Interesting LBYM Thought

Dimsumkid said:
I found this re: Louisana Law and piggybacking.
Click to expand...

Thank you for the Link. Since I not an Attorney, I became quite confused right off the bat and jumped to the "Conclusion" section. Even then, it was way over my head but..

Louisiana’s laws prohibiting criminal mischief, offenses
against computer users, and computer tampering may allow the
courts to penalize wireless piggybackers without the legislature
having to enact a specific statute criminalizing the offense. Far
more complex, however, is the applicability of trespass to chattels laws to wireless piggybacking. No U.S. jurisdiction has addressed this issue, though it is certain to happen given the nation’s everincreasing number of wireless users. When faced with this dilemma, Louisiana courts must determine whether the reasons for allowing the prosecution of wireless piggybackers logically align with the refusal to afford Wi-Fi users a private remedy.
Click to expand...
that seemed to escape from the fog I was in... maybe.
 
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
 
bruce1 said:
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
Click to expand...

Thank you for clarifying. (And I mean that in the nicest, most appreciative way.) Anecdotal evidence does seem, however, to be the bulk of what I have found to work with.
 
glippy said:
I wouldn't say it is a defacto foolish decision to leave a wireless network open.

Here's an article on the topic of the pros and cons of leaving a wireless network open. Along with 100+ highly-technical comments on the subject.

It's by Bruce Schneier, a well-respected computer security expert. He leaves his own home wireless network open.
Click to expand...

I know Bruce from a long time ago, have taken classes from him, was involved with him on the Honeynet project back in the early oughts, and used to be able to email him questions (back before he got to be such a highly respected big shot :D). I understand exactly where he's coming from in this article, but I don't agree with him. He's saying the odds are against it, and they are. He also says that if you lose the bet, it's a huge hassle with potentially disasterous results (time, money, possible loss of your computer, slight chance of jail time). I consider this recommendation from him to be bragging, sort of like saying "I've got 10 pit bulls and dobermans, and a couple dozen loaded guns, and I keep my front door unlocked all the time!" :whistle:

If you follow through on the article, you'll see that most security experts would not recommend this behavior to non-expert users. In my case, I have a fair number of guests each year (beach house), and I just give them the password to the network if they need access. I'll stand by my previous comment. Leaving your network unlocked is exactly like leaving your house unlocked and your financial information sitting out. The odds are nothing will happen, but is it worth it when such a simple solution is available? Your computer (or house) can still be compromised, but you've significantly decreased the odds with little or no effort.

Nords said:
Another law-abiding citizen who has yet to experience a search warrant, an indictment, or the daily soul-crushing realities of the justice system...
Click to expand...

Actually, he deals with the soul crushers on pretty much a daily basis. :LOL: I think he was just in a mood the day he wrote that article.
 
RonBoyd said:
Example, please, of how to do that. Perhaps "very easy" step-by-step instructions on how to access (not-your-own) e-mail on another computer on your network; one that has sharing blocked.
Click to expand...

bruce1 said:
Then there was the guy in a larger apartment building who set up an open wireless system and collected credit card and banking info from everyone who used it.
Click to expand...

bruce1 said:
This was actually from a building my cousin used to live in in Hamilton Ontario. I was visiting one day and and the police showed up and arrested the individual. Warnings re possible compromise of data were later posted in the lobby and office. Unfortunately that is all I know.
Click to expand...

RonBoyd said:
Thank you for clarifying. (And I mean that in the nicest, most appreciative way.) Anecdotal evidence does seem, however, to be the bulk of what I have found to work with.
Click to expand...

Truthfully, I [-]quit hacking[/-] stopped perfoming pen tests back around Windows 2000, so I can't give you any up to date information. But back in the old days it wasn't very hard to access someone else's computer over an open network. If you were a haxor today, you'd be hanging out on the IRCs, going to Blackhat and Defcon, things like that (I assume. I really am out of date). Gaining access to someone else's computer over the network isn't something you (or I anymore) is going to figure out in a day or so, but for the guys that do it, it's easy as pie usually.

