Forgot your password?
typodupeerror

Neighborhood WiFi Security 328

Posted by ScuttleMonkey
from the put-out-an-electronic-welcome-mat dept.
picaro writes to tell us the New York Times has an interesting piece about the abundance of open wireless connections available due to the lack of the average user's knowledge. The article also takes a look at how the prevalent attitude is that tapping in to these connections does not equate to stealing and why still other may disagree. From the article: "Piggybacking, the usually unauthorized tapping into someone else's wireless Internet connection, is no longer the exclusive domain of pilfering computer geeks or shady hackers cruising for unguarded networks. Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture."
This discussion has been archived. No new comments can be posted.

Neighborhood WiFi Security

Comments Filter:
  • by necro2607 (771790) on Monday March 06, 2006 @07:28AM (#14856737)
    Ordinarily upstanding people are tapping in. As they do, new sets of Internet behaviors are creeping into America's popular culture.

    Yeah, like computer users getting sued by the RIAA when they have never used any P2P software on their machine, for example...
  • Re:RTFM (Score:4, Insightful)

    by jonv (2423) on Monday March 06, 2006 @07:43AM (#14856786)
    The problem with securing your machines and opening the AP is that certain ISP services (mainly SMTP servers for outgoing mail) don't require any authentication as the ISP assumes that who ever has physical access to the connection is the authorized user. Someone 'sharing' the connection could be using it to borrow the ISP SMTP server for sending out spam or other unwelcome email.
    Of course this can be resolved by putting the access point on the right side of well configured firewall, just pointing out there is more to consider than just securing your machine.
  • by mccalli (323026) on Monday March 06, 2006 @07:47AM (#14856798) Homepage
    Can see one rather obvious drawback - I cycle to a place, I come out later expecting to cycle back from that place and...

    Oh dear. My mode of transportation has gone. Taxi time...

    Cheers,
    Ian

  • by kyrre (197103) on Monday March 06, 2006 @07:51AM (#14856810)
    Usually not knowing it's a crime is no get outta jail card. When it comes to the 'net, it is.

    Since when was it illegal to share your network connection with someone? Last I have heard there was an entire industry devoted to the service. They are called Internet Service Provider.

    But that's no problem either, because in our legislative, being clueless on the net is appearantly an excuse for committing any crime. You participated in a DDoS because your computer contains more malware than other programs? No worries, you didn't know, you're not to blame.

    You leave your house for work every day at 9 am and return by 6 pm. Outside your house, on your property, some dude hangs around all day, every day, dealing drugs while you are gone. Is it fair to put YOU in jail for 20 years in this case? You should have known that someone can stand on you lawn and sell drugs, right?

    I have shared my wlan for 3 years, and will continue to do so in the future.
  • Bizarre attitudes (Score:5, Insightful)

    by caffeination (947825) on Monday March 06, 2006 @07:52AM (#14856818)
    I got into this article without signing up yesterday. Can't today, so I'm quoting from memory.
    ...I thought "Oh my God! People could be using my connection too!".
    Six months later, however, $Person still hasn't secured her wireless network.
    My parents were the same. I took my laptop into the garden, showed them that I could get onto their connection from at least 50m from the house, then I connected to the neighbours' connections and changed their essids to demonstrate how easy such things are. Then I opened ethereal and demonstrated to them how easy it was to read peoples' internet traffic.

    All I got was "That shouldn't be allowed".

    Under my own initiative, I then put a fairly long encryption key on their network and password protected the router config. I know it's weak security, but it's better than none at all.

    That is how much people care about security. I explained to my uncle the other day about how spyware can log your key presses and report them back to a server. He was shocked and outraged, for about 1 second. Once his computer was clean enough to be usable, he was satisfied (this is a home & business computer, used for EBAY).

    Nobody gives a shit about anything to do with computers. It seems that the current parent generation was lead to believe that technology would make life easier and do all the work for them, when the reality is that it's actually replaced much of the work. God knows what long term effects this will have on computing.

  • Open access (Score:2, Insightful)

    by suntac (252438) <Johan.Louwers@te ... g ['alc' in gap]> on Monday March 06, 2006 @07:59AM (#14856835) Homepage
    "Some users say they have protected their computers but have decided to keep their networks open as a passive protest of what they consider the exorbitant cost of Internet access."


    I think a lot of people have an open WiFi connection for the rest of the world to use. This however is not only because they want to give some protest but also to simply add a other node to the ever growing number of open "uplinks".

