Penetration Testing mailing list archives
Re: Interesting Ruling Regarding WiFi access
From: "David M. Zendzian" <dmz () dmzs com>
Date: Mon, 04 Jun 2007 13:35:43 -0400
There was a little point you did miss :)First, the network was "Open" and free for use for the business' Customers. So they have no security enabled to allow their customers free access to the wifi.
Second, wireless isn't like a store door. It goes beyond the door, and out into the street. My cell phone is set to automatically connect to any wifi network it sees and attempts to sync email. I didn't set this up, it's a "feature" of windows mobile and the only way to prevent it is to disable wireless, which is not practical for business use of the device.
I know he was sitting in his car actually using the network (unlike my automatic connection via cell phone). However I keep seeing this reference to knocking on the door of buildings when referring to wireless. The day that we can define a perimeter to wireless and have it stop and have a virtual "door" then we can use this analogy. Until then, wireless goes lots of places it's not suppose to, and most devices automatically connect to the highest signal connection they see. As for using it, yes that's like walking into the store. You know you are using it and have no way out of saying you weren't. But the connection and association of wireless is nothing like knocking on the front door of something. :)
David Serg B. wrote:
Perhaps I am missing the point here, but... An individual should simply not utilise a network that does not belong to them unless they have been allowed to do so. I tend to equate it to something like walking down the street and checking if each house/apartment has an open door. If I find an open door I will walk into the house and start using homeowners things without their permission. Of course the network owner could (and should) implement some sort of safety guards. However the person attempting to connect to the network must understand that this network does not belong to them and therefore they must make sure that they are allowed to use it or not. Serg On 04/06/07, stonewall <stonewall () cavtel net> wrote:Would it be hard for manufacturers to implement in the AP's software a logon banner when you try to "connect" your XP box to the AP (of course not)? "This wireless network and Internet access are the property of Blah Blah's coffee shop, and are for the use of our on-premises customers only. Any other use is unauthorized and is subject to legal sanction" (or some other suitable legal mumbo-jumbo). I thought there was a consensus of sorts that such notification was more or less considered "good practice", passed the "reasonable man" test, and was a de facto standard. Recall, it wasn't that long ago that XP was configured BY DEFAULT to connect automatically to the strongest wireless signal it could find. That being said, it is no more stupid to run an open access point than it is to connect to someone else's without authorization. The trouble is, the only ones who know this are folks in this business. The general public has no clue. Arresting someone for this is horsecrap. stonewall -----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] OnBehalf Of Thor (Hammer of God) Sent: Friday, June 01, 2007 10:21 PM To: pen-test () securityfocus com Subject: Re: Interesting Ruling Regarding WiFi access Or just have the SSID start with "PUBLIC" or "PRIVATE" or use the same nomenclature for the router name. Or dictate that broadcast SSID's are public, and hidden SSID's are private.If it is going to be "law" then it needs to be simple enough for people to understand. Ideally, the wifi router manufactures would build in a tag for "private" or "public" and build the selection into the setup wizard. Hell,that option could even drive market share. t ----- Original Message ----- From: "Kenneth Klinzman" <kklinzman () tektegrity com> To: <pen-test () securityfocus com> Sent: Friday, June 01, 2007 11:17 AM Subject: RE: Interesting Ruling Regarding WiFi access Very nice find! My office co-horts and I were having the same kind of discussion. It seems like all it would take is a banner in the coffie shop saying internet to customers only would be all it takes to make the argument valid that they are informed. However, it is not like wireless stops at the walls of the coffee shop like cabled connections would. So to know it was for customers only would take the offender to have entered the shop and seen the sign. Maybe some kind of portal page should be required detailing the terms of use for wireless that users receive when they first log in to the wireless. Either way the legality of using a internet connection that does not belong to you and you know nothing about is very grey area... Those of us who are mostly law abiding would just assume it was wrong to do. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jeffory Atkinson Sent: Friday, June 01, 2007 10:19 AM To: ebk_lists () hotmail com; pen-test () securityfocus com Subject: RE: Interesting Ruling Regarding WiFi access Nice find, Really make you think. Using free wireless is illegal but not if there is a message saying public then it is not. Maybe I am not seeing the whole picture but I believe the burden of notification is on the owner/access point. This is the case in most states. Using the articles example of a radar detector, if you travel in to the state of Virginia you will clearly see the burden of notification in black and white on sign stating they are illegal. I am curious to here other thoughts. JMA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ebk_lists () hotmail com Sent: Friday, June 01, 2007 12:43 PM To: pen-test () securityfocus com Subject: Interesting Ruling Regarding WiFi access Given all of the discussion regarding wifi access and the legalities surrounding it, I found this interesting: http://www.foxnews.com/story/0,2933,276720,00.html While I find the ruling in this circumstance a bit extreme, I think that it is good that we are now getting some case law to back up what has been up to this point mere speculation on what *may* happen in a court. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Interesting Ruling Regarding WiFi access ebk_lists (Jun 01)
- RE: Interesting Ruling Regarding WiFi access Jeffory Atkinson (Jun 01)
- RE: Interesting Ruling Regarding WiFi access Kenneth Klinzman (Jun 01)
- Re: Interesting Ruling Regarding WiFi access Paul Melson (Jun 04)
- <Possible follow-ups>
- RE: Interesting Ruling Regarding WiFi access cwright (Jun 02)
- RE: Interesting Ruling Regarding WiFi access Mike Messick (Jun 02)
- Re: Interesting Ruling Regarding WiFi access Thor (Hammer of God) (Jun 02)
- RE: Interesting Ruling Regarding WiFi access stonewall (Jun 03)
- Re: Interesting Ruling Regarding WiFi access Serg B. (Jun 04)
- Re: Interesting Ruling Regarding WiFi access Michael Hale (Jun 04)
- Re: Interesting Ruling Regarding WiFi access David M. Zendzian (Jun 04)
- RE: Interesting Ruling Regarding WiFi access stonewall (Jun 03)
- RE: Interesting Ruling Regarding WiFi access Jeffory Atkinson (Jun 01)
- RE: Interesting Ruling Regarding WiFi access cwright (Jun 02)
- Re: Re: Interesting Ruling Regarding WiFi access cwright (Jun 04)
- Re: Re: Interesting Ruling Regarding WiFi access cwright (Jun 04)
- RE: Re: Interesting Ruling Regarding WiFi access Erin Carroll (Jun 04)