A bigger issue with the open network is the router, which is usally wide open with default ID and passwords still in place. http://www.phenoelit-us.org/dpl/dpl.html Once a person gets onto the router, they can read any unencrypted information that passes through it. They won't get your SSL info, but they can certainly read your email. If they want your SSL data they need to work a little harder and put a keystroke logger on your computer. Hard for me, easy for them. Basically, if they get onto your open network, they can easily collect anything that flows through enencrypted with almost no effort. That can often include credit card numbers, expiration dates, security codes, mother's maiden name type stuff. Some sites encrypt that too, but most only do IDs and passwords.

Since anyone interested in doing a driveby would just keep on going to the next place if your network was secured, it's worth doing. At least, IMO.
 
harley said:
If they want your SSL data they need to work a little harder and put a keystroke logger on your computer.
Click to expand...
:confused: How could hacking your router let them install a keystroke logger on your computer? How would a keystroke logger give them SSL data (since I never type in encryption keys).
 
GregLee said:
:confused: How could hacking your router let them install a keystroke logger on your computer? How would a keystroke logger give them SSL data (since I never type in encryption keys).
Click to expand...

I meant that they would have to put a keystroke logger onto your computer to get SSL protected info, that they couldn't see it on the router. Whether they could do that is another question. Any good hacker could. I couldn't. If you don't type in the keys, how do you use them? Cut and paste? That would be an added level of protection. But I was talking about IDs and passwords on sites like Vanguard or banks or credit cards, or anywhere that uses SSL to log in. A logger would catch those.
 
harley said:
If you don't type in the keys, how do you use them? Cut and paste?
Click to expand...
Perhaps it was cut-and-paste; I don't recall, exactly, how I moved the keys from the utility program that generated them to the place where SSL could find them.

I pay as little attention to security as seems feasible, since it's complicated, and I have other ways I'd prefer to spend my time. I've taken down the firewalls in my home system, since it was inconvenient to keep telling my devices on my local network how to drill through them, and nothing bad has happened. For those of us with Linux systems, I'm just not convinced that there is any practical need to worry about hackers. I've run various Unix/Linux systems since the early 90s, at home and at work, and I've only been hacked once -- then I just reloaded the operating system, and all was well.
 
I'm with Schneier, but then I can afford to be, since my ISP supplies the router and the WiFi is tied down, so I don't get to choose to leave it open. :)

In any case, the issue is not your own PC(s) getting hacked - nobody is going to take the risk of getting close to your home to target your WiFi to attack your PC when they could do it just as well from across the world over the Internet. The issues, to the extent that they are problematic, would be to do with illegal downloads, and even then I suspect that any jurisdiction would have a hard time showing that a specific person was involved, as opposed to a specific connection. There's a lot of free public WiFi out there, and I don't see McDonald's or Starbucks worrying too much about what people might be downloading while they sip a latte.
 
BigNick said:
I'm with Schneier, but then I can afford to be, since my ISP supplies the router and the WiFi is tied down, so I don't get to choose to leave it open. :)
Click to expand...
I'd get a new ISP and supply and configure my own router. That's just me, I am a former IT security person, YMMV.

BigNick said:
In any case, the issue is not your own PC(s) getting hacked - nobody is going to take the risk of getting close to your home to target your WiFi to attack your PC when they could do it just as well from across the world over the Internet.
Click to expand...

Your neighbors are always close to your house, no risk. Sorry, for a variety of reasons it is far easier to target your PC from your local WiFi network. If you want me to expand on this, I will, but it will take a lot of typing.
 
I'm not sure I understand the point of this discussion. It took me about 30 minutes max to set up security when I installed a new router. I need to give the password to friends who are staying and need to use the network. That takes me 5 minutes.

Why wouldn't you do this? Admittedly security protocols can be compromised but this is the same as not leaving your keys in the car. Most thieves are going to go down the street and take the one that wasn't locked.

There are places in the U.S. where you can leave the keys in a parked car but I don't live in one. Since the information I've got on my computer could hurt me a whole lot more if it was taken than if I lost my car, I'm willing to spend at least as much time securing the computer as I would locking tbe car.
 