    As more and more people are doing so at the moment it becomes easy for traveling laptop users to get online everywhere they want. Closing you "uplink" will become more and more rude in the global opinion I think. Sharing the connection will become more natural to people as they become more aware of the benefit they have from the open uplinks offered by other users.

    WiFi will become eventually something like opensource code, sharing and be shared only here we are not talking about code but about internet access. You give access to users and those users give you access in return.

    At least this is my opinion.

    Regards,
    Johan Louwers

  • by Antony-Kyre (807195) on Monday March 06, 2006 @08:01AM (#14856841)
    The difference between your comment and the story at hand is you mention community property, the story mentions personal property.

    If city governments were to simply create free WiFi, and someday WiMax, then people piggybacking on other people's connections may become moot.
  • Re:RTFM (Score:5, Insightful)

    by KiloByte (825081) on Monday March 06, 2006 @08:07AM (#14856858)
    Traffic shaping will do the trick just fine.

    Have two HTB branches: one for yourself, one for good-neighbour sharing. You can set it up so the latter will be starved or almost-starved whenever you need the bandwidth. And then you can fine-tune the branches to care about TOS, etc.

    Besides, traffic shaping is mandatory anyway if you want to even think about using ssh while you're downloading something.
  • by Opportunist (166417) on Monday March 06, 2006 @08:38AM (#14856966)
    In other words, everyone except IT-techs have a carte blanche? Because you can't expect the ordinary user to know or even have a firewall, virus utilities or packet filters?

    And is it not negligence when I see my computer slow to a crawl (because it's filled with trojans that hook every single API in the system) and ignore it? Is it not negligence when I see sexpages pop up even if I surf towards Disney (because my machine is filled with adware bombers)? Is it not negligence when my connection is noticably slowing to a crawl (when my computer is spewing out torrents of spam)?

    When I leave my door unlocked (just closed, but unlocked), I'm considered negligent when someone breaks into my house and steals my possessions, my insurance will brush it off and I'll sit here alone in my empty home. Worse, when I leave my car keys in the car and someone steals it, committing a crime in the process far worse than stealing my car (like, say, withdraw some money from the local bank using his iron mastercard...), I'm probably guilty of aiding a criminal.

    Why is that different when it comes to computers and computer criminality?
  • by MaxPowerDJ (888947) on Monday March 06, 2006 @08:39AM (#14856968) Journal
    I have read about other people's posts abot leaving your access point open and sharing the connection. Around here (Puerto Rico), people would just mess your resources up. I have a 1024 Kb down/ 512Kb up cable connection that I distribute among my two computers (one for light e-mail and downloading and another that I connect through the net from work). and I personally took care of security (MAC address filtering + best encryption supported by the AP).

    The things is, people have attempted to get in and disable my equipment. People can and will use the wireless connection to do mischievous things. They get no access from me.

    Open access is fine if you have an agreement with your neighbohrs and/or you have a common wifi provider (many new housing development are now including wifi from the get go). Otherwise, is just asking for trouble.
  • by steve_l (109732) on Monday March 06, 2006 @08:44AM (#14856989) Homepage
    You are right, the only person who should bring the network to is knees is me.I do this by configuring my router so the bittorrent ports go to my machine, and not to any of those evil piggybackers.

    I actually run an open network for a number of reasons
      -I cant be bothered to set up access for overnight guests and other visitors
      -I explicitly allow a neighbour to share
      -I dont think classic WEP, that some of my hardware is, is at all secure.
      -Knowing the net is open forces me to lock down the boxes better. All firewalled, no SMB connectivity (SSH/SCP to the server only).

    And finally: I like it when I get free networks when I travel, and want to share the joy. Saturday: father in law's house, public network "linksys". Last summer -stuck at my mother's house for a few days. Public network from a neighbour. I dont care whether these people did it on purpose or through ignorance, I benefit, and their cost is minimal.

    I believe that you can get firmware for the linksys WRT54G boxes that let you throttle guests...

    -steve

  • by The_Mr_Flibble (738358) on Monday March 06, 2006 @08:47AM (#14856997)
    So If I have a secured access point (using term loosely) and someone gains unauthorized access to it would it be okay for me to poke around on his computer he is using to access it ?

    And if it is okay what about an unsecured access point for my personal use with no encryption or security ?

