Security Basics mailing list archives

RE: Wireless Security

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 14 Oct 2005 08:43:08 -0700

-----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] 
Sent: Thursday, October 13, 2005 12:20 PM
To: security-basics () securityfocus com
Subject: RE: Wireless Security


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- -----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Thursday, 13 October, 2005 12:23
To: hfebelingjr () lycos com; security-basics () securityfocus com
Subject: RE: Wireless Security


  IANAL, of course, but I *have* been paying attention to 
issues like this.....

A)  What if any obligation to the neighbors does the person
who initially setup the Wi-Fi network have?


  None.  If I live on a corner and put up a fence around my 
lot, I have no obligation to compensate the pedestrians who 
used to shorten their journey by cutting across my lawn.

====> On your analogy I think that the courts have provided 
that IF the public
has enjoyed the privilege of taking such a route  that a 
property owner cannot remove that access.  Such as the case 
of a land owner on a lake and the public has always used said 
property to access the lake.  The land owner cannot "close"
their property to the public thus
cutting off access to the lake through their property.  They 
would have to go through the court system in order to do so.


  Rural properties often come with easements -- standing agreements
that neighbor A can cross a part of neighbor B's property to get to
their own, and such rights *can* arise in Common Law without a formal
contract.
  HOWEVER, an essential component of those is that this is the only
practical route to the destination.  My lawn is not the only way to
get around the corner, and my Wi-Fi is hardly ever the only way to
reach the Internet.

B)  What happens IF one neighbor goes in and reads/deletes
msgs/files from another neighbor's computer is the person who 
initially setup the Wi-Fi network for their own use liable?


  Possibly.  A case could be argued that the unsecured Wi-Fi 
constitutes an Attractive Nuisance, and a court could find 
civil liability on that basis.  Not a gamble I'd choose to take.

====> Actually the courts have found that a fence WITH a "no 
trespassing" sign
is likewise an attractive nuisance.  And could force the 
property owner to remove one or both.  And given that not 
everyone is aware of all of the security needs of a Wi-Fi 
network or even a traditional LAN that just because it's left 
open/unsecured is not an invitation to anyone and everyone to 
join it.  It'd be like (as several others have said) just 
because ya leave your front door open, that isn't an 
invitation to the person walking down the street to come into 
your home.


  And yet, at least in some jurisdictions, if you leave your car
unlocked and the keys in the ignition, you may face worse consequences
than someone who takes it for a joyride (unless they actually
damage property or persons in the process).
  Courts have found a lot of things which sound surprising if you
don't have the whole context of the case to go with it.  Was that
"fence with a NO TRESPASSING sign" erected across an easement or
public right-of-way?

C)  Can the person who initially setup the Wi-Fi network
legally go in and look around his/her neighbors computers?


  Of course not.

====> I would think that IF all the person who setup the 
Wi-Fi network was doing
was trying to find out who it was that
was accessing their network that it should be allowed.  I 
mean don't they have the right to find out who is accessing 
their network???


  Two wrongs have never made a right.  If someone parks blocking
my driveway, I can write down their license number, but searching
their car for some ID is clearly crossing a line....

D)  What if one the neighbors get a virus, is the person
who initially setup the Wi-Fi network liable?


  Same as B.

====> IF they deliberately setup it for their neighbors to 
freely access then I
could see them having a responsibility,
but just because someone sets up a Wi-Fi network for their 
own use and doesn't secure it doesn't give their neighbors 
the "right" to access it or the Internet through it.  Doesn't 
mean that they owe anyone who is accessing it illegally anything.


  I'll agree that that ought to be true, but I can't guarantee that
"twelve people too dumb to get out of jury duty" will see it that
way.  Someone is going to claim that their "zero administration"
wireless built into their laptop found access to the Internet, and
that if that access had been properly secured, they wouldn't have
caught the virus, and some jury is going to say to themselves "Wi-fi
Owner should have known this could happen and taken steps to prevent
Ignorant Victim suffering" and award beaucoup bucks.  It might not
stand up on appeal, but just because it's not right doesn't mean you 
want to pay lots of lawyers to prove it.

E)  What if any expectations to privacy do the unauthorized
users have?


