Re: Is this for real?

["Jamie Riden" <jamie.riden () gmail com>]

On 10/04/07, Michael Bednar <MBEDNAR () katz pitt edu> wrote:
> Hmmm...I have to ask myself if someone who is trespassing and stealing
> your bandwidth has a reasonable expectation of privacy? I can see where
> there would be a problem if you were an ISP and were spying on your
> customers without their knowledge, but does someone who is breaking the
> law (I don't think you need to know you're doing it -- try arguing your
> way out of a criminal charge because you didn't know) have the same
> protection? I am not a lawyer nor do I pretend to be, but I think the
> only people who would be able to press charges are legitimate users who
> were harmed by the surveillance.

Yes, but to prove bad faith on their part, you need to produce your
logs. In other words, you don't know it's OK to snoop on them, until
you've snooped on them. Are your logs admissible in court? What if
their little brother spent the afternoon playing with the system
settings and left it so that it would bind to the first access point
it came across?

If you want it secure there's WPA2, if you want accountability there's
things like 802.1X. I don't see the need or justification for
dontstealmywifi.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------