Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 01-15-2011, 02:50 AM   #21
Dryer sheet wannabe
4merKPer's Avatar
 
Join Date: May 2010
Posts: 24
Quote:
Originally Posted by glippy View Post
I wouldn't say it is a defacto foolish decision to leave a wireless network open.

Here's an article on the topic of the pros and cons of leaving a wireless network open. Along with 100+ highly-technical comments on the subject.

It's by Bruce Schneier, a well-respected computer security expert. He leaves his own home wireless network open.
In the article the key to the author's security:
Quote:
If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter.
He's a security expert who knows how to secure the data on his computer. If you don't know how to do that, and you have sensitive data like SSN's, CC #'s, personal financial data, etc. on your PC, you'd better secure your home network.
__________________

__________________
Those who desire to give up freedom in order to gain security, will not have, nor do they deserve, either one. ~Ben Franklin
4merKPer is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-15-2011, 06:36 AM   #22
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Quote:
Originally Posted by myself View Post
However, it is often very easy to get onto someone's computer without hacking at all, or very, very little.
Example, please, of how to do that. Perhaps "very easy" step-by-step instructions on how to access (not-your-own) e-mail on another computer on your network; one that has sharing blocked.
__________________

__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-15-2011, 07:00 AM   #23
Full time employment: Posting here.
bruce1's Avatar
 
Join Date: Aug 2004
Location: Hagersville
Posts: 793
Then there was the guy in a larger apartment building who set up an open wireless system and collected credit card and banking info from everyone who used it.
__________________
I wish I was half as good as my dog thinks I am!
bruce1 is offline   Reply With Quote
Old 01-15-2011, 07:03 AM   #24
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Quote:
Originally Posted by bruce1 View Post
Then there was the guy in a larger apartment building who set up an open wireless system and collected credit card and banking info from everyone who used it.
Is there a Link to this story somewhere? ... or is this something you are reporting?
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-15-2011, 07:42 AM   #25
Full time employment: Posting here.
bruce1's Avatar
 
Join Date: Aug 2004
Location: Hagersville
Posts: 793
If there were a link I would have posted it.
__________________
I wish I was half as good as my dog thinks I am!
bruce1 is offline   Reply With Quote
Old 01-15-2011, 07:44 AM   #26
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Quote:
Originally Posted by bruce1 View Post
If there were a link I would have posted it.
Oh.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-15-2011, 08:35 AM   #27
Thinks s/he gets paid by the post
 
Join Date: Jul 2010
Location: Chicago
Posts: 1,001
Quote:
Originally Posted by RonBoyd View Post
Oh.
I found this re: Louisana Law and piggybacking. I get the impression from all the examples given that it's easier to be prosecuted for piggybacking businesses vs. home connections.

http://lawreview.law.lsu.edu/pdf/69....llot-FINAL.pdf
__________________
Dimsumkid is offline   Reply With Quote
Old 01-15-2011, 08:54 AM   #28
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Quote:
Originally Posted by Dimsumkid View Post
I found this re: Louisana Law and piggybacking.
Thank you for the Link. Since I not an Attorney, I became quite confused right off the bat and jumped to the "Conclusion" section. Even then, it was way over my head but..

Quote:
Louisiana’s laws prohibiting criminal mischief, offenses
against computer users, and computer tampering may allow the
courts to penalize wireless piggybackers without the legislature
having to enact a specific statute criminalizing the offense. Far
more complex, however, is the applicability of trespass to chattels laws to wireless piggybacking. No U.S. jurisdiction has addressed this issue, though it is certain to happen given the nation’s everincreasing number of wireless users. When faced with this dilemma, Louisiana courts must determine whether the reasons for allowing the prosecution of wireless piggybackers logically align with the refusal to afford Wi-Fi users a private remedy.

that seemed to escape from the fog I was in... maybe.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-15-2011, 08:57 AM   #29
Full time employment: Posting here.
bruce1's Avatar
 
Join Date: Aug 2004
Location: Hagersville
Posts: 793
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
__________________
I wish I was half as good as my dog thinks I am!
bruce1 is offline   Reply With Quote
Old 01-15-2011, 09:04 AM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Quote:
Originally Posted by bruce1 View Post
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
Thank you for clarifying. (And I mean that in the nicest, most appreciative way.) Anecdotal evidence does seem, however, to be the bulk of what I have found to work with.
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-15-2011, 11:04 AM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,428
Quote:
Originally Posted by glippy View Post
I wouldn't say it is a defacto foolish decision to leave a wireless network open.

Here's an article on the topic of the pros and cons of leaving a wireless network open. Along with 100+ highly-technical comments on the subject.