    Just because it's not secured doesn't imply that it is free for anyone to use ?

    I leave the front door of my house unlocked sometimes does that mean it's okay for someone to come in and use my milk/heat/tv ?

    If someone did enter my house they would get badly hurt. Same thing would happen if you used my AP without authorization.

  • Open Access Points (Score:5, Insightful)

    by TPS Report (632684) on Monday March 06, 2006 @08:52AM (#14857024) Homepage
    That would be the category I fall under. I think everyone should follow the sharing principle, lock your box, and open the AP. No matter what deviant may come around and use your access, you can always prove it wasn't you. Now it may be a hassle and even cost a bit of cash..., which we all know sucks, but I've been sharing my wifi for nearly 3 years now and have had no problems.


    At first I was thinking - whoa, you're very open minded. Then I realized you wrote wifi instead of wife. I need some coffee.

    I understand what you're saying about the open access, and it's a nice thing to do - but there's no way in hell I'm going to go through the federal investigation process or even chance the possibility of going to prison, for my neighbors kiddie porn habit. Sorry. My life and the potential hassle is worth way more than him saving $39.95 on his cable bill. You're being nice, and that's applaudable, but if anything does happen - you're going to have a tough time proving it was not you.

    You: but I have logs!
    Them: How convenient. The accused has evidence pointing to someone else. Is it unaltered proof?
    You: Of course! These are the raw server logs!
    Them: Logs, from your firewall?
    You: Yes!
    Them: A firewall which you have administrative access to, and can change the logs at will?
    You: Uh, yeah. But I didn't change them.
    Them: So the logs very well could be altered. And it would be in your best interest for that to happen?
    You: WTF man... I didn't do it.

    Don't expect your freeloader neighbor to step up and take a federal sentence when it comes down to it, and don't put your life in a position where it depends on the justice system to "get it right". Ken Lay, OJ, and lots of others are walking around free men today..
  • by 1u3hr (530656) on Monday March 06, 2006 @08:54AM (#14857034)
    The NYP can't resist: David Cole, ... for Symantec ...said savvy users could use the computer as a launching pad for identity theft or the uploading and downloading of child pornography.

    But at least they didn't play the TERRORIST card.

  • by Anonymous Coward on Monday March 06, 2006 @09:03AM (#14857082)
    It seems that the current parent generation was lead to believe that technology would make life easier and do all the work for them

    Uh, no. More accurately they actually have morals and believe people should respect others' property. Remember, this is the same generation that grew up leaving their front doors open, their car windows open, etc. Contrast this with today's generation that seems to believe that whatever you can steal is OK as long as a) you can blame the victim (the idiot didn't put enough security in place - he deserved it, or b) you can rationalize it by saying the victims are evil ... RIAA, MPIA, Microsoft, ... the usual suspects.
  • Re:RTFM (Score:2, Insightful)

    by CastrTroy (595695) on Monday March 06, 2006 @09:51AM (#14857298) Homepage
    What's the stop the person running the open access point from logging all your activity? Even with SSL, there's possibile MITM [sans.org] attacks that can be done. Are you really willing to trust a random individual with your privacy. I know that ISPs are capable of the same, but at least you have a contract with them.
  • by DrSkwid (118965) on Monday March 06, 2006 @10:01AM (#14857345) Homepage Journal
    That would suggest I have the burden of innocence.
  • by Anonymous Coward on Monday March 06, 2006 @10:13AM (#14857419)
    If my neighbor has service through Comcast, how am I bound by thier ToS to not use an open wireless point? I don't have an agreement with Comcast to do or not do anything.
  • by thrillseeker (518224) on Monday March 06, 2006 @11:05AM (#14857757)
    So you don't consider a WiFi connection coming from someone's residential property to be personal property?

    Not if it's unsecured - a trivial thing to do. Say someone had really bright outside lights, like my neighbor. Should I not be allowed to read a book sitting on my back deck in the evening using the radiation coming from his property, or should I make arrangements to reimburse him for leaving his lights on all the time? I bet the power company has some rule about the sharing of electrical power - and yet, here is his radiation coming out of his space. He could easily shade his property if he didn't want me sharing his radiation. Likewise, a Wifi user can easily secure his access point if he doesn't want others using his connection. If the neighbor plants tall bushes on his property to block my use of his light spill, and I cut them down to gain access, then I have violated his property rights - likewise if I decrypt the trivially weak Wifi security I have violated his property rights.