Tractor guy said:
I'm not sure I understand the point of this discussion. It took me about 30 minutes max to set up security when I installed a new router.
Click to expand...
The point, as I'm understanding it, is that you might choose not to securitize your system, giving your neighbors free internet access. Or they might do that for you. Just because you know how to deny neighbors access to the internet through your system, that doesn't mean you necessarily have to do so.
 
OK, I got off my arse and got my wifi encrypted and put a password on it (thanks to my 14 year old). I had been meaning to do it (for two years) just never seemed to get around to it.
 
RonBoyd said:
Example, please, of how to do that. Perhaps "very easy" step-by-step instructions on how to access (not-your-own) e-mail on another computer on your network; one that has sharing blocked.
Click to expand...

I've actually done this within my own network, without using credentials to access (e.g. read) files on my Windows boxes. I did that from at least 2 different versions of Linux.

And in case you weren't aware of it, Windows makes available a drive letter for the hard drives on your system. They are C$ (D$ if you have a D: drive), etc.
 
RonBoyd said:
Example, please, of how to do that. Perhaps "very easy" step-by-step instructions on how to access (not-your-own) e-mail on another computer on your network; one that has sharing blocked.
Click to expand...

Oh, and FWIW, while I don't bother locking down my computers very much ... I also don't leave any personal information on the computer. That goes for spreadsheets, logins, etc. And for the short times that they are on my PC, I either have them encrpyted, or I disconnect from the network altogether.
That is one purpose of thumb drives, flash, and external hard drives.
 
Last edited:
myself said:
And in case you weren't aware of it, Windows makes available a drive letter for the hard drives on your system. They are C$ (D$ if you have a D: drive), etc.
Click to expand...

:D

Anyway, it did make me think about this further; could I access the PST file(s) on her computer's "unshared" directory with a different computer on the same network? Hmmmm. I suspect not but I will check it out tomorrow... barring any distractions.
 
myself said:
Oh, and FWIW, while I don't bother locking down my computers very much ... I also don't leave any personal information on the computer. That goes for spreadsheets, logins, etc. And for the short times that they are on my PC, I either have them encrpyted, or I disconnect from the network altogether.
That is one purpose of thumb drives, flash, and external hard drives.
Click to expand...

Yeah, I know... it is not paranoia if they really are out to get you.
 
Nords said:
I'm still a little unclear on who gets the search warrant for child pornography or pirated media or other illicit activity-- the router owner or the users?
Click to expand...
Actually lots of people have their compromised PCs incorporated in bot nets without their knowledge and used as storage bins for pirated videos, porn and the like. Leaving a network unsecured through ignorance is a good first step on that road. But, knowledgeably sharing a secured wireless connection with a neighbor seems OK. Unless you are pretty knowledgeable your home network will be relatively open to the neighbor (just like it is to your kids and their visiting friends). But as long as you don't share any of your files you would probably be OK. And you could learn how to lock down your computers if you were concerned. If you keep extremely sensitive stuff on the PC you better use good encryption in any event.
 
A couple of weeks ago I noticed yet another insecure wireless access point in our neighborhood. On a whim, I connected to their router. I thought for a moment, wow, I could create some havoc here. But that isn't my style, and I also felt like I was invading someone elses private space. I mean the router is likely inside their house and I was poking around. I quickly backed out but I sometimes wonder what I might have been able to find.
 
You must log in or register to reply here.

Similar threads

Jimmie
New Eero Pro 6E Mesh WiFi Router Review
Palmtree
Palmtree
FiveDriver
That Cable Bill went up again !!
2 3
Dawg52
Dawg52
jollystomper
Built a NAS server after NAS-ty installation experiences
2
The Cosmic Avenger
The Cosmic Avenger
calmloki
wireless mesh router?
2 3 4
B-Guy
B-Guy
PaunchyPirate
Car loan application as a retiree
2 3
Dash man
Dash man

Latest posts

Back
Top Bottom