Security Basics mailing list archives
RE: Home wireless free hotspot
From: "Murda" <murdamcloud () bigpond com>
Date: Thu, 18 Mar 2010 10:15:20 +1000
I am fascinated by the implications of this thread and by what it is the OP wishes to do and its potential ramifications. It seems to me that the whole privacy and anonymity aspects of this situation and similar will become more of a battleground over the next few years in most western countries; Australia is already gearing up for a net filter that will curtail the kind of content that can be accessed. How it will work is anyone's guess and who is responsible for what is 'allowed' versus what is 'not allowed' seems to be as murky and shadowy as parts of the internet itself. Now how could allowing others to use your bandwidth become a problem for you is a valid question in my mind and definitely one that needs to be at least considered before embarking on this kind of project. I imagine that people have accessed illegal materials via open wireless connections pretty much since their inception but what may prevent LE from actually pursuing any criminal acts linked to an IP at Starbucks could well be the fact that they could turn up and find that hundreds of people have connected in the last few days and trying to trace any of them would be a complete nightmare. That is, it would be too costly. The story in the link was exactly the kind of bad dream scenario that can be used as a kind of control in a Benthamesque manner. The authorities *might* be watching, they just *might*...which leads many of us to self-regulate. The anonymity that TOR lent to the traffic in that situation looks like it helped someone; just not the guy who wrote the blog. For him it was painful. I wonder whether Freenet users would have similar stories. How much would I trust that other people are not downloading illegal stuff via my network/IP or onto my system? How much would I trust that something like Freenet's system is always going to work correctly and that the code is robust enough that the encryption scheme means that any weird stuff can't be captured somewhere along the chain and traced back to me? Honestly, I don't know. If anyone uses that then they have to be fairly trusting. Whether that trust is actually based on scientific methods and reasoning or just because depends on the person. What would happen if someone did setup a TOR exit node on the free connection? I'm thinking it would be possible but I haven't investigated the mechanics of doing it. Is the risk of someone doing something illicit on that link even quantifiable in a real world kind of way? This was one person that I have heard of out of how many thousands and thousands of TOR users? But what he went through was fairly extreme and its fallout could have been so much worse. Hysteria is not a big enough word to describe what can happen to the 'community' when such emotive subjects such as CP arise. How could you mitigate the risk of someone using your link in an illegal way? I have no idea if it could be done to categorically prevent any action being taken against you. We all know how far the RIAA are willing to go to get their filesharers. It seems like a numbers game; there are n nodes out there, x percentage which are being used illegally of which the LE agencies can investigate y cases. Of those y cases, they can prosecute z. What are the chances that your connection, n1 will be one of z1.....zn if someone has done something illegal over it? Obviously there are more factors in there and the number will no doubt turn out to be small. It's like the lottery in reverse and just like the lottery, someone sometimes wins. And many more don't. However, one flipside is related to the TOR story; what if someone uses your link to upload 'whistleblowing' materials to say, wikileaks and can do it 'anonymously' by using your free connection? That would be the kind of golden story that the EFF love. A dramatic and essential ingredient in sustaining democracy. So positives could abound when offering this 'good karma' connection. Having said that, mostly people will use it to watch YouTube videos of monkeys dressed in sequined suits riding skateboards while playing tiny banjos. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Reginald Wheeler Sent: Wednesday, March 17, 2010 10:34 AM To: Jay Vlavianos Cc: martinez85 () att blackberry net; John Lightfoot; listbounce () securityfocus com; security-basics () securityfocus com Subject: Re: Home wireless free hotspot Dude the guy is not asking if it is safe to operate a freaking tor proxy server. He is asking if he set up something like what you would get if you were to go to a freaking coffee shop. Stop telling the guy he can't do it. Tell him the risk involved and tell him the best way to mitigate those risk. I know we have a bunch of IT professionals that are on this mailing list. The link that is provided talks of operating a proxy site that can and will violate your ISP terms of use. Now if you go through the proper channels you can offer a wifi hotspot as a service. You have to speak to your ISP for the details of what you need to do. So having said that and now getting pissed with the level of incompetence that many of my fellow IT professionals are showing I'm left wondering how in the hell you got your jobs. Now I am going to give Mr. Lightfoot this advise please consult an IT professional that is well versed in wireless networking and security. This person will also be able to help you with all of the legalities that you may run into with this project. Now for everyone else we all have to think before we comment, not misrepresent ourselves and