RE: Wireless Security

["Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- -----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Friday, 14 October, 2005 11:43
To: hfebelingjr () lycos com; security-basics () securityfocus com
Subject: RE: Wireless Security




> -----Original Message-----
> From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
> Sent: Thursday, October 13, 2005 12:20 PM
> To: security-basics () securityfocus com
> Subject: RE: Wireless Security
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> - -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu]
> Sent: Thursday, 13 October, 2005 12:23
> To: hfebelingjr () lycos com; security-basics () securityfocus com
> Subject: RE: Wireless Security
>
>
>   IANAL, of course, but I *have* been paying attention to
> issues like this.....
>
> > A)  What if any obligation to the neighbors does the person
> > who initially setup the Wi-Fi network have?
>
>   None.  If I live on a corner and put up a fence around my
> lot, I have no obligation to compensate the pedestrians who
> used to shorten their journey by cutting across my lawn.
>
> ====> On your analogy I think that the courts have provided
> that IF the public
> has enjoyed the privilege of taking such a route  that a
> property owner cannot remove that access.  Such as the case
> of a land owner on a lake and the public has always used said
> property to access the lake.  The land owner cannot "close"
> their property to the public thus
> cutting off access to the lake through their property.  They
> would have to go through the court system in order to do so.

  Rural properties often come with easements -- standing agreements
that neighbor A can cross a part of neighbor B's property to get to
their own, and such rights *can* arise in Common Law without a formal
contract.
  HOWEVER, an essential component of those is that this is the only
practical route to the destination.  My lawn is not the only way to
get around the corner, and my Wi-Fi is hardly ever the only way to
reach the Internet.

====>   True, such as the grass strip that is located between the street and
sidewalk IF there is a sidewalk(s) in the neighborhood.  Such as in my
neighborhood.  I have to maintain that strip of grass that is about a foot or so
wide and runs the width of my yard.  YET, I can't stop people from walking in
it.  I do recall my father telling me of a "nominally" vacant lot that
"everyone" was used to crossing, and when some company bought the lot and
started to build a building on it they had to construct the building in such a
way so as to leave a path so that "everyone" could still "cut" through the
property.


> > B)  What happens IF one neighbor goes in and reads/deletes
> > msgs/files from another neighbor's computer is the person who
> > initially setup the Wi-Fi network for their own use liable?
>
>   Possibly.  A case could be argued that the unsecured Wi-Fi
> constitutes an Attractive Nuisance, and a court could find
> civil liability on that basis.  Not a gamble I'd choose to take.
>
> ====> Actually the courts have found that a fence WITH a "no
> trespassing" sign
> is likewise an attractive nuisance.  And could force the
> property owner to remove one or both.  And given that not
> everyone is aware of all of the security needs of a Wi-Fi
> network or even a traditional LAN that just because it's left
> open/unsecured is not an invitation to anyone and everyone to
> join it.  It'd be like (as several others have said) just
> because ya leave your front door open, that isn't an
> invitation to the person walking down the street to come into
> your home.

  And yet, at least in some jurisdictions, if you leave your car
unlocked and the keys in the ignition, you may face worse consequences
than someone who takes it for a joyride (unless they actually
damage property or persons in the process).
  Courts have found a lot of things which sound surprising if you
don't have the whole context of the case to go with it.  Was that
"fence with a NO TRESPASSING sign" erected across an easement or
public right-of-way?

====>   I don't drive so I'll defer to those who drive on what laws pertain to
cars.  I don't know, I only know that my father told me about it happening.
Likewise a LONG time ago somewhere here in Upstate New York, there was a saw
mill, that was surrounded by "miles" of open land.  Some developer bought up all
the land and built condos or apartments on the land, then "sued" to have the
area rezoned so as to get rid of the "noisy" saw mill "run out of town."

> > C)  Can the person who initially setup the Wi-Fi network
> > legally go in and look around his/her neighbors computers?
>
>   Of course not.
>
> ====> I would think that IF all the person who setup the
> Wi-Fi network was doing
> was trying to find out who it was that
> was accessing their network that it should be allowed.  I
> mean don't they have the right to find out who is accessing
> their network???

  Two wrongs have never made a right.  If someone parks blocking
my driveway, I can write down their license number, but searching
their car for some ID is clearly crossing a line....

====>   That is correct, but I am not talking about going in and doing any damage,
just going in to try and identify the person(s) who have illegally attached
themselves to someone else's Wi-Fi network.  I do know that IF someone were to
park their car so that it was blocking my driveway (particularly when my
Grandmother was still alive) I would not only take down their license plate
number and try to ID the owner through it.  As well as calling the cops and have
it towed.

> > D)  What if one the neighbors get a virus, is the person
> > who initially setup the Wi-Fi network liable?
>
>   Same as B.
>
> ====> IF they deliberately setup it for their neighbors to
> freely access then I
> could see them having a responsibility,
> but just because someone sets up a Wi-Fi network for their
> own use and doesn't secure it doesn't give their neighbors
> the "right" to access it or the Internet through it.  Doesn't
> mean that they owe anyone who is accessing it illegally anything.

