Security Basics mailing list archives
RE: Wireless Security
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 14 Oct 2005 08:43:08 -0700
-----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Thursday, October 13, 2005 12:20 PM To: security-basics () securityfocus com Subject: RE: Wireless Security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Thursday, 13 October, 2005 12:23 To: hfebelingjr () lycos com; security-basics () securityfocus com Subject: RE: Wireless Security IANAL, of course, but I *have* been paying attention to issues like this.....A) What if any obligation to the neighbors does the person who initially setup the Wi-Fi network have?None. If I live on a corner and put up a fence around my lot, I have no obligation to compensate the pedestrians who used to shorten their journey by cutting across my lawn. ====> On your analogy I think that the courts have provided that IF the public has enjoyed the privilege of taking such a route that a property owner cannot remove that access. Such as the case of a land owner on a lake and the public has always used said property to access the lake. The land owner cannot "close" their property to the public thus cutting off access to the lake through their property. They would have to go through the court system in order to do so.
Rural properties often come with easements -- standing agreements that neighbor A can cross a part of neighbor B's property to get to their own, and such rights *can* arise in Common Law without a formal contract. HOWEVER, an essential component of those is that this is the only practical route to the destination. My lawn is not the only way to get around the corner, and my Wi-Fi is hardly ever the only way to reach the Internet.
B) What happens IF one neighbor goes in and reads/deletes msgs/files from another neighbor's computer is the person who initially setup the Wi-Fi network for their own use liable?Possibly. A case could be argued that the unsecured Wi-Fi constitutes an Attractive Nuisance, and a court could find civil liability on that basis. Not a gamble I'd choose to take. ====> Actually the courts have found that a fence WITH a "no trespassing" sign is likewise an attractive nuisance. And could force the property owner to remove one or both. And given that not everyone is aware of all of the security needs of a Wi-Fi network or even a traditional LAN that just because it's left open/unsecured is not an invitation to anyone and everyone to join it. It'd be like (as several others have said) just because ya leave your front door open, that isn't an invitation to the person walking down the street to come into your home.
And yet, at least in some jurisdictions, if you leave your car unlocked and the keys in the ignition, you may face worse consequences than someone who takes it for a joyride (unless they actually damage property or persons in the process). Courts have found a lot of things which sound surprising if you don't have the whole context of the case to go with it. Was that "fence with a NO TRESPASSING sign" erected across an easement or public right-of-way?
C) Can the person who initially setup the Wi-Fi network legally go in and look around his/her neighbors computers?Of course not. ====> I would think that IF all the person who setup the Wi-Fi network was doing was trying to find out who it was that was accessing their network that it should be allowed. I mean don't they have the right to find out who is accessing their network???
Two wrongs have never made a right. If someone parks blocking my driveway, I can write down their license number, but searching their car for some ID is clearly crossing a line....
D) What if one the neighbors get a virus, is the person who initially setup the Wi-Fi network liable?Same as B. ====> IF they deliberately setup it for their neighbors to freely access then I could see them having a responsibility, but just because someone sets up a Wi-Fi network for their own use and doesn't secure it doesn't give their neighbors the "right" to access it or the Internet through it. Doesn't mean that they owe anyone who is accessing it illegally anything.
I'll agree that that ought to be true, but I can't guarantee that "twelve people too dumb to get out of jury duty" will see it that way. Someone is going to claim that their "zero administration" wireless built into their laptop found access to the Internet, and that if that access had been properly secured, they wouldn't have caught the virus, and some jury is going to say to themselves "Wi-fi Owner should have known this could happen and taken steps to prevent Ignorant Victim suffering" and award beaucoup bucks. It might not stand up on appeal, but just because it's not right doesn't mean you want to pay lots of lawyers to prove it.