    There's three unsecured APs visible from my deck besides my own - I don't worry about any of them using my system if they want, nor do I worry about using theirs if I want, though I've never had a need.

  • by GooberToo (74388) on Monday March 06, 2006 @11:13AM (#14857820)
    I saw a documentary on this topic some number of years ago. They tried this same project in New York. Within one day all stickers had been removed and all of the bikes had been stolen. The project was considered a failure after a single day. Many bikes were found in area pawn shops. When interviewed, some of the less scummy people were asked why they refused to use the bikes. Their statements were something like, "if I fall, who do I sue?" And still others were, "if the bike fails to get me where I need to go, who's legally liable?"

    In other words, in some cities, such behaviors are considered being a responsible citizen. In others, they consider it theft and knowingly steal the services. It's no wonder the associated ideologies differ drastically depending on where you are and who you ask!
  • by Kjella (173770) on Monday March 06, 2006 @11:24AM (#14857922) Homepage
    don't put your life in a position where it depends on the justice system to "get it right". Ken Lay, OJ, and lots of others are walking around free men today..

    If you tried a couple of wrongfully convicted people who has later been cleared your case would be stronger. "Guilty beyond reasonable doubt" means we're letting people that are probably guilty go free. At times that can be very offensive because the victim was certainly killed / raped / beaten / defrauded / whatever, and noone got convicted. We could habe a system that'd put Key Len, OJ and lots of others behind bars - along with many innocent people. It'd certainly give a new life to subjectivity in the courtroom. "He's such an upstanding member of the community, he probably didn't do it." "He's a black gang member, he probably did." As it is, it's mostly up to the evidence to prove it or not. Speculation should be left to the tabloids.
  • by coaxeus (911103) * on Monday March 06, 2006 @11:49AM (#14858189) Homepage
    lots. during my time in tech support/helpdesk/support of friends I've found several cases where a user buys router, plugs in router, turns on laptop and sees 3 networks called "dlink" "wireless" "linksys" whatever and just pick whatever. Or the software just picks one, often the wrong one. After I lock down their AP with WPA *and* MAC filtering, and put them on their own AP, they are amazed at the speed of having their very own internet connection.
    *no one* is to blame in this but the vendors of wireless products. If cars were sold in a state that the doors did not lock unless you had a basic knowledge of auto mechanics and had to open up the hood and adjust a few things, there would be outrage until auto makers stepped up and made doors lock by default, or at the press of a button. Home wireless gear should ship with at least WEP enabled, and the unique WEP key printed in the manual or even right on the unit. Windoze automatically asks for your WEP/WPA/whatever password, it's not hard to look at the thing and then type it. This could even be used as a way to get lusers to read a page or two of the manual.
  • by Syberghost (10557) <{moc.tsohgrebys} {ta} {tsohgrebys}> on Monday March 06, 2006 @12:26PM (#14858557) Homepage
    That would suggest I have the burden of innocence.

    No, you're right, the government has to prove to the satisfaction of a jury that you did it.

    To the satisfaction of 12 people who were too stupid to get out of jury duty. Using their effectively-unlimited resources.

    But, I'm sure your esoteric technical arguments will convince a jury of non-technical people that you're right, in contrast to the government's arguments, which will consist of blown-up pictures of sex with barn animals that were accessed from your internet connection. Eventually.

    There are many fights in life that I am quite confident I could win. I don't go around trying to get into them.
  • by Lumpy (12016) on Monday March 06, 2006 @12:31PM (#14858618) Homepage
    I have open access and help support a community wifi. you MUST login via a nocatauth login and your mac addressis logged for the duration. If the federalies come looking I simply say, yup: this mac address wasusing it during that time. I would look around the neighborhood or I can notify you the instant that MAC address is back onthe network.

    works great and shuts up the cops fast.

    if you do not have the technical know how to share your wifi correctly with nocatauth then you deserve to reap the results of it.
  • by kryliss (72493) on Monday March 06, 2006 @04:38PM (#14861326)
    Nice concept but if you decide to read kiddie porn while using your neighbor's light then get busted by the police your neighbor isn't going to be standing in court. If you use your neighbor's wifi and the IP gets picked up for downloading kiddie porn then your neighbor will be standing in court... BIG HUGE DIFFERENCE.

If Machiavelli were a hacker, he'd have worked for the CSSG. -- Phil Lapsley

Working...