It's by Bruce Schneier, a well-respected computer security expert. He leaves his own home wireless network open.
I know Bruce from a long time ago, have taken classes from him, was involved with him on the Honeynet project back in the early oughts, and used to be able to email him questions (back before he got to be such a highly respected big shot ). I understand exactly where he's coming from in this article, but I don't agree with him. He's saying the odds are against it, and they are. He also says that if you lose the bet, it's a huge hassle with potentially disasterous results (time, money, possible loss of your computer, slight chance of jail time). I consider this recommendation from him to be bragging, sort of like saying "I've got 10 pit bulls and dobermans, and a couple dozen loaded guns, and I keep my front door unlocked all the time!"

If you follow through on the article, you'll see that most security experts would not recommend this behavior to non-expert users. In my case, I have a fair number of guests each year (beach house), and I just give them the password to the network if they need access. I'll stand by my previous comment. Leaving your network unlocked is exactly like leaving your house unlocked and your financial information sitting out. The odds are nothing will happen, but is it worth it when such a simple solution is available? Your computer (or house) can still be compromised, but you've significantly decreased the odds with little or no effort.

Quote:
Originally Posted by Nords View Post
Another law-abiding citizen who has yet to experience a search warrant, an indictment, or the daily soul-crushing realities of the justice system...
Actually, he deals with the soul crushers on pretty much a daily basis. I think he was just in a mood the day he wrote that article.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 01-15-2011, 11:29 AM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,428
Quote:
Originally Posted by RonBoyd View Post
Example, please, of how to do that. Perhaps "very easy" step-by-step instructions on how to access (not-your-own) e-mail on another computer on your network; one that has sharing blocked.
Quote:
Originally Posted by bruce1 View Post
Then there was the guy in a larger apartment building who set up an open wireless system and collected credit card and banking info from everyone who used it.
Quote:
Originally Posted by bruce1 View Post
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
Quote:
Originally Posted by RonBoyd View Post
Thank you for clarifying. (And I mean that in the nicest, most appreciative way.) Anecdotal evidence does seem, however, to be the bulk of what I have found to work with.
Truthfully, I quit hacking stopped perfoming pen tests back around Windows 2000, so I can't give you any up to date information. But back in the old days it wasn't very hard to access someone else's computer over an open network. If you were a haxor today, you'd be hanging out on the IRCs, going to Blackhat and Defcon, things like that (I assume. I really am out of date). Gaining access to someone else's computer over the network isn't something you (or I anymore) is going to figure out in a day or so, but for the guys that do it, it's easy as pie usually.

A bigger issue with the open network is the router, which is usally wide open with default ID and passwords still in place. http://www.phenoelit-us.org/dpl/dpl.html Once a person gets onto the router, they can read any unencrypted information that passes through it. They won't get your SSL info, but they can certainly read your email. If they want your SSL data they need to work a little harder and put a keystroke logger on your computer. Hard for me, easy for them. Basically, if they get onto your open network, they can easily collect anything that flows through enencrypted with almost no effort. That can often include credit card numbers, expiration dates, security codes, mother's maiden name type stuff. Some sites encrypt that too, but most only do IDs and passwords.

Since anyone interested in doing a driveby would just keep on going to the next place if your network was secured, it's worth doing. At least, IMO.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 01-15-2011, 01:38 PM   #33
Thinks s/he gets paid by the post
GregLee's Avatar
 
Join Date: Oct 2010
Location: Waimanalo, HI
Posts: 1,881
Quote:
Originally Posted by harley View Post
If they want your SSL data they need to work a little harder and put a keystroke logger on your computer.
How could hacking your router let them install a keystroke logger on your computer? How would a keystroke logger give them SSL data (since I never type in encryption keys).
__________________
Greg (retired in 2010 at age 68, state pension)
GregLee is offline   Reply With Quote
Old 01-15-2011, 02:52 PM   #34
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,428
Quote:
Originally Posted by GregLee View Post
How could hacking your router let them install a keystroke logger on your computer? How would a keystroke logger give them SSL data (since I never type in encryption keys).
I meant that they would have to put a keystroke logger onto your computer to get SSL protected info, that they couldn't see it on the router. Whether they could do that is another question. Any good hacker could. I couldn't. If you don't type in the keys, how do you use them? Cut and paste? That would be an added level of protection. But I was talking about IDs and passwords on sites like Vanguard or banks or credit cards, or anywhere that uses SSL to log in. A logger would catch those.
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 01-15-2011, 03:17 PM   #35
Thinks s/he gets paid by the post
GregLee's Avatar
 
Join Date: Oct 2010
Location: Waimanalo, HI
Posts: 1,881
Quote:
Originally Posted by harley View Post
If you don't type in the keys, how do you use them? Cut and paste?
Perhaps it was cut-and-paste; I don't recall, exactly, how I moved the keys from the utility program that generated them to the place where SSL could find them.

