RE: Wireless Security

["Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G. Allen,

        Using your analogy of someone putting their outgoing snail mail into "your"
mailbox and how their return address is
personal information that they've released into the public.  Then couldn't a
person (or their lawyer) who has had their
wireless network (or even a wired network) hacked make the same claim about the
information that their computer is
providing to Windows explorer?

        I mean we all know that there is a certain amount of information that can be
gleaned from a computer hooked to the
network without actually opening said computer.

        And as I am sure as we all know now all "hackers" are bad.  As we would not
have a lot of the admin/security tools
that we now enjoy IF it weren't for "hackers."  Nor would people know about the
security problems that are present in
some systems/software.  But sadly the media (at present) "likes" to call anyone
and everyone who commits a crime with a
computer a "hacker" whether they are or not.  All that matters to the media is
that a crime was committed and that a
computer was used to commit that crime, so ergo the person who committed said
crime "MUST" be a "hacker. . ."

        I mean using the way the media uses the term hacker the dumpster diver who
compiles a database of names and CC numbers
and mail order catalogs that they've ordered from is also a "hacker."  Even
though s/he could do the same thing with a
notebook and a pen/pencil. . .

        Using your own analogy admin/security tools are just admin/security tools until
someone uses them to gain unauthorized
access to a computer that they wouldn't normally have access to. . .  Correct?

Herman

- - - -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Friday, 14 October, 2005 21:53
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


        You're going to get into the fuzzy area again here.  In order to use
your wireless network, the unauthorized user has to connect to your AP.  To
my knowledge, connecting to an AP will create an IP for that user w/ their
MAC address associated to that IP.  Having said that, time for a quick
analogy reference:  let's assume someone is, for whatever reason, putting
their postal mail in your mail box for the purposes of having their mail
sent out, but leaves their real return address on said piece of mail.  Now
using that MAC addy to ID your perp should be as legal as reading the return
address someone puts on that postal mail, i.e. it is considered personal
information that you knowingly disseminate to the public and at that point
becomes public information.  However, you're still not allowed to open that
guy's postal mail, and you are still not allowed to hack into an
unauthorized user's computer.
        To sum up, one person's illegal activities do not legitimize the
commission of illegal activities by you.  Cyber-retaliation would be
interpreted as cyber-terrorism.  And if you've been keeping up w/ the news,
you know what a hot topic cyber-terrorism is.  I agree w/ you Herman, it
isn't fair.  But it is the politics of the dominant paradigm.
        Oh, and as far as your question about is it hacking if you're not
using any hacking tools?  A command prompt is hacking tool Herman.  So, for
that matter, is Google.  To wander off on another analogy; a hammer is just
a tool so long as you're pounding nails with it.  But the moment you take a
swing at someone with it, it's a weapon.

        Hackers are not classified or defined by the tools that they use,
but by the knowledge that they have and the way that they use it as
perceived by the dominant paradigm.

G. Allen Johnson.

- - - -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Friday, October 14, 2005 10:35 AM
To: G. Allen Johnson; security-basics () securityfocus com
Subject: RE: Wireless Security


*** PGP SIGNATURE VERIFICATION ***
*** Status:   Bad Signature
*** Alert:    Signature did not verify. Message has been altered.
*** Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com> (0xDB13DBD3)
*** Signed:   14-Oct-05 1:11:35 PM
*** Verified: 14-Oct-05 10:09:16 PM
*** BEGIN PGP VERIFIED MESSAGE ***

G. Allen,

        I'll do that thanks.

        It's not that I'm doubting you, it's just that it doesn't seem right
that even
though they were the ones who were
illegally accessing someone else's network that the owner of the network
can't
look at their box to find out who they
are.

        Would that also apply to just looking at what comes up in Windows
Explorer
under the network icon?  I mean by using
what that they are not "hacking" the other persons box parse, correct?  I
mean
they're just using what is already being
shown on their own box/system.  And not using any "hacking" tools to do so.

