Forgot your password?
typodupeerror

Turning Network Free-Riders' Lives Upside Down 658

Posted by timothy
from the shake-it-like-an-etch-a-sketch dept.
An anonymous reader writes "You discover that your neighbours are using your unsecured wireless network without your permission. Do you secure it? Or do you do something more fun? A few minutes with squid and iptables could greatly improve your neighbours' Web experience ..." Improve is a relative term, but this is certainly gentler than certain other approaches.
This discussion has been archived. No new comments can be posted.

Turning Network Free-Riders' Lives Upside Down

Comments Filter:
  • by farker haiku (883529) on Thursday July 27, 2006 @01:02PM (#15792192) Journal
    Every link could be tubgirl.
  • by Anonymous Coward on Thursday July 27, 2006 @01:08PM (#15792245)
    To the anonymous author who writes in the 'article'



    "My neighbours are stealing my wireless internet access."



    Possible, but not likely. The most likely thing is your clueless neighbors don't have their own wireless set up very well, and are connecting to your wide-open network without realizing it. Thinking they are connecting to their own setup.



    If you are an idiot who set up his network wide open, I wouldn't complain about anyone 'stealing' access. Secure your network properly, or be prepared to share it if you leave it open.



    By leaving it open in the first place to be stolen, you've shown your dumb. Now doing this jackass thing to an 'open' resource, shows that you are a dumb asshole.

  • Stealing? (Score:5, Insightful)

    by SecurityGuy (217807) on Thursday July 27, 2006 @01:09PM (#15792253)
    It's as much stealing as sending the signal into their home is trespassing.

    I think you just shake your head at your failure to secure it in the first place, decide if you care, and if you do, lock it down.

    Funny way to deal with it, though.
  • Re:I use WEP (Score:2, Insightful)

    by rivaldufus (634820) on Thursday July 27, 2006 @01:09PM (#15792254)
    Well, if you're using WEP, you should still do it. Someone's probably cracked your encryption long ago...

    It makes me think about turning off WPA, though.

  • Feh (Score:5, Insightful)

    by NitsujTPU (19263) on Thursday July 27, 2006 @01:10PM (#15792262)
    Improve is a relative term, but this is certainly gentler than certain other approaches.

    I don't really see the point. It's funny as a practical joke. In terms of protecting your network... why not just secure it instead?
  • Re:Should be legal (Score:3, Insightful)

    by larien (5608) on Thursday July 27, 2006 @01:11PM (#15792279) Homepage Journal
    Pfft, what are they going to sue you for? It's your network, you can do what the hell you want with it. If they choose to use it of their own free will, what do they expect?
  • Funny, yes... (Score:3, Insightful)

    by jawtheshark (198669) * <slashdot&jawtheshark,com> on Thursday July 27, 2006 @01:11PM (#15792282) Homepage Journal

    Frankly, if you don't want others to use your wireless, just encrypt it. Annoying freeloaders this way is pretty much childish. Set up WPA-PSK (which is much easier than WEP and more secure, AFAIK) and be done with it.

  • by insomniac8400 (590226) on Thursday July 27, 2006 @01:11PM (#15792284)
    It's impossible to steal unprotected wifi. If you leave your connection unprotected, that means you are purposely sharing it. Although flipping the pictures upsidedown is pure genious.
  • Re:Funny, yes... (Score:2, Insightful)

    by basketbeatle (958202) on Thursday July 27, 2006 @01:15PM (#15792325)
    All pranks are childish in some way. You seemed to have missed the point completely.
  • Not very likely (Score:1, Insightful)

    by LoonyMike (917095) on Thursday July 27, 2006 @01:16PM (#15792327)
    You discover that your neighbours are using your unsecured wireless network without your permission.

    This seems to suggest a scenario where it was not the owner's intention to have an open network, and at some point in time he discovers it's being used.
    If we're talking about someone smart enough to play this trick on the neighbours, the network would likely be secure in the first place.
  • Re:Liability? (Score:5, Insightful)

    by darkonc (47285) <stephen_samuel&bcgreen,com> on Thursday July 27, 2006 @01:18PM (#15792354) Homepage Journal
    If you redirect a minor to goatsex, you might be in trouble.

    If, on the other hand, you simply mangle the images that (s)he's looking for, then you could say that you're protecting the kid from nasty content.

    It's not like you have a contractual responsibility to deliver something that (s)he never asked or paid you for.

