Results 1 to 17 of 17

Thread: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Open

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Iron Fist Senior Member Husar's Avatar
    Join Date
    Jan 2003
    Location
    Germany
    Posts
    15,617

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Open

    My router is pretty secure in that regard.
    Spoiler Alert, click show to read: 
    It's not a WLAN router. hahaha


    "Topic is tired and needs a nap." - Tosa Inu

  2. #2
    Cynic Senior Member sapi's Avatar
    Join Date
    Oct 2004
    Location
    Brisbane
    Posts
    4,970

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Open

    And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.
    He actually has a point there; it's one of the few viable defences I've seen tried in the multitude of file sharing cases that are going around :)

    Oh, and my network is unsecured here, too. I'm not at all worried - after all, if I couldn't get a decent signal 10m from the AP and had to switch to wired to avoid that, anyone who can pick up the network from outside deserves access
    From wise men, O Lord, protect us -anon
    The death of one man is a tragedy; the death of millions, a statistic -Stalin
    We can categorically state that we have not released man-eating badgers into the area -UK military spokesman Major Mike Shearer

  3. #3
    Amphibious Trebuchet Salesman Member Whacker's Avatar
    Join Date
    Nov 2006
    Location
    in ur city killin ur militias
    Posts
    2,934

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Ope

    OK, I have a few thoughts to contribute here.

    First, regarding open WLANs in general. Honestly, any security you can layer on top of the application at the network level is a good thing in terms of obfuscation, but it doesn't always mean much. It's not hard for someone determined to crack a poorly protected WPA type environment, and WEP has been/is a total joke. However, for the enterprise, all this equates to additional cost and resources to put into managing the infrastructure, setting up clients, managing keys, etc etc etc. Personally at my employer (which is huge, global 300k+) and at numerous other businesses I've dealt with, I've never seen a general Wifi deployment without any kind of protection.

    In terms of home use, I think it's even worse to leave an AP open, for a number of reasons (some of which have been alluded to already).

    First, I believe in the US that there is either a law in coming or it's already been passed (I think the latter) which causes AP owners to be responsible for any content or problems that arise from their hardware, so "Well it was open" doesn't hold water anymore. It'll be interesting to see that actually tried in court and see if it stands up, because my professional (and armchair legal) opinion is that it wouldn't survive judicial review. I'd had to be the poor sap who has to fight that battle though, if it hasn't already. Maybe Tincow knows about this and can comment.

    Second, as a home user, most people are going to be running their systems just like our own very dearest husar, wide open, half patched and vulnerable. Windows firewall is a joke for the most part for a number of reasons, but the core is that it can't stop everything and users will often just bypass it anyway with the brainless "OK" clicking on dialogues it presents, or the same with websites that ask for admin privileges. Thus, even with "default" settings that ship with the last few iterations of Windoze, there's still a ripe, fleshy, vulnerable interior that once you get past, it doesn't matter. Bruce could be using the logic that he doesn't care about the network level, and relies on application and OS level controls to minimize security exposures, but I don't subscribe to that. My mantra is "security in depth", which esp. for home users means using every tool available to it's fullest potential. Thus, I have my home router set up with AES WPA that I change the key every 6 mo or so, all 3 computers are all built and setup personally by me and secured to the hilt (wife complains often), and she's also had several lectures on "how to use teh intarnets", complete with lots of eyerolling and ignoring me like usual.

    So again in a simplified version, we use:

    1. Network level control; WPA, router/firewall properly configured, etc.
    2. OS level control; passwords, lockouts, disabling services and apps, general hygiene
    3. Application level control; installing only "good" applications, using available security settings (Firefox stored password encryption)
    4. Good PC usage; not clicking "OK" all the time in general on dialogues, not browsing or doing business with "questionable" sites, etc

    /soapbox off



    Why

    "Justice is the firm and continuous desire to render to everyone
    that which is his due."
    - Justinian I

  4. #4
    Clan Takiyama Senior Member R'as al Ghul's Avatar
    Join Date
    Jan 2003
    Location
    ignores routers who aren't elite
    Posts
    2,554

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Open

    Unless he logs every connection passing through his router and gets those logs certified, he won't be able to prove that anyone else has used his WLan AP. In the case of a charge the fact that he maintains an open network is no prove that someone else has used it. As long as he can't prove that someone else used his connection one has to assume that he did it himself.