E) What if any expectations to privacy do the unauthorized users have?PROBABLY none, but they may be able to argue that they were not informed of that fact. They might even argue that the unsecured state of the Wi-Fi constituted -- for all they knew! - -- authorization, and that might make even the transmissions *through* the Wi-Fi subject to various electronic communications privacy legislation. ====> IF they're illegally accessing someone else's Wi-Fi network why does anyone have to tell them anything? Again your argument that the unsecured Wi-Fi network is an "open invitation" for others to access it. Is like saying that the person who leaves their front door open is "inviting" the person walking down the street into their home.
I deal all the time with a user population that thinks an open jack is an invitation to plug in their laptop and start downloading porn and MP3s, and that a jack with a computer plugged into it can be freely converted to an open jack by unplugging the machine that's there. And they assume that wireless they can connect to is wireless they're entitled to use. They clearly don't make the analogy you're suggesting -- or if they do, Western Civilization is DOOMED.
Moral: Public Wi-Fi should be implemented deliberately, not accidentally, and probably with legal advice up front. By the time any of these questions stops being hypothetical, it may already be too late. ====> Well said. Herman
Thanks. We agree on that much at least, and I think we pretty much agree on how the world *ought* to work -- just not on how close to that Reality usually comes. David
-----Original Message----- From: Herman Frederick Ebeling, Jr. [mailto:hfebelingjr () lycos com] Sent: Wednesday, October 12, 2005 12:17 PM To: security-basics () securityfocus com Subject: Wireless Security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've got a question (actually a few) along these lines. Let's say that a person has a Wi-Fi network setup at home. And they find out that some of their neighbors have accessed it. A) What if any obligation to the neighbors does the person who initially setup the Wi-Fi network have? B) What happens IF one neighbor goes in and reads/deletes msgs/files from another neighbor's computer is the person who initially setup the Wi-Fi network for their own use liable? C) Can the person who initially setup the Wi-Fi network legally go in and look around his/her neighbors computers? D) What if one the neighbors get a virus, is the person who initially setup the Wi-Fi network liable? E) What if any expectations to privacy do the unauthorized users have? Herman - -----Original Message----- From: Daryl Davis [mailto:daryl () ultbingo com] Sent: Tuesday, 04 October, 2005 12:56 To: security-basics () securityfocus com Subject: Wireless blocking I believe I have an unauthorized wireless router on my network. I have been unable to physically find it as of yet. Does anyone know how to find the hidden SSID and then Jam it? Thank you. Daryl R Davis Digital Game Media, Inc. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ01ORx/i52nbE9vTEQJiUgCeOOjX9N6x73SckuWo8IM3fRrF7NoAni3P b8FzLCft8X2qZYK7BYhdx+E3 =9dp4 -----END PGP SIGNATURE----------BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ06tYB/i52nbE9vTEQKgZACdEMt4pGr2PZRgbGdqKH4jTHDfX/MAni8p VH8d2X6YFd5CM6XaD5LbQrGJ =doq1 -----END PGP SIGNATURE-----
Current thread:
- Wireless Security Herman Frederick Ebeling, Jr. (Oct 12)
- Re: Wireless Security Kenton Smith (Oct 13)
- Re: Wireless Security Kevin Reiter (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- Re: Wireless Security Kevin Reiter (Oct 18)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security David Gillett (Oct 13)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)
- RE: Wireless Security David Gillett (Oct 14)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 14)
- RE: Wireless Security David Gillett (Oct 17)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 17)
- Hard drives v. CF/Smart media/etc. Herman Frederick Ebeling, Jr. (Oct 18)
- RE: Hard drives v. CF/Smart media/etc. David Gillett (Oct 18)
- Re: Hard drives v. CF/Smart media/etc. Robert Reed (Oct 18)
- Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 18)
- RE: Hard drives v. CF/Smart media/etc. Herman Frederick Ebeling, Jr. (Oct 18)
- Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 18)
- Message not available
- Re: Hard drives v. CF/Smart media/etc. Alloishus BeauMains (Oct 21)
- RE: Wireless Security Herman Frederick Ebeling, Jr. (Oct 13)