  • Re:Goats (Score:5, Insightful)

    by trewornan (608722) on Thursday July 27, 2006 @01:20PM (#15792372)
    I chose to leave my wireless network open so that if someone nearby needed a connection it would be available for them. If someone was to impose an unreasonable load on the network I might do something about it but so far (12 months) I've had about half a dozen people connect and download relatively small amounts of data - my guess is they were checking email. Why would I object to that? No . . . why would *you* object to that? The way I see it it's a chance to do something nice for other people, why not get yourself some good karma.
  • by MImeKillEr (445828) on Thursday July 27, 2006 @01:25PM (#15792404) Homepage Journal
    If you're so intent on leaving it open, I'd suggest just getting their mac address and assign it back to 169.254.x.x or 127.0.0.1. That way, if they actually do anything illegal, its not tracked to you.

    You're just flipping webpages, right? What's to stop them from getting on a P2P network and sharing/downloading files? What's to stop them from visiting illegal porn sites?

    Doing this to them will just make their internet useless. Not as funny, but safer IMO.

    Another thought: Is there some way to randomly route their requests to a totally different webpage? Say they want to go to Google, etc. Is there some way to redirect their request to a randomly-generated (but real) URL? I'd suggest something in a foreign country.

  • Re:Goats (Score:5, Insightful)

    by generic-man (33649) on Thursday July 27, 2006 @01:28PM (#15792435) Homepage Journal
    I've lived in two places where I set up my access point with no encryption. In both places, I've fired up iTunes to see someone else sharing music on my LAN. This didn't bother me until I read the name of the share: "(name)'s LimeWire Tunes."

    I don't mind if people want to check their e-mail on my WAP. I do mind when they idle on file sharing services, using lots of bandwidth and exposing me to potential legal liability.

    It's a shame that I have to protect my router somehow, especially because one of my devices (a Nintendo DS) doesn't support WPA at all.
  • Re:Should be legal (Score:4, Insightful)

    by edmudama (155475) on Thursday July 27, 2006 @01:34PM (#15792490)
    IANAL, but your machine is manipulating those bytes as they go by, and therefore you're tampering with their communications which may be legally protected.

    As funny as this might be, I don't see it as being worth the potential liability. If the DMCA can attempt to outlaw drawing on your CD with a sharpie, then you could get in trouble for just about anything.

  • Re:Open Networks (Score:2, Insightful)

    by qsqueeq (586979) <squee_burger@hotmail.com> on Thursday July 27, 2006 @01:34PM (#15792494) Homepage
    I may even say that I find it unethical to exclude your neighbours from using your network but I respect your opinions.

    You are an idiot. He paid for the connection, and he can do whatever he wants with the people using it. In fact, this practice of 'borrowing' your neighBOR's wireless is becoming illegal in some areas.
  • Except (Score:5, Insightful)

    by geekoid (135745) <dadinportland@@@yahoo...com> on Thursday July 27, 2006 @01:45PM (#15792623) Homepage Journal
    by leaving it open he is inviting other people to connect.

    Some computer says to the router "Hey, can I come in?" and the router says "Sure". Now, the moment you put something up, like needing a password, then you are no longer inviting people in.
    Computer says "Hey, can I come in" router says "Sure, if you know the password."
    Or you can encrypt it
    Computer says "Hey, can I come in?" the router says "KE*jd7638JDEJE*834899(&^&#nd&#&bd*e#"
  • by Anonymous Coward on Thursday July 27, 2006 @01:46PM (#15792641)
    Network freeloaders put themselves at risk... It would be trivial for someone to set up a "Free Internet" wireless AP and then run phishing attacks, sniff IM conversations, e-mail, etc. Considering how little the average internet user even pays attention to SSL, one could very easily imitate a bank, ebay, paypal, etc... One should certainly think twice before freeloading on someone's wireless network - and if you do, at least tunnel your connection securely (even socks5 over an SSH tunnel, etc)..

  • Re:Goats (Score:5, Insightful)

    by sammy baby (14909) on Thursday July 27, 2006 @01:51PM (#15792703) Journal
    If you don't secure a wireless connection that spills onto other people's property, why shouldn't they use it until told otherwise?