Herman

- - - -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Friday, 14 October, 2005 02:01
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


        Google using the parameters tsunami and hacker.  You will get
multiple hits.  A couple should point you to ZD Net, among many others.  The
story is in fact legit.  Regardless of the fact that someone is making
unauthorized use of your wireless network, it is against the law to hack
into that person's system.

        Now I would have to imagine that there is no reason you couldn't
trap and analyze packets going across your wireless network, it belongs to
you.  And it's likely that some identifying data could be derived from such.
Just bear in mind, the moment you SCAN that person's system w/out
authorization, but w/ the intent of getting into it, you can be brought up
on criminal charges.

        I've read the other replies you've gotten on this question Herman,
and from what I've seen, ALL of them back me up.  That alone should be
telling you something.

G. Allen Johnson.

- - - -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Thursday, October 13, 2005 9:58 PM
To: G. Allen Johnson; security-basics () securityfocus com
Subject: RE: Wireless Security


> > > PGP SIGNATURE VERIFICATION ***
> > > Status:   Bad Signature
> > > Alert:    Signature did not verify. Message has been altered.
> > > Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
> > > Signed:   14-Oct-05 12:48:07 AM
> > > Verified: 14-Oct-05 1:06:25 PM
> > > BEGIN PGP VERIFIED MESSAGE ***

G. Allen,

        But if they're getting an IP from your AP/Wi-Fi enabled router
wouldn't a trace
on their IP address show as being in
that "private" pool of IP addresses?  What about trapping and analyzing the
packets that are going across their
network?  Would it be legal for the person who setup the network to
intercept
and analyze them?

        That doesn't sound quite fair to me.  That they can illegally attach
themselves
to someone else' Wi-Fi network and
that the owner of said network isn't allowed to investigate by looking at
their
computer to at least try and find out
their identity.

        I've read just the article that you directly linked to, was the site
a legit
site, or was it a scam?

Herman

- - - -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Thursday, 13 October, 2005 22:18
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


"C)     Can the person who initially setup the Wi-Fi network ***legally go
in
and look around>>> his/her neighbors computers?"
"C) ***I'd think that it is possibly a gray area***.  I would think that IF
a person discovers that they uninvited guest(s) and s/he is trying to find
out who they are, and where they are I would think that lawyer would argue
that the person who setup the Wi-Fi network was just investigating those who
were illegally accessing his/her system."

        Negative, no gray area here.  Unless you have written permission
&/or some other manner of consent to enter a system not owned by you, you
may not legally enter that system.  In regards to identifying the culprit
however, the wireless AP should give the IP's of the devices connected to
it.  Once the IP address of the offender is acquired, there are a number of
ways to pursue and resolve the problem.  Even law enforcement has
prerequisite requirements that must be fulfilled before entering/hacking
into someone's system.  Taking the law into your own hands, so to speak,
will net you a similar result to the UK fellow who "investigated" the
Tsunami relief website.
http://www.theregister.co.uk/2005/10/06/tsunami_hacker_convicted/
1 to 2 years ago I would have agreed w/ you Herman.  But the power of the
individual to investigate such things has decreased while the power of the
gov't to perform such activities has increased.  The war on terror, much
like the war on drugs, is really nothing more than a war on civil liberties.

G. Allen Johnson.


- - - -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Wednesday, October 12, 2005 8:25 PM
To: G. Allen Johnson
Subject: RE: Wireless Security


> > > PGP SIGNATURE VERIFICATION ***
> > > Status:   Bad Signature
> > > Alert:    Signature did not verify. Message has been altered.
> > > Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
> > > Signed:   12-Oct-05 11:00:43 PM
> > > Verified: 13-Oct-05 10:57:20 PM
> > > BEGIN PGP VERIFIED MESSAGE ***

G. Allen,

        On A) I have to agree with ya.  I would also have to agree with ya
on B).  As
for C) I'd think that it is possibly a
gray area.  I would think that IF a person discovers that they uninvited
guest(s) and s/he is trying to find out who
they are, and where they are I would think that lawyer would argue that the
person who setup the Wi-Fi network was just
investigating those who were illegally accessing his/her system.

