N.Y. County Mandates Wireless Security

Mynister writes "CNN has an article about Westchester County NY forcing small business to use basic security on their wireless networks. From the article "The law also requires that businesses offering Internet access -- coffeehouses and hotels, for example -- post signs warning that users should have firewalls or other security measures.""

Re:Hmmm

[TubeSteak]

Actually, it is super-enforceable.

They can do it on the cheap with a few fulltime inspectors walking around with laptops & their eyes open for the notification signs.

In addition, I imagine they'll make some noise in newspapers and whatnot to get computer nerds & other concerned citizens to report any violations of the law.

Stuff like this is very easy to enforce. A friend of mine's father was made an honorary postal inspector and given a card saying so... because he would constantly report on people who were illegaly parked around the local Post Office. They even gave him freebie phone cards & disposable cameras to sweeten the deal and allow him to document the parking violations. And before anyone says the guy had too much free time, he was an insurance appraiser & was in the Post Office twice a day, every day.

Re:Dupe

[TubeSteak]

The old article was "they're trying to do this"
The new article says "they did it"

A lot of laws get drafted, proposed, and then rejected.

This one didn't. So how is it a dupe?

Re:Dupe

[HoosierPeschke]

Not a dupe, a continuation. You took all the time to search for the story but you didn't bother to read it. The first story was about the proposal. This story is about the enactment. The only dupes here are the comments about this story being a dupe.

Text of the law

[Peyna]

The text of the law can be found here [westchestergov.com].

Is Starbuck's Secure?

[nickfrommaryland]

From the article:

Some of the unprotected networks were at cafes, hotels or other establishments that offer wireless hot spots to patrons. Other networks, like those at Starbucks, were protected.

The last time I checked, T-Mobile's service is not any more encrypted than a Netgear router taken right out of the box. Likewise, a sign will probably not protect you from much, unless you're a business. Then you can use the sign to protect yourself from liability.

Re:Dupe

[BenFranske]

I most certainly did read both articles. Really, there's nothing new other than the law has now been passed. The rest is just a rehash. The fact that the Slashdot article summary doesn't point out this was discussed before and the only new information is the law is not in effect makes it a dupe as far as I'm concerned. As others have mentioned, this belongs in slashback or should clearly be marked as a continuation of an old story. This is a dupe.

howto crack WEP and WPA

[Bishop]

The problem with WEP 40/64bit is that the key is only 40bit and can be quickly attacked with brute force. The problem with WEP 128bit is that the standard implemented RC4 encryption poorly and known weak IVs, initialization vectors, are used. To crack WEP an attacker needs to collect a large number of packets that use the weak IVs. The time it takes to collect these packets depends on the ammount of traffic and can take days or months. Some access points and wireless cards have a driver option to disable weak IVs.

WPA is much stronger and WPA2 is even better. WPA is vulnerable to weak keys. This is more a problem for pre-shared keys (the common home setup) then for certificate based authentication. The authentication mechanism uses 4 packets. Those 4 packets can be captured and attacked using brute force offline. IIRC the attack is not that fast and typically uses dictionary based attacks.

Use WPA with a strong passphrase and you should be safe. A passphrase with 16+ chars and numerals should be good. Some access points have buggy webbased management and can't accept other puctuation or special chars.

Ofcourse this won't stop a well financed (state sponsored) attacker. It will stop the neighbour's script-kiddie teenager.

Re:Hmmm

[driddle]

One wonders if the GP feels that neighborhood watch groups are the "scum of the earth" because they're trying to keep their houses, and those of their neighbors, safe.


Well they sound nice in theory and I would hope/expect if my neighbor saw someone shooting me or beaking into my house to call the police. If that is what they are doing then great they are being good neighbors.


Just last night, there was a party across the street that started going wrong (a lot of people - more than 20 - screaming at each other outside). It was only about 10:00 at night on a Saturday but should I have felt bad because I called 9-1-1 to inform them that something very loud and concerning was going on in my neighborhood, even though I wasn't sure that any laws were being broken?


Well first I think using 911 for anything other than a major emergency is an abuse of the 911 service. You really should have just contacted the police via thier non-emergency number. Now I personally think what you did was wrong and unnecessary though I think you heart was in the right place. If you had heard screams for help, gun shots, etc. then you should of course have called the police but if all you heard was some verbal fighting then I really do not see the point in wasting the police's time on a trival matter.


Maybe I should have also felt bad that I called the police on my next-door neighbors when they were screaming and breaking things. Personally, I don't think so. I prefer to think that I might have averted something much worse by getting Portland's Finest out to check out what was going on. Or, maybe, I'm the "scum of the earth" because I'm getting involved in someone else's business...


Well I would not have called the police. Couples fight and they sometimes throw things that is there business not yours. If one of them is really in trouble they can call the police themselves or run to a neighbor, etc. they do not need a neighbor watching them to keep them safe. Of course if you knew that the husband had a history of wife abuse, etc. then I could see you being more concerned/justified in your actions but I doubt that was the case from what you have said. Unless you really witness a crime you should not be calling the police and especially not 911!