    Conversely, if you find someone else's unsecured wireless network, why would you complain if they decided to flip all the images?
  • Re:Goats (Score:3, Insightful)

    by spyrochaete (707033) <spyrochaete AT hyppy DOT zapto DOT org> on Thursday July 27, 2006 @01:51PM (#15792705) Homepage Journal
    It's the same reason you shouldn't feed pigeons in a park. It might be a friendly thing to do, but not everyone is as nice as you. One day a pigeon that has been conditioned not to fear man will come across a mean spirited kid who will feed it poison. In the case of the USA, that mean spirited kid is the archaic law about accessing a wide open WiFi port without permission.

    Do your neighbours a bigger favour - change their mooched web browsing data to kittens to let them know their actions are not clandestine.
  • Re:Goats (Score:3, Insightful)

    by Shakrai (717556) on Thursday July 27, 2006 @01:52PM (#15792717) Journal

    If you don't secure a wireless connection that spills onto other people's property, why shouldn't they use it until told otherwise?

    If your cordless phone connection spills onto their property, why shouldn't they use your base station or listen to your calls until told otherwise?

    Of course, they can't do that you'll say, because it might cost you money. Using their internet connection might cost them money! Granted, it's rare, but what if they receive internet service from celluar and pay for each megabyte?

    I just think it's pretty arrogant to assume that you can use it without permission just because it's unsecured.

  • by geekoid (135745) <dadinportland@@@yahoo...com> on Thursday July 27, 2006 @01:54PM (#15792742) Homepage Journal
    If you leave a wireless netowrk open, they are not intruders. In fact, when their computer asked your connection is it was ok to connect, the wireless connection said yes.

    The wireless is broadcasting into their home, and it is cnotently loking for connections.

  • by squiggleslash (241428) on Thursday July 27, 2006 @01:56PM (#15792772) Homepage Journal

    No, it's not implied. As the law stands, it's illegal unless you get something more explicit in terms of permission. Yes, illegal. Yes, people have lost in court. No, not civil court, criminal.

    (And it makes sense that no implied permission is given by simply having your router be unsecured, given "unsecured" is the default configuration of most off-the-shelf routers.)

    It really isn't an issue in practice. If you want to use someone else's network, all you have to do is ask them. With 802.11, you're close enough to be able to do so. There's no reason not to ask, other than knowing that "no" is likely to be the answer. And I think that's why people tell themselves the myth that somehow they have implied permission simply because the "door" was left unlocked.

  • by fahrbot-bot (874524) on Thursday July 27, 2006 @01:58PM (#15792785)
    wireless networks advertise themselves. Your analogy is flawed.

    A car left idling with the door open advertises itself. Stealing it would still be wrong. I'm sorry, but your moral compass is flawed.

  • Re:Goats (Score:2, Insightful)

    by terrahertz (911030) on Thursday July 27, 2006 @02:00PM (#15792816)
    why would *you* object to that?

    ...um, because I don't want wardriving sickos using my network to download kiddie porn? And bring all of the unwanted attention from my ISP and law enforcement that would generate? Hello?
  • by R2.0 (532027) on Thursday July 27, 2006 @02:01PM (#15792832)
    The analogy is not flawed. So the router is "visible", with an option to make it invisible. Big deal. My garden is visible from the street, but I can put a tarp around it to obscure its existence. What you are saying is that, unles I put a tarp up around my garden, everyone has a right to use it.

    Wireless networks may make themselves conspicuous, but that does not confer an invitation to use them. The connection between "visible" and "inviting" is not legally or morally valid. (I am excepting the concept of "attractive nuisance", but I don't think open routers will come under that area of liability)
  • Re:Goats (Score:1, Insightful)

    by Anonymous Coward on Thursday July 27, 2006 @02:18PM (#15792999)
    "I just think it's pretty arrogant to assume that you can use it without permission just because it's unsecured."

    Not because it's unsecure but because his f* signal is within my property.
  • Re:Goats (Score:5, Insightful)

    by b0bby (201198) on Thursday July 27, 2006 @02:21PM (#15793017) Homepage
    Yeah, that's what I do too. My neighbors also have open access points mostly. I check the logs every so often, but I've never seen anyone but me having connected. Still, if someone wants to check their email, it's there. I don't have a problem using open points to check mail while I'm travelling, might as well return the favor. I'd lock it down if someone were leeching 24/7, but I don't see any of my neighbors doing that.
  • by geekoid (135745) <dadinportland@@@yahoo...com> on Thursday July 27, 2006 @02:23PM (#15793037) Homepage Journal
    ASk who?

    How does someone know whose netowrk it is?

    It should be that if you are freely braodcasting for connections, and no effort is made to limit access, then free use is implied.

