Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
534 posts

Ultimate Geek
+1 received by user: 5


  Reply # 147019 12-Jul-2008 07:56
Send private message

It is amazing how much unprotected wi-fi is out there. In my limited experience with my iTouch it seems almost 50% are open.

I have spoken to cafe owners who seem quite happy for people to be using it though, just regarding it as a service. When data limits start getting maxed out quickly they will stop I guess.

What I think people don't appreciate often are the risks....how often do we share data on the whole network rather than sharing with specific devices. Also if child pornography or bomb or P making instructions are being downloaded that account holder is under suspicion....especially the way law is going in many countries with regard to government monitoring of the internet.

1772 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 147020 12-Jul-2008 07:59
Send private message

Personally

I'd approach the owner and advise them of such holes, and may be offer your services to plug such holes

My 2c.

 
 
 
 




74 posts

Master Geek


  Reply # 147025 12-Jul-2008 08:55
Send private message

Hi-ho...

FYI, I'm not talking about WiFi provided by the Cafe's concerned, it's just that I've found most of them while sitting in cafe's.  The one I found yesterday I was working on the 8th floor of a building in the CBD, I suspect the network was in another floor of the same buliding, or next door...

Given that I'm not really up for being abused by the network owners for pointing out their lack of security I'm thinking I might just ignore the small ones...

But if I get time next week I might go back and figure out who the large one was I found yesterday, and approach them, as a site that large must havea regular IT person, who may not know someone has put the WiFi AP on the LAN without configuring it...

I'll report back to this thread about whether or not I get abused or thanked!

Cheers, Me.

90 posts

Master Geek


  Reply # 147034 12-Jul-2008 09:29
Send private message

There is nothing grey about this issue as I see it.  You are violating someone's property and stealing their stuff.  The theft may be minor, and may not cause any actual losses if they have a fixed price internet plan and don't go over their cap, but nonetheless you have no defence for using their connection.

The fact that they have failed to secure their property might be a consideration if their insurance company gets involved (given that their insurance contract requires them to take reasonable steps to protect their property), but it won't be material from a legal perspective.  For example, suppose you find someone else's car that is unlocked with the keys in the ignition.  Can you take it for a ride?  Of course not.  The same principal applies to an internet connection.



74 posts

Master Geek


  Reply # 147065 12-Jul-2008 11:30
Send private message

BobW: There is nothing grey about this issue as I see it. You are violating someone's property and stealing their stuff. The theft may be minor, and may not cause any actual losses if they have a fixed price internet plan and don't go over their cap, but nonetheless you have no defence for using their connection.


I never asked if it was illegal, I think we're all pretty clear that connecting to someone else's network for whatever purpose without invitation or permission is going to get you in trouble with Mr Plod eventually if you do it regularly or with malicious intent.

The question was should I tell the owners of the network that they had their pants down, in the electronic sense.

What about the the people on here..... If I trucked up to your door and told you I'd managed to connect to your WiFi from the Cafe next door, would you be happy to be told, or tell me to _____ off?

Cheers, Chris H.

297 posts

Ultimate Geek

Trusted

  Reply # 147095 12-Jul-2008 12:49
Send private message

As far as the law is concerned, it is illegal to intentionally access any computer system that you have not been authorised to access. Gets a bit tricky there as to whether it is 'unintentional' if your computer automatically connects, but that would come down to how YOU configured your computer to behave, and what YOUR level of understanding is (eg if you configured your computer to always connect to any available network and you understood what you were doing then it would probably be considered intentional). http://www.legislation.govt.nz/act/public/1961/0043/latest/DLM330430.html?search=ts_act_crimes#DLM330430

Whether you could say the advertisement of the SSID of an insecure network gives authorisation... I doubt that'd hold up, in your case especially given your knowledge of how the system works. Its a little bit different to the open window case because you are broadcasting a signal that is designed to advertise and give access to your system.

As far as ethics are concerned, depends what ethical stance you subscribe to. On the one hand, accessing the network simply to check and email or a small number of web pages will negligable reduction in the 'happiness' of the network owner, where as it would probably give you a not-negligable increase in your own 'happiness', so it is ok.

However, an alternative viewpoint would say that if EVERYONE did that, there would be significant detriment to the network owner, therefore no single person should do it for the sake of prevention of the mass effect.

Going back to the open window thing. If you could easily get away with putting your hand thru that open window and taking something of little value to the owner, but of reasonable value to you, would you? Or would you say no because it would be highly detrimental if everyone followed your actions.

