are online at the same time, and the residential user decided to play a high-resolution full-screen streaming video program, s/he is going to see things slow down rather noticeably for no apparent reason.
Also, many residential broadband Internet accounts in the US have download caps, which limit how much data the user can download in a given month. If that cap is exceeded, the ISP can either cut off all access until the next month, or bill the user for the excess bandwidth. If a wardriver piggybacking on a residential account via an unsecured AP starts slurping tons of warez via BT, the residents may find themselves with an unexpectedly large bill -- or no Internet access at all -- until the end of the month.
In the US, Internet access is most decidedly not a public utility (although it is trending that way in certain local
It seems to me that the general assumption regarding open APs is, "if an AP is open, it's because the owner wants it to be open". But the assumption doesn't take into account any possibility that an AP may have been accidentally been left open due to improper configuration or negligence on the part of the AP's owner -- many AP owners have been known to use the devices straight out of the box without even changing the default passwords, as many black hat wardrivers can attest (in fact, the wardrivers in the UK and Florida cases may have been relying on such negligence).
My suggested advice, and one that I feel all wireless users should heed:
Wireless access point and router owners: Unless you truly and honestly intend to maintain an open access point, change the router's or access point's default settings to close off unwanted outside access. Read the AP's/router's instruction manual carefully if you have any questions on how to do this.
Mobile wireless Internet users: If you detect an open wireless access point or router that is located in a private residence, LEAVE IT ALONE -- DO NOT CONNECT TO IT until you contact the AP's owner and get permission to use it -- it's possible that they may have left the AP open by accident, and may not have meant to run it openly. Never assume that an open AP was intentionally set up that way.
Now, any suggestions on how we can get the above across to wireless newbies before bad things happen to them?
Sure, not reading the manual doesn't excuse AP owners from setting the AP's security properly, but then again, AP owners shouldn't be punished twice for their ignorance (once for not setting things up right, and once for having their bandwidth stolen from them).
Irrelevant, in my mind. All the SSID broadcast told the wardriver was that the AP itself was open. It didn't tell him if the AP's owner knowingly and explicitly intended for the AP to be open -- an automatic connection does not imply consent, IMHO. Since the wardriver in this case took advantage of this situation for three months, it stands to reason that he (the wardriver) intentionally took knowing advantage of the AP owner's ignorance, and thus is at fault.
Point condeded. :)
You are correct in stating that the Prius, and other gas/electric hybrids, are not "alternative fuel vehicles" -- This page lists the various tax deductions for hybrids and other alternative fuel vehicles currently in effect in the US, and it does say that "hybrids are not eligible for the electric vehicle tax credit".
I have apparently made a bad assumption, for which I humbly apologize. -_-
http://www.consumeraffairs.com/news04/mpg.html
which comes from the US Environmental Protection Agency, shows that, of the 10 most-fuel efficient cars currently available, the top 7 are hybrids, with four diesels -- the VW New Beetle, Golf and Jetta (tied for 8th), and the Jetta Wagon (9th) -- coming up just behind. (A caveat: the EPA fuel economy testing methodology unwittingly favors hybrids, but in the real world, hybrids still maintain a significant edge in fuel economy.)
Moreover, diesels typically have worse emissions than hybrids, especially in particulates and greenhouse gases. These figures may improve, however, when federally-mandated low-sulfur diesel fuel begins to be sold in the US starting next year, but how much of an improvement that will be remains to be seen. Even so, hybrid emissions will still likely be lower than those of diesels. See
Actually, according to the Energy Information Administration (a subdivision of the US Department of Energy), in the United States, diesel fuel is more expensive than gasoline -- on average, prices for diesel fuel are currently 12.2 cents per gallon higher than regular unleaded gasoline, mostly due to higher taxes and refining costs.
http://tonto.eia.doe.gov/oog/info/gdu/gasdiesel.a
In Britain, it's worse -- according to the Automobile Association, diesel fuel prices last month were 4.1p/liter more than unleaded petrol -- which translates into a whopping 27.6 US cents per gallon difference:
http://www.theaa.com/allaboutcars/fuel/
http://www.irs.gov/pub/irs-news/ir-04-125.pdf