  • Re:Goats (Score:5, Insightful)

    by element-o.p. (939033) on Thursday July 27, 2006 @02:23PM (#15793045) Homepage
    Unfortunately, not everyone is as kind (or patched/anti-virus'ed/etc.) as your neighbors are.

    I spent three years as an abuse admin at an ISP, and spoke with a number of customers where the only likely culprit for an abuse complaint was someone "borrowing" their Wi-Fi connection (nmap [insecure.org] is a wonderful tool for finding likely infections/file sharing clients). In almost all of these cases, securing the Wi-Fi access point made the problem go away.

    It's possible that my customers were lying and that they just latched on to the Wi-Fi excuse to get me off their backs, but after three years, it (usually) wasn't too hard to tell when someone honestly had no clue and when they were covering up :)

    So *that's* why I object to people using my Wi-Fi without permission.
  • Re:Goats (Score:2, Insightful)

    by indil (911425) on Thursday July 27, 2006 @02:28PM (#15793080)
    I agree. The way I see it, in a system of perfect control, any allowed behavior is explicitly authorized by the administrator(s). If you don't want someone using it, then take it away from him/her.
  • HuH? (Score:5, Insightful)

    by bennomatic (691188) on Thursday July 27, 2006 @02:28PM (#15793086) Homepage
    If I leave my bike outside unlocked for 10 minutes, am I giving explicit permission to anyone who sees it that they can take it? No. Am I allowing it to happen through negligence? Sure, but call it what it is; it's still stealing, or at least trespassing.

    Even something as amorphous as bandwidth is a limited resource. To paraphrse the head of the commerce committee, an open wireless connection is not a dump truck you can just load up with as much as you like; it's a tube!

    Sure, if you want to make sure nobody uses your tube, you should protect it. But just because you don't doesn't mean you're giving explicit permission. If I leave my bike on my front lawn without a lock and someone steals it--even if they give it back before I notice it was gone--it's still theft.

  • Re:Except (Score:4, Insightful)

    by R2.0 (532027) on Thursday July 27, 2006 @02:30PM (#15793109)
    Yes, the computer is "asking" the router "permission", and the router is "granting permission" - the only problem is, the words we use to describe these actions may appear to be descriptive of thinking and volition, but they really mean neither. Computers and routers simply CANNOT give "permission" in any legal or moral sense.

    To use the yard analogy that seems to be popular for these threads, lets supposed your neighbor's massively retarded child asks your massively retarded child for permission for his Daddy to use your yard, and your child agrees. Neighbor then comes over and stages a cookout on your lawn, or for that matter just walks across it.

    When you confront him, he says "But my kid asked your kid, and he said yes." This is binding? Common sense and the law would say no, yet you would allow devices with an order of magnitude less analytical power than a retarded child to give and receive similar permissions.

    Repeat after me folks: devices CANNOT give and receive permission for human actions without those permissions EXPRESSly being granted via some other means.

    A traffic light doesn't give you permission to cross the street; the government(that you studied to get your license) gives you permission to cross the intersection when a light is green, and denies it when red.

    Your ID badge doesn't ask permission to enter your building, and the security system doesn't grant permission; YOU ask for permission by presenting the badge, and your employer grants it by programming said system to accept your request.
  • Poor neighbors.... (Score:4, Insightful)

    by natet (158905) on Thursday July 27, 2006 @02:35PM (#15793155)
    This was hillarious. I loved the upside-down images! The comments for this story have been entertaining...

    However, I suspect the neighbor of just not understanding how things work. I'll bet they set up a wireless access point in their house, put in the wireless card, and fired up the machine, which connected to the first network it could see, and they assumed it was theirs.
  • Re:Goats (Score:5, Insightful)

    by ShawnDoc (572959) on Thursday July 27, 2006 @02:47PM (#15793271) Homepage
    Your router is giving them permission to associate, is providing them with an IP address, and is allowing them to pass traffic. Heck, I'm guessing your AP is even broadcasting its SSID and telling people its available for them to connect to. When the client associates it acts just like a web page request, it says "Hey, can I connect here?" and if your router replies with a "Sure thing!", then as far as I'm concerned you've given them permission to use your network. If you don't want strangers using your Internet, you've got TONS of options, turn off DHCP, use WEP, use WPA, limit access only to those MAC addresses you approve, turf off SSID broadcast. Obviously some of these offer better security than others, but ANY of these will prevent a casual user from using your network.
  • by qazwart (261667) on Thursday July 27, 2006 @02:48PM (#15793284) Homepage
    What would be the legal implications if your neighbor decided to use your WiFi connection to do illegal activities? What would be your liability? Especially if you already knew that your neighbor was using your WiFi access? It's one of the reasons I clapped down on my WiFi access. That can also be one of the problems of having "fun" with your neighbor's free loading your WiFi access. You can't use the claim you didn't know they were doing it.