If you are a member of various organisations such as the ACM or similar you would probably be bound to a code of ethics which prohibits it, assuming you want to uphold that code.

As tony points out, you are not likely to be taken to court for a small amount of web browsing even if you knew what you were doing was illegal, unless it caused significant damage. If you were to start accessing or disrupting systems on that network, or intercepted/copied data without authorisation, then you could quite possibly be in trouble if caught.

As far as telling them, Its just the same as any other situation that could lead to criminal activity. The open window example is good. If you are the type of person that would let someone know that they're (probably unkonwlingly) vulnerable, then tell someone. If you think that kinda thing isn't your problem and they should learn the hard way, dont. I say that if you would like to be told about things like that yourself, then you should extend the same courtesy to others. You're only really legally obliged if it would lead to serious injury or such in which case you would be considered negligent if you didnt take reasonable actions.

Some people are defensive and will take your being a good samaritan as an attack on their judgement, others will appreciate it.

10% of people will always steal. 80% of people will steal if they are certain beyond reasonable doubt that there will be no punitive consequence. 10% will never steal on principle.

90 posts

Master Geek


  Reply # 147312 13-Jul-2008 09:28
Send private message

logicalit: I never asked if it was illegal

True, but I was responding more to some of the other posts rather than directly to your original question.

To make the connection back to ethics, there is a close relationship between what is legal and what society considers ethical.  Our laws are essentially a codification of our collective ethics.  Therefore, in a general but imperfect and sometimes distorted way, illegal = unethical.  As an aside, the opposite isn't always true, that is, legal <> ethical.

As for your question of would I tell someone that their network is insecure, well that depends on the circumstances.  If I know them, then yes.  If they are a stranger, then generally no.  Why not?  Because unfortunately my estimate of the odds of being abused are too high.  While some people would respond with "Oh, I didn't realise.  Thanks for telling me", many people would respond with "*&#% off, mind your own business".

Doing the personal risk/reward math, the small reward I get from trying to help is outweighed by the risk of getting a negative response.  Maybe if I could tell them without risking the negative reaction, then I would.  Perhaps an anonymous note?  Such an approach would be closer to the classic altruistic ideal (no expectation of an reward), but it seems a little suspect in a blackmail/ransom note kind of way.

Given that the "don't get involved" approach is common in our society, it appears that the math points to the same answer for most people.  YMMV.

90 posts

Master Geek


  Reply # 147316 13-Jul-2008 09:46
Send private message

logicalit: If I trucked up to your door and told you I'd managed to connect to your WiFi from the Cafe next door, would you be happy to be told, or tell me to _____ off?

I have a wireless network which I've put some effort into making secure.  But I'm certainly no expert in network security, and I'm aware that the wireless security isn't impenetrable.  If you told me how to improve my security, then I would be appreciative.  If you just raised my anxiety level, then I wouldn't be so welcoming.

6030 posts

Uber Geek
+1 received by user: 156

Trusted

  Reply # 147318 13-Jul-2008 09:54
Send private message

As for your question of would I tell someone that their network is insecure, well that depends on the circumstances.  If I know them, then yes.  If they are a stranger, then generally no.  Why not?  Because unfortunately my estimate of the odds of being abused are too high.  While some people would respond with "Oh, I didn't realise.  Thanks for telling me", many people would respond with "*&#% off, mind your own business".


Which is exaclty what happened to me, what I find odd is these folk that rang up and abused me after I offered at no cost to secure their systems (an accounts office ffs) still had their AP open two months latter. If I were a customer of theirs and new that a potential of my tax returns and bank account details were out there for all to see I would be taking serious legal action. I am not saying that access to their accounting system would be easily possible, but if they are dumb enough to not secure their network who knows what protects that next layer, a root login called admin with a password admin :)

My reason for doing a scan of local APs as a cafe owner had asked me to deploy a Tomizone HotSpot for him, after I pointed out that his customers could get access for free from open APs from his cafe he decided not to go to the effort.

Cyril

297 posts

Ultimate Geek

Trusted

  Reply # 147322 13-Jul-2008 10:16
Send private message

Bit OT, but I'm surprised that AP manufacturers dont make more of an effort to curb the proliferation of insecure networks in consumer devices by enabling security by default with a randomly generated key, or by disabling wireless by default and requiring the user to enable it and choose both a wireless and admin console password.

Or some kind of first-run catch-all portal page that requires them to do all of that with some barrier for using insecure settings (eg hidden in an advanced section) before allowing access to the network. Or even better, a catchall page that repeatedly reminds them that their network is insecure with a stern list of the risks unless they accept a warning and disable it.