I pay as little attention to security as seems feasible, since it's complicated, and I have other ways I'd prefer to spend my time. I've taken down the firewalls in my home system, since it was inconvenient to keep telling my devices on my local network how to drill through them, and nothing bad has happened. For those of us with Linux systems, I'm just not convinced that there is any practical need to worry about hackers. I've run various Unix/Linux systems since the early 90s, at home and at work, and I've only been hacked once -- then I just reloaded the operating system, and all was well.
__________________
Greg (retired in 2010 at age 68, state pension)
GregLee is offline   Reply With Quote
Old 01-15-2011, 05:51 PM   #36
Thinks s/he gets paid by the post
 
Join Date: Jun 2010
Location: France
Posts: 1,195
I'm with Schneier, but then I can afford to be, since my ISP supplies the router and the WiFi is tied down, so I don't get to choose to leave it open.

In any case, the issue is not your own PC(s) getting hacked - nobody is going to take the risk of getting close to your home to target your WiFi to attack your PC when they could do it just as well from across the world over the Internet. The issues, to the extent that they are problematic, would be to do with illegal downloads, and even then I suspect that any jurisdiction would have a hard time showing that a specific person was involved, as opposed to a specific connection. There's a lot of free public WiFi out there, and I don't see McDonald's or Starbucks worrying too much about what people might be downloading while they sip a latte.
__________________
Age 56, retired July 1, 2012; DW is 60 and working for 2 more years. Current portfolio is 2000K split 50 stocks/20 bonds/30 cash. Renting house, no debts.
BigNick is offline   Reply With Quote
Old 01-15-2011, 06:07 PM   #37
Thinks s/he gets paid by the post
 
Join Date: Nov 2005
Location: North of Montana
Posts: 2,753
Quote:
Originally Posted by BigNick View Post
I'm with Schneier, but then I can afford to be, since my ISP supplies the router and the WiFi is tied down, so I don't get to choose to leave it open.
I'd get a new ISP and supply and configure my own router. That's just me, I am a former IT security person, YMMV.

Quote:
Originally Posted by BigNick View Post
In any case, the issue is not your own PC(s) getting hacked - nobody is going to take the risk of getting close to your home to target your WiFi to attack your PC when they could do it just as well from across the world over the Internet.
Your neighbors are always close to your house, no risk. Sorry, for a variety of reasons it is far easier to target your PC from your local WiFi network. If you want me to expand on this, I will, but it will take a lot of typing.
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
kumquat is offline   Reply With Quote
Old 01-15-2011, 07:49 PM   #38
Recycles dryer sheets
Tractor guy's Avatar
 
Join Date: Sep 2010
Posts: 105
I'm not sure I understand the point of this discussion. It took me about 30 minutes max to set up security when I installed a new router. I need to give the password to friends who are staying and need to use the network. That takes me 5 minutes.

Why wouldn't you do this? Admittedly security protocols can be compromised but this is the same as not leaving your keys in the car. Most thieves are going to go down the street and take the one that wasn't locked.

There are places in the U.S. where you can leave the keys in a parked car but I don't live in one. Since the information I've got on my computer could hurt me a whole lot more if it was taken than if I lost my car, I'm willing to spend at least as much time securing the computer as I would locking tbe car.
__________________
Tractor guy is offline   Reply With Quote
Old 01-15-2011, 08:53 PM   #39
Thinks s/he gets paid by the post
GregLee's Avatar
 
Join Date: Oct 2010
Location: Waimanalo, HI
Posts: 1,881
Quote:
Originally Posted by Tractor guy View Post
I'm not sure I understand the point of this discussion. It took me about 30 minutes max to set up security when I installed a new router.
The point, as I'm understanding it, is that you might choose not to securitize your system, giving your neighbors free internet access. Or they might do that for you. Just because you know how to deny neighbors access to the internet through your system, that doesn't mean you necessarily have to do so.
__________________
Greg (retired in 2010 at age 68, state pension)
GregLee is offline   Reply With Quote
Old 01-16-2011, 02:21 AM   #40
Recycles dryer sheets
ikubak's Avatar
 
Join Date: Dec 2007
Posts: 391
OK, I got off my arse and got my wifi encrypted and put a password on it (thanks to my 14 year old). I had been meaning to do it (for two years) just never seemed to get around to it.
__________________

__________________
Retire date Jan. 10, 2018
ikubak is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I thought I'd seen it all.... Alan Other topics 42 01-02-2011 08:03 PM
I thought I was doing well ... ? ineedadvice Hi, I am... 7 09-09-2008 05:48 PM
Is it what you thought...? ajs56 Life after FIRE 19 08-15-2007 07:31 AM
Interesting Job Market-Interesting Blog greg Other topics 1 12-18-2005 01:42 PM
Just Thought I would Say Hello JR Andrews Hi, I am... 39 05-28-2005 09:33 PM

 

 
All times are GMT -6. The time now is 07:38 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.