  PROBABLY none, but they may be able to argue that they were 
not informed of that fact.  They might even argue that the 
unsecured state of the Wi-Fi constituted -- for all they knew!
- -- authorization, and that might make even the transmissions
*through* the Wi-Fi subject to various electronic 
communications privacy legislation.

====> IF they're illegally accessing someone else's Wi-Fi 
network why does
anyone have to tell them anything?  Again your argument that 
the unsecured Wi-Fi network is an "open invitation" for 
others to access it.  Is like saying that the person who 
leaves their front door open is "inviting" the person walking 
down the street into their home.


  I deal all the time with a user population that thinks an open
jack is an invitation to plug in their laptop and start downloading 
porn and MP3s, and that a jack with a computer plugged into it can
be freely converted to an open jack by unplugging the machine that's
there.  And they assume that wireless they can connect to is wireless 
they're entitled to use.
  They clearly don't make the analogy you're suggesting -- or
if they do, Western Civilization is DOOMED.

Moral:  Public Wi-Fi should be implemented deliberately, not 
accidentally, and probably with legal advice up front.  By 
the time any of these questions stops being hypothetical, it 
may already be too late.

====> Well said.

Herman


  Thanks.  We agree on that much at least, and I think we pretty much
agree on how the world *ought* to work -- just not on how close to
that Reality usually comes.

David

-----Original Message-----
From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com]
Sent: Wednesday, October 12, 2005 12:17 PM
To: security-basics () securityfocus com
Subject: Wireless Security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've got a question (actually a few) along these lines.
Let's say that a person has a Wi-Fi network setup at home.
And they find out that some of their neighbors have accessed it.

A)  What if any obligation to the neighbors does the person
who initially setup
the Wi-Fi network have?
B)  What happens IF one neighbor goes in and reads/deletes
msgs/files from
another neighbor's computer is the person who initially setup the 
Wi-Fi network for their own use liable?
C)  Can the person who initially setup the Wi-Fi network
legally go in and look
around his/her neighbors computers?
D)  What if one the neighbors get a virus, is the person
who initially setup the
Wi-Fi network liable?
E)  What if any expectations to privacy do the unauthorized
users have?

Herman

- -----Original Message-----
From: Daryl Davis [mailto:daryl () ultbingo com]
Sent: Tuesday, 04 October, 2005 12:56
To: security-basics () securityfocus com
Subject: Wireless blocking

I believe I have an unauthorized wireless router on my network.  I 
have been unable to physically find it as of yet.

Does anyone know how to find the hidden SSID and then Jam it?

Thank you.

Daryl R Davis
Digital Game Media, Inc.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ01ORx/i52nbE9vTEQJiUgCeOOjX9N6x73SckuWo8IM3fRrF7NoAni3P
b8FzLCft8X2qZYK7BYhdx+E3
=9dp4
-----END PGP SIGNATURE-----



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ06tYB/i52nbE9vTEQKgZACdEMt4pGr2PZRgbGdqKH4jTHDfX/MAni8p
VH8d2X6YFd5CM6XaD5LbQrGJ
=doq1
-----END PGP SIGNATURE-----

Current thread:

Wireless Security Herman Frederick Ebeling, Jr. (Oct 12)
- Re: Wireless Security Kenton Smith (Oct 13)
- Re: Wireless Security Kevin Reiter (Oct 13)
  - RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
    - Re: Wireless Security Kevin Reiter (Oct 18)
- RE: Wireless Security David Gillett (Oct 13)
  - RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
    - RE: Wireless Security David Gillett (Oct 14)
    - RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
    - RE: Wireless Security David Gillett (Oct 17)
    - RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
    - Hard drives v. CF/Smart media/etc. Herman Frederick Ebeling, Jr. (Oct 18)
    - RE: Hard drives v. CF/Smart media/etc. David Gillett (Oct 18)
    - Re: Hard drives v. CF/Smart media/etc. Robert Reed (Oct 18)
    - Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 18)
    - RE: Hard drives v. CF/Smart media/etc. Herman Frederick Ebeling, Jr. (Oct 18)
    - Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 18)
    - Message not available
    - Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 21)

(Thread continues...)