181 posts

Master Geek


  Reply # 147915 14-Jul-2008 21:35
Send private message

I recall a large department store who had a open AP. Router had a default password. view-source found there ISP username and password. DHCP lists help find several printers, also with default passwords...

Yet these are the people that sell hundreds of AP's etc...

Bad.

1200 posts

Uber Geek
+1 received by user: 3

Trusted

  Reply # 147927 14-Jul-2008 22:33
Send private message

 

I used to be all high and mighty and try to help businesses, and warn them and then got busy with life and such.

 

Now I just find it handy in a pinch when I really need to clear e-mail or check something and someone has politely left their AP open. 

 

My rule is to be polite like your in a DoC hut, don't damage their network and don't use a lot of traffic, and mentally thank whoever left it open so I could get that data in a pinch. 





Tyler - Parnell Geek - iPhone 3G - Lenovo X301 - Kaseya - Great Western Steak House, these are some of my favourite things.



74 posts

Master Geek


  Reply # 147941 14-Jul-2008 23:10
Send private message

Well...

I had an interesting day....  I figured out who the outfit was with the large network with open AP from their ADS domain name.

(nbtstat -a on one of the 2003 servers that responded to an nmap pingscan, for those who don't know networking 101).

Rang their reception and asked for the IT department....

After a bit of waiting spoke to a nice chap who was mortified to know that they had an open AP on their LAN.  I gave him the IP&MAC of the AP, and it was offline within 10 minutes. 

He offered me a beer, and I may get some business out of them in the future.  Win/Win.

In the scheme of quitting while I'm ahead I think I'll not bother with any of the other ones, unless I stumble on another large network that is open.

Cheers, Chris H.

1206 posts

Uber Geek
+1 received by user: 139


  Reply # 147954 14-Jul-2008 23:43
Send private message

tonyhughes:

If I leave my car in town, with the drivers door open, and the engine running, with no sign saying "please don't steal me", and you take it, then yes my son - you will face a judge.



Mmmm, I think you're drawing a tenuous comparison, for the simple reason that you're not putting up a flashing neon sign saying "car here, get you're driving from me".  An access point does just that, it broadcasts an SSID right to you which effectively says "hey buddy you want internet, I gots you some internet right here, connect to me, I'm stronger, better, faster than any other AP around".

I'm not saying it's right or wrong, just that your comparison may not be all you wanted it to be.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


80 posts

Master Geek


  Reply # 147958 15-Jul-2008 00:05
Send private message

I look at it this way: if someone leaves their AP open it's up to them to secure it, if they wish to do so. And, if they don't want to have it open, then they'll have to learn the hard way about security. There are been several private AP's in my area that have been hit by teenagers with laptops - sometimes racking up a $20+K bill for the owners. Money mouth

 

I've taken advantage of unsecure AP's around my neighborhood as well. However, I never, ever, do massive downloads from them - I just browse the web a little, if I need to, and move on. As for my own AP: it's locked down as tight as I can possibly make it. And, it's been that way ever since I first brought it online.  Cool


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone TV — television in the cloud
Posted 17-Oct-2017 19:29


Nokia 8 review: Classy midrange pure Android phone
Posted 16-Oct-2017 07:27


Why carriers might want to embrace Commerce Commission study, MVNOs
Posted 13-Oct-2017 09:42


Fitbit launches Ionic, its health and fitness smartwatch
Posted 12-Oct-2017 15:52


Xero launches machine learning automation to improve coding accuracy for small businesses
Posted 12-Oct-2017 15:45


Bank of New Zealand uses Intel AI to detect financial crime
Posted 12-Oct-2017 15:39


Sony launches Xperia XZ1, a smartphone with real-time 3D capture
Posted 11-Oct-2017 10:26


Notes on Nokia’s phone comeback
Posted 10-Oct-2017 10:06


Air New Zealand begins Inflight Wi-Fi rollout
Posted 9-Oct-2017 20:16


The latest mobile phones in perspective
Posted 9-Oct-2017 18:34


Review: Acronis True Image 2018 — serious backup
Posted 8-Oct-2017 11:22


Lenovo launches ThinkPad Anniversary Edition 25
Posted 7-Oct-2017 23:16


Less fone, more tech as Vodafone gets brand make-over
Posted 6-Oct-2017 08:16


API Talent Achieves AWS MSP Partner Status
Posted 5-Oct-2017 21:20


Stellar Consulting Group now a Domo Partner
Posted 5-Oct-2017 21:03



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.