    I also don't buy the idea that "if they didn't secure it, it's an invitation to use it." If I leave my front door unlocked or left a window open, I still don't expect the neighbors to come right in and rummage around my icebox. You certainly won't be successful in that argument if they complained to the police.

    If you want to piggy back on someone's network, ask first. It's not that hard to do, and most people don't mind.

    If you want to open your network to the public, divide it into two networks (one secured and one unsecured), close potential trouble ports, and direct everyone to an opening page where you make no claims of any warrenty for service, and that your network can only be used for legal purposes. That'll protect you from most legal problems.
  • Re:Goats (Score:5, Insightful)

    by ShawnDoc (572959) on Thursday July 27, 2006 @02:51PM (#15793320) Homepage
    You've got two problems you've overlooked. If someone uses your connection for illegal activity (downloading Meet the Fockers, kiddie porn) it will be your IP address that the RIAA/MPAA/FBI will trace. Good luck convincing them it wasn't you. You might be able to do it, but it will take up time and money (lawyers) to clear your name. And in the case of kiddie porn or other criminal act, expect every computer, PDA, and cell phone in your home to be confiscated to be analyized for incriminating data. The second problem is you are allowing strangers access to not only your Internet connection, but also your LAN. I have multiple computers and put files in shared folders so I can access them from different machines. I don't want some strange to have access to those files, or worse, have their computer be infected with a worm/virus that propogates across the network.
  • by 4e617474 (945414) on Thursday July 27, 2006 @03:23PM (#15793642)

    What you are saying is that, unles I put a tarp up around my garden, everyone has a right to use it.

    No, actually we're saying that if your garden pelts us with carrots and peas as we walk past on the public street, we're at liberty to catch them and consume them. Only if you place anti-vegetable-flight netting around your garden (or stop planting vegetables that lend themselves to comparison to an unsecured WAP) does it become incumbent upon us to behave as good citizens.

    Hey! Analogies are fun! Somebody compare Internet privacy law to hunting and fishing licenses!

  • by hab136 (30884) on Thursday July 27, 2006 @03:37PM (#15793794) Journal
    $url = $1;
    system("/usr/bin/wget", "-q", "-O","/space/WebPages/images/$pid-$count.jpg", "$url");

    This line gives me chills. He's passing a completely unsanitized input (the bandwidth thief's URL) to a system() function.

    At least he didn't concatenate everything so that system() would run the entire string as a shell command.. then simply adding a semicolon or pair of backticks to the url would cause the system to run any command the attacker liked, including deleting all files squid has access to and running a custom backdoor. There are a lot more local root-escalation flaws than remote.

    Even without the shell character vulnerability, who knows what kind of failures you can induce out of wget given the right parameters. He should sanitize the URL before passing it out.

    There's also the possibility of a vulnerability in mogrify, given the right corrupted image file to work on. Mogrify should be run in a separate user account that has no access to anything other than the input file.

    Never trust your input, especially from an already-admitted evildoer.

    Yes, I'm paranoid - I work in information security. :)

  • by swv3752 (187722) <swv3752.hotmail@com> on Thursday July 27, 2006 @04:52PM (#15794543) Homepage Journal
    What cases? Because every case where this has come up, the person was charged with something else, never accessing a WAP. The guy in Tampa, was charged with something like loitering.
  • Re:Goats (Score:3, Insightful)

    by cagle_.25 (715952) on Thursday July 27, 2006 @06:17PM (#15795122) Journal
    But if the neighbor happens to be undressing near an open window, her fruits are definitely not yours, and you can be prosecuted for taking effort to look in, even if you are doing so from your own yard.

    So which is it? Is a WiFi signal a piece of property like an apple, that if undefended is free for all? OR, is a WiFi signal a burst of radiation, like a view from the neighbor's window, that has privacy rights attached to it?

    I'm willing to bet that if the RIAA cruised around looking for file-sharing over unsecured WiFi and found you downloading Pirates 2, your lawyers would claim privacy in order to invalidate the evidence.