    This is weird.

    Singleplayer: Download beta_8
    Multiplayer: Download beta_5.All.in.1
    I'll build a mountain of corpses - Ogami Itto, Lone Wolf & Cub
    Sometimes standing up for your friends means killing a whole lot of people - Sin City, by Frank Miller

  5. #5
    Amphibious Trebuchet Salesman Member Whacker's Avatar
    Join Date
    Nov 2006
    Location
    in ur city killin ur militias
    Posts
    2,934

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Ope

    Quote Originally Posted by R'as al Ghul
    Unless he logs every connection passing through his router and gets those logs certified, he won't be able to prove that anyone else has used his WLan AP. In the case of a charge the fact that he maintains an open network is no prove that someone else has used it. As long as he can't prove that someone else used his connection one has to assume that he did it himself.
    That's true, BUT it's not proof either that he was using it, hence burden of proof falls apart. Unless it can be correlated with other data that uniquely identifies him, it's just guesswork. Even if they can link it at least to his personal PC, it's still not proof that it was him using it. Hence why I have huge problems with legal BS like this and legal precedent being set on crappy cases with "evidence" that doesn't remotely prove anything.

    "Justice is the firm and continuous desire to render to everyone
    that which is his due."
    - Justinian I

  6. #6
    Clan Takiyama Senior Member R'as al Ghul's Avatar
    Join Date
    Jan 2003
    Location
    ignores routers who aren't elite
    Posts
    2,554

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Ope

    Quote Originally Posted by Whacker
    That's true, BUT it's not proof either that he was using it, hence burden of proof falls apart.
    Okay, that may be the case in the US but here in Germany the owner of the connection is liable. This means that when you open your wifi you are responsible for the content should a crime be committed.
    This is how the Music Industry gets your data in case of sharing of copyrighted material in Germany:
    - They find the IP online
    - They file a charge under criminal law
    - The provider has to disclose the data behind the IP to the district attorney(MI doesn't have the IP yet)
    - The criminal charge is likely to be dropped now
    - The MI files a civil suit against unknown and demands disclosure of records of the case
    - The MI sues you directly

    Now at this point all cases usually end with settlements.
    The question whether you or someone else has used the connection is not asked.


    In the US, Schneiers practise could actually be succesful:
    "The IP address simply can help you know who paid for the internet access, but not who was using what computer on a network. In fact, this even had some people suggesting that, if you want to win a lawsuit from the RIAA, you're best off opening up your WiFi network to neighbors. It seems like this strategy might actually be working. Earlier this month the inability to prove who actually did the file sharing caused the RIAA to drop a case in Oklahoma and now it looks like the same defense has worked in a California case as well. In both cases, though, as soon as the RIAA realized the person was using this defense, they dropped the case, rather than lose it and set a precedent showing they really don't have the unequivocal evidence they claim they do."
    You can also turn the tables:
    Sure, everyone please use my unsecured local Wi-Fi access point. I'm giving back to the community... ... and the community in turn will have all traffic filtered through a box that will sniff passwords, private keys, you name it.
    So please "steal this Wi-Fi" since I need a few more social security and credit card numbers.

    Singleplayer: Download beta_8
    Multiplayer: Download beta_5.All.in.1
    I'll build a mountain of corpses - Ogami Itto, Lone Wolf & Cub
    Sometimes standing up for your friends means killing a whole lot of people - Sin City, by Frank Miller

  7. #7

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Ope

    He's either insane or thinks he can fend off the law with the "it was open" argument and that's why he's doing this. I can think of no other reasonable explanation.
    “The majestic equality of the laws prohibits the rich and the poor alike from sleeping under bridges, begging in the streets and stealing bread.” - Anatole France

    "The law is like a spider’s web. The small are caught, and the great tear it up.” - Anacharsis

  8. #8
    Iron Fist Senior Member Husar's Avatar
    Join Date
    Jan 2003
    Location
    Germany
    Posts
    15,617

    Default Re: News of the Weird, Network Version: Security Guru Leaves His Wireless Network Ope

    Quote Originally Posted by Whacker
    Second, as a home user, most people are going to be running their systems just like our own very dearest husar, wide open, half patched and vulnerable.


    "Topic is tired and needs a nap." - Tosa Inu

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Single Sign On provided by vBSSO