  I'll agree that that ought to be true, but I can't guarantee that
"twelve people too dumb to get out of jury duty" will see it that
way.  Someone is going to claim that their "zero administration"
wireless built into their laptop found access to the Internet, and
that if that access had been properly secured, they wouldn't have
caught the virus, and some jury is going to say to themselves "Wi-fi
Owner should have known this could happen and taken steps to prevent
Ignorant Victim suffering" and award beaucoup bucks.  It might not
stand up on appeal, but just because it's not right doesn't mean you
want to pay lots of lawyers to prove it.

====>   Or who may or may not have any understanding about computers or Wi-Fi
networks.  I would think that one would/should also be able to argue that that
"zero administration" wireless built into laptops should only access networks
that the owner is authorized to access and not just connect to "any old wireless
network" that is out there. . .

====>   I mean what happens if one person setups (and secures it as best as
possible) in their home and another does the same in their home.  And something
happens to drop the signal strength of their router/AP, and their "zero
administration" then locks onto their neighbors network.  That can hardly be the
either person's fault.


> > E)  What if any expectations to privacy do the unauthorized
> > users have?
>
>   PROBABLY none, but they may be able to argue that they were
> not informed of that fact.  They might even argue that the
> unsecured state of the Wi-Fi constituted -- for all they knew!
> - -- authorization, and that might make even the transmissions
> *through* the Wi-Fi subject to various electronic
> communications privacy legislation.
>
> ====> IF they're illegally accessing someone else's Wi-Fi
> network why does
> anyone have to tell them anything?  Again your argument that
> the unsecured Wi-Fi network is an "open invitation" for
> others to access it.  Is like saying that the person who
> leaves their front door open is "inviting" the person walking
> down the street into their home.

  I deal all the time with a user population that thinks an open
jack is an invitation to plug in their laptop and start downloading
porn and MP3s, and that a jack with a computer plugged into it can
be freely converted to an open jack by unplugging the machine that's
there.  And they assume that wireless they can connect to is wireless
they're entitled to use.
  They clearly don't make the analogy you're suggesting -- or
if they do, Western Civilization is DOOMED.

====>   How is Western Civilization "doomed" if people start to respect other's
property???


> Moral:  Public Wi-Fi should be implemented deliberately, not
> accidentally, and probably with legal advice up front.  By
> the time any of these questions stops being hypothetical, it
> may already be too late.
>
> ====> Well said.
>
> Herman

  Thanks.  We agree on that much at least, and I think we pretty much
agree on how the world *ought* to work -- just not on how close to
that Reality usually comes.

====>   I think that is pretty much true.

Herman


> > -----Original Message-----
> > From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
> > Sent: Wednesday, October 12, 2005 12:17 PM
> > To: security-basics () securityfocus com
> > Subject: Wireless Security
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I've got a question (actually a few) along these lines.
> > Let's say that a person has a Wi-Fi network setup at home.
> > And they find out that some of their neighbors have accessed it.
> >
> > A)  What if any obligation to the neighbors does the person
> > who initially setup
> > the Wi-Fi network have?
> > B)  What happens IF one neighbor goes in and reads/deletes
> > msgs/files from
> > another neighbor's computer is the person who initially setup the
> > Wi-Fi network for their own use liable?
> > C)  Can the person who initially setup the Wi-Fi network
> > legally go in and look
> > around his/her neighbors computers?
> > D)  What if one the neighbors get a virus, is the person
> > who initially setup the
> > Wi-Fi network liable?
> > E)  What if any expectations to privacy do the unauthorized
> > users have?
> >
> > Herman
> >
> > - -----Original Message-----
> > From: Daryl Davis [mailto:daryl () ultbingo com]
> > Sent: Tuesday, 04 October, 2005 12:56
> > To: security-basics () securityfocus com
> > Subject: Wireless blocking
> >
> >
> > I believe I have an unauthorized wireless router on my network.  I
> > have been unable to physically find it as of yet.
> >
> > Does anyone know how to find the hidden SSID and then Jam it?
> >
> > Thank you.
> >
> > Daryl R Davis
> > Digital Game Media, Inc.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0.3
> >
> > iQA/AwUBQ01ORx/i52nbE9vTEQJiUgCeOOjX9N6x73SckuWo8IM3fRrF7NoAni3P
> > b8FzLCft8X2qZYK7BYhdx+E3
> > =9dp4
> > -----END PGP SIGNATURE-----
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQ06tYB/i52nbE9vTEQKgZACdEMt4pGr2PZRgbGdqKH4jTHDfX/MAni8p
> VH8d2X6YFd5CM6XaD5LbQrGJ
> =doq1
> -----END PGP SIGNATURE-----


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ0/wDB/i52nbE9vTEQISwgCgrv3OS6E0RdUPpQqIWWcMid3O7tYAoP8F
GGjqlo0fao2RFVTnCstZNqGM
=AvCZ
-----END PGP SIGNATURE-----