do our best to leave our personal feelings about things in our pockets when consulting someone on anything unless they ask for it. Oh and P.S. a free to use wireless hotspot is not a Tor-Exit-Node. Tor meaning the The Onion Router is a piece of software that allows you to route internet traffic for programs that use the internet through layers of proxy servers in order to mask your IP address. This has absolutly nothing to do with a hotspot that will always carry the IP address that is issued him from his ISP. So again Jay I have asked you to site case law that will provide factual evidence that you can as a service provider be held accountable for the actions that another person has conducted on a network that has a Terms of use contract that has to be agreed upon in order to access the network. This does not include the fact that yes there is the inconvenience of having your equipment seized for the sake of investigation. You get it back. Plus if you have insurance and you do things the proper way. You will be able to get a replacement due to the fact that your now able to let your insurance company know that your equipment was damaged in a criminal act and your back in service. Thank You, Reginald Wheeler, Owner A+, Networking+, MCSE 2003 1907 Hampton Dr. Sandy Springs, GA 30350 Ph:678.615.2997 wheeler90 () comcast net\ Universal Systems Consulting LLC Simplifying IT -----Original Message----- From: Jay Vlavianos <jvlavianos () ecastnetwork com> To: martinez85 () att blackberry net <martinez85 () att blackberry net> Cc: John Lightfoot <jlightfoot () gmail com>, listbounce () securityfocus com <listbounce () securityfocus com>, security-basics () securityfocus com <security-basics () securityfocus com> Subject: Re: Home wireless free hotspot Date: Tue, 16 Mar 2010 08:30:34 -0700 One only needs to read stories like the one below of a poor Tor exit node operator to realize that you don't want -anyone- except yourself on your own net connection. That is, of course, if you need some excuse for your own activities ("I don't know man, I didn't download any softwarez- but maybe my neighbor did!). http://calumog.wordpress.com/2009/03/18/why-you-need-balls-of-steel-to-operate-a-tor-exit-node/ On Mar 16, 2010, at 7:32 AM, "Johnathan" <martinez85 () att blackberry net> wrote:
How sweet of you... Now matter how kind your intentions are, you may want to check the terms and conditions of the agreement of the contract you hold with your service provider. You legally may not be allowed to do such a thing you are proposing. You may be aware of this already, just wanted to put it out there for others who may have the same mind set as you. ---- Johnathan Sent via BlackBerry by AT&T -----Original Message----- From: "John Lightfoot" <jlightfoot () gmail com> Date: Fri, 12 Mar 2010 15:10:40 To: <security-basics () securityfocus com> Subject: Home wireless free hotspot Hello, I have a home wireless network that I’d like to make available to ne ighbors who need to borrow a connection from time to time. Consider it karmic repayment for the times I’ve had to borrow someone else’s open connection. Of course, I’d like to do it securely, so I’m looking for some advice. My main network has a wireless router connected to the Internet, with a few wired connections to my home computers. The main router’s wireless network is protected by WPA, access control via MAC address, etc. My thought is I would attach a second wireless router (Netgear) to a port off the main router and leave it unsecured, using a second subnet, and block any routing between the two subnets, other than straight out to the Internet, but I’m not sure the best way to do that. So, a few questions: If I set up a second router with a subnet “subservient” to my main router, presumably it has to get an IP address within the address space of the main network, but how can I limit access to that network to only my Internet interface? Would it make more sense for my secure network to be subservient to the main network, i.e. open up the main network and secure a secondary subnet off it? I also have a Secure Computing SG 300 Firewall/VPN appliance, could I configure that help keep the networks separate and my home network secure? It’s got a lot of nice features, but I’m not sure it would help make my configuration more secure. This may be a very bad idea, so I’d also be happy to hear why that’s so if it’s true. Thanks for any advice. John Lightfoot --- --------------------------------------------------------------------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 --- ---------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Home wireless free hotspot, (continued)
- Re: Home wireless free hotspot Johnathan (Mar 19)
- Re: Home wireless free hotspot Jay Vlavianos (Mar 16)
- Re: Home wireless free hotspot Reginald Wheeler (Mar 17)
- RE: Home wireless free hotspot Jay Vlavianos (Mar 17)
- RE: Home wireless free hotspot Channel, Lawrence F CTR USAF ACC ACC/A8ZX (Mar 18)
- RE: Home wireless free hotspot Lauren Twele (Mar 19)
- Re: Home wireless free hotspot Adam Mooz (Mar 19)
- RE: Home wireless free hotspot David Gillett (Mar 18)
- RE: Home wireless free hotspot BECKY MACDONALD (Mar 19)
- Re: Home wireless free hotspot Doug Farre (Mar 18)
- RE: Home wireless free hotspot Murda (Mar 19)
- RE: Home wireless free hotspot John Lightfoot (Mar 16)
- Re: Home wireless free hotspot Jay Vlavianos (Mar 16)
- RE: Home wireless free hotspot Channel, Lawrence F CTR USAF ACC ACC/A8ZX (Mar 16)
- RE: Home wireless free hotspot Quark Group - Hilton Travis (Mar 22)
- Re: Home wireless free hotspot Adam Mooz (Mar 16)
- Re: Home wireless free hotspot tas0584 (Mar 16)