  • by AK Marc (707885) on Thursday July 27, 2006 @07:15PM (#15795452)
    No, it's not implied. As the law stands, it's illegal unless you get something more explicit in terms of permission. Yes, illegal. Yes, people have lost in court. No, not civil court, criminal.

    I would be interested to hear of any such case. Just like the RIAA implies it is illegal to download, they have never charged a single person with downloading. I've heard of people being arrested after using an unsecured AP brought them to the attention of the authorities, but never have I seen anyone charged or tried, much less convicted of use of an unsecured wireless network.
  • Re:Goats (Score:3, Insightful)

    by Xugumad (39311) on Thursday July 27, 2006 @08:39PM (#15795811)
    I'm not 100% with the "If it's open, it's okay to connect"... but if you're someone with enough knowledge for re-write images as they go over the network, you should have known better, and if you discovered your neighbors are connecting to your open network, the correct response is to kick yourself for being so lazy, and get your network configured properly.
  • Citations please (Score:3, Insightful)

    by snowwrestler (896305) on Friday July 28, 2006 @12:11AM (#15796530)
    For some of these cases you refer to.

    I'm legitimately interested in them, not just looking for a chance to bash you.
  • Re:HuH? (Score:3, Insightful)

    by AK Marc (707885) on Friday July 28, 2006 @01:34AM (#15796765)
    that's like saying that if I walk up to your door, turn the knob, and push, your door is giving me consent to do whatever I want in your house.

    No, it's like walking up to a door with a "please enter" sign on it. The wireless access point broadcasts its name and "invites" people to join. People that connect to the open invitation then ask if they can get an address. The AP responds with a valid address, as well as passing along the router to get out to the Internet. If the AP broadcasting onto public and other people's private property, telling your computer it can connect, how to connect, where to go to get to the Internet, then happily (well, as happily as an AP can get) passing your traffic along isn't an invitation, then I don't know what is.

    You should've locked it if you didn't want me to take your TV!

    Well, if your TV is sitting on my lawn with a "please take me" sign on it, it's going in my house and you'd be hard pressed to get me in trouble for it.
  • by Anonymous Coward on Friday July 28, 2006 @10:11AM (#15798390)
    He did it the right way. If used in the way quoted, the system() function of perl uses execvp directly instead of going through any shell, so no special characters will be interpreted. wget will see the contents of $url as a single argument, any spaces within will be treated as part of the URL to be downloaded.

    I agree with possible flaws in mogrify though.
  • by hab136 (30884) on Friday July 28, 2006 @04:26PM (#15801687) Journal
    He did it the right way. If used in the way quoted, the system() function of perl uses execvp directly instead of going through any shell, so no special characters will be interpreted. wget will see the contents of $url as a single argument, any spaces within will be treated as part of the URL to be downloaded.

    True, the way he called system(), sending "http://www.google.com; rm -rf / ;" as $url should be harmless - doubly so since squid (and therefore this redirector) should be running as a limited user. wget should also not see anything in $url as additional switches.

    However, it's possible that certain ASCII strings passed to wget would make it fail in interesting ways, including compromise. Even if the current wget is completely safe, what about the next version? (Or an old one?) What if someone takes the code and uses curl instead of wget, or some other app?

    The point is that this code is sloppy and dangerous, and could easily be fixed. Data from the user is untrusted and should be presumed to be dirty. The author of this code presumes $url is clean. Cleaning it should only take a line or two, and should be the first thing you do.

    Here's the fun part - I've done enterprise development, and even within the same team I had to defend against bad input from other parts of the system. All routines that I worked on first cleansed the input, then checked it for sanity - and I managed to find quite a few bugs in other people's code that way. There is no safe data, there are no trusted sources.

    It's not always malicious - mistakes do happen. But a mistake (or attack) in one portion of a system shouldn't break another part of the system.

  • Re:Except (Score:2, Insightful)

    by indil (911425) on Friday July 28, 2006 @08:03PM (#15803065)
    Repeat after me folks: devices CANNOT give and receive permission for human actions without those permissions EXPRESSly being granted via some other means.

    Correct, but devices can follow privilege polices set by the administrator, which CAN grant privileges.

    The problem with your argument is that in the yard scenario, the child would only grant permission to use the yard based upon the policy determined by the dad. So if the child granted permission to use the yard to the neighbor, then it's because the dad's usage policy allows it. If dad doesn't want his neighbor to use his yard, then he shouldn't tell his kid, "let everyone use the yard."

Your fault -- core dumped

Working...