        As for d) I'd have to agree with ya again, IF a person is dumb
enough these
days NOT to be running some kind of
anti-virus PRG on their system, they are the one who is to blame for any and
all
virus' that they get.  As far as e) I
would agree that a person's E-Mails/files are the property of the owner.
However I would have to think that the
packets being sent illegally over another person's WLAN are the property of
the
owner of the network.

Herman

- - - -----Original Message-----
From: G. Allen Johnson [mailto:gallenjohnson () sbcglobal net]
Sent: Wednesday, 12 October, 2005 22:15
To: hfebelingjr () lycos com
Subject: RE: Wireless Security


        Assuming the person in question is setting up a wireless AP for
his/her own personal use:
A)      None.  Establishing a wireless network does not automatically add
every wireless device in the area to its network.  The neighbors have to opt
in to use it, and they have to have the SSID and pass key to do so.
Assuming a default SSID and no pass key present, the neighbors in question
still have to choose to join the unsecured wireless network and have to take
responsibility for what nasty things may happen to their computer for
connecting to someone's personal wireless network w/out that person's
consent.
B)      No.  The person who set up the Wi-Fi isn't responsible, the person
who deleted the files is.
C)      No.  That would be considered hacking into someone else's system and
last I checked, that's against the law.  Just because someone accesses your
wireless network, that doesn't give you the right to illegally enter another
person's system.
D)      No.  See A).
E)      The privacy I know they can expect is that which is attached to the
system; i.e. the files on the hard drive.  As far as the privacy of what
packets their system is sending out or the privacy of their e-mails, I'm a
little fuzzier on that.  On one side, it is their e-mail, and it's against
the law for some third party to intercept that e-mail.  However, they are
sending it through an unauthorized connection.  So I'm not real solid on
this one Herman.

Hope that helps,

G. Allen Johnson.

- - - -----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Wednesday, October 12, 2005 12:17 PM
To: security-basics () securityfocus com
Subject: Wireless Security


> > > PGP SIGNATURE VERIFICATION ***
> > > Status:   Bad Signature
> > > Alert:    Signature did not verify. Message has been altered.
> > > Signer:   Herman Frederick Ebeling Jr. <hfebelingjr () lycos com>
(0xDB13DBD3)
> > > Signed:   12-Oct-05 1:56:23 PM
> > > Verified: 12-Oct-05 10:31:52 PM
> > > BEGIN PGP VERIFIED MESSAGE ***

I've got a question (actually a few) along these lines.  Let's say that a
person
has a Wi-Fi network setup at home.
And they find out that some of their neighbors have accessed it.

A)      What if any obligation to the neighbors does the person who
initially setup
the Wi-Fi network have?
B)      What happens IF one neighbor goes in and reads/deletes msgs/files
from
another neighbor's computer is the person who
initially setup the Wi-Fi network for their own use liable?
C)      Can the person who initially setup the Wi-Fi network legally go in
and look
around his/her neighbors computers?
D)      What if one the neighbors get a virus, is the person who initially
setup the
Wi-Fi network liable?
E)      What if any expectations to privacy do the unauthorized users have?

Herman

- - - -----Original Message-----
From: Daryl Davis [mailto:daryl () ultbingo com]
Sent: Tuesday, 04 October, 2005 12:56
To: security-basics () securityfocus com
Subject: Wireless blocking


I believe I have an unauthorized wireless router on my network.  I have been
unable to physically find it as of yet.

Does anyone know how to find the hidden SSID and then Jam it?

Thank you.

Daryl R Davis
Digital Game Media, Inc.


> > > END PGP VERIFIED MESSAGE ***






> > > END PGP VERIFIED MESSAGE ***






> > > END PGP VERIFIED MESSAGE ***






*** END PGP VERIFIED MESSAGE ***

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ1Bvkx/i52nbE9vTEQJVLACg/xpQBNo5vC8EHpllgu603vnQBb0AoOZm
9FlmN4XZ8vPpcnnRdHTLM9mn
=2moc
-----END PGP SIGNATURE-----