Australian Police To Go Wardriving, Telling People To Lock Up Their WiFi
from the but,-why? dept
Last fall, we wrote about some plans by the police in Austin, Texas to go wardriving to find open WiFi networks and pressure people into locking up those networks. After a bunch of people got upset about this, noting that open WiFi isn't a crime, the police backed down. However, it appears other police don't have any such qualms. As pointed out by Slashdot, police in Queensland, Australia are doing a similar wardriving campaign. The official announcement of the program greatly exaggerates the risk here:Detective Superintendent Brian Hay said police have identified a large number of homes and businesses within the greater Brisbane area with wireless connections that are not secure or have limited protection. These people may as well put their bank account details, passwords and personal details on a billboard on the side of the highway.Except that's really not necessarily true. Banks and most sites that require passwords have long known to make use of SSL encryption. It's not perfect, but it's not posting your password on a billboard on the side of the highway by a long shot.
“Unprotected or unsecured wireless networks are easy to infiltrate and hack. Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud.”That could be true in some cases, but it's not absolutely true, and plenty of people can be perfectly safe using open WiFi with a few common sense precautions. It's sad that the police would exaggerate like this.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: australia, security, wardriving, wifi
Reader Comments
Subscribe: RSS
View by: Time | Thread
I would love that
ME: Great you can do that for me right?
Cops: Nothing to see here we will just move along now.
[ link to this | view in thread ]
Crime Rates
Hopefully the cops won't take up being on the 'supply' side as well.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
The More Likely Risk ...
[ link to this | view in thread ]
Except that's totally fucking wrong. Open wifi is open communication. And maybe, just maybe, I have it open for a reason that's none of your business, officer.
Now get the fuck out of my office. NOW.
[ link to this | view in thread ]
[ link to this | view in thread ]
If you have an open wireless, chances are equally strong that they still have the default admin password on the device as well. What does that mean? Well, it's easy enough to change the DNS servers to point somewhere else, creating your (greatly feared) man in the middle attack. You could also gateway all the traffic, and look at it that way as well.
While it's a pain to do it one wireless at a time, I am sure that a "crowdsourced" wi-fi hack could get tons of people onto an alternate DNS system very quickly in most cities. Let's break the internet!
We won't even mention the potential of shared network drives, open computers, and the ability to install viruses and such.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: :eyeroll:
In short: nuh-uh!!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: :eyeroll:
[ link to this | view in thread ]
Re: Re: Re: :eyeroll:
I'll keep that in mind though--thanks.
[ link to this | view in thread ]
Re: Re: :eyeroll:
On the bigger point, I agree that people taking "proper precautions" have less to worry about but the reality is that most people leaving their wireless network open don't know how to take the proper precautions and therefore they are at greater risk anyway. I don't know if I think it's a wise use of tax dollars to have the cops going around scanning for open wireless networks, unless they have some information that shows that there is a lot of cyber crime which could be prevented by doing so. I doubt that is the case.
Another small point is that I had a new neighbor move in a few months ago and a few weeks ago I got a new cellphone which I was setting up to use my (secured) wireless network. I could see that "mikes" SSID was showing up as an open network so I just happened to mention it to him the next day. It was his first wireless router and he had no idea about the security setup so I helped him do it and he was pretty grateful (to the tune of 3 or 4 beers on his patio). Not everyone is going to feel offended when offered a suggestion to secure their network.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Give the police a break!
[ link to this | view in thread ]
Re:
Doing something like what you're talking about is a computer hacking crime. Allowing someone to communicate should they fall into range is not.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Give the police a break!
The police do not deserve breaks, they deserve education.
[ link to this | view in thread ]
Re: Re: Re: Re: :eyeroll:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
It's the neighborly thing to do, you know?
[ link to this | view in thread ]
Mostly right
Heck there are even viruses that spread this way.
More than likely though you can get bank info indirectly... many email accounts, especially businesses are insecure and use POP/IMAP or SMTP without SSL. It's pretty much the norm for small businesses using shared webhosting to get @yourdomain.com email addresses. Needless to say, sniff and gain access to the email address, and that's effectively key's to the kingdom.
Bottom line: don't use insecure WiFi if you care about your security.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Its the MAFIAA again!
[ link to this | view in thread ]
Re: Re:
Dual hotspots, one on the public internet, one behind a NAT firewall.
That allows guests, neighbors, and people strolling by to make use of my wifi if they wish.
I do live in a rural area, however, and don't expect much abuse - if it ever becomes a problem, I'll use QoS to throttle it.
I really wish it was easy to have an open hotspot which is also encrypted. This would prevent random individuals from snooping traffic from other random individuals.
[ link to this | view in thread ]
Don't they have anything better to do?
No, what's sad is that a bunch of violent crimes will go unsolved because cops are wasting time checking peoples wi-fi!
[ link to this | view in thread ]
security
[ link to this | view in thread ]
Re: You know, for a smart guy Mike, you often seem to miss things.
2) Your point is stupid anyway.
[ link to this | view in thread ]
[ link to this | view in thread ]
A: Use devices that either don't support encryption or don't work well with encryption (unfortunately, this is a very common problem. The Microsoft Zune, among many other devices, don't properly support wifi encryption. They either forget the password often or it's difficult to insert the password or it just won't work if the password is too long or complicated, they just barely support WPA just enough to advertise that they do on the box but it doesn't work well)
B: They're technically clueless
For A: most new routers have a button that lets you turn on and off wifi, the older ones require you to login through the web interface which is too much of an inconvenience for most.
and people who buy a device that advertises WPA support and doesn't work well with it should either demand the manufacturer fix the problem (via an update) immediately (before the return policy ends, obviously, which doesn't give them much time, but hey, if we get a short return policy they get a short time to fix the problem before we return it, it's only fair) or take it back (and sue the heck out of them if the problem isn't fixed and they refuse to take it back on grounds of false advertising).
For B: I do think educating people about their wifi insecurity and the potential risks is a good thing, and letting them decide, but I'm not sure if it's really worth the resources and taxpayer money expended on having the government do it. The service is a good one, but so is universal healthcare and so is a government that gives everyone free housing and free medicine and free cars and free everything, is it worth the cost? Is it the governments responsibility? That's for society and us, as voters, to decide.
[ link to this | view in thread ]
Re: Re: Re: :eyeroll:
I'm Australian, and with Telstra, one of the largest ISPs. I've never purchased or upgraded my modem/router without it being automatically set up with a WPA/password on it. It doesn't mean others don't, but I've always assumed they do.
If Australian ISPs set this up out of the box, wouldn't that mean that those with open wifi have done that out of preference? Or am I just severely confused and ignorant on the matter?
[ link to this | view in thread ]
Re:
Unfortunately, much of what is taught in school is lacking in what is needed in the real world of today. (Public) schools are very slow to adopt new curriculum to accommodate (technological and other) changes in the real world. So, in a sense, we could consider it the governments job to educate people, but I don't think having cops drive around and harassing people with open wifi is the best approach to this end. We should incorporate our educational strategy in our existing educational system.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: You know, for a smart guy Mike, you often seem to miss things.
2) The point is very important - the best hacks are social or "human nature" type things, and that includes not putting passwords on shared directories in a network, leaving your wireless open, and things like that. It's a wide open security problem if you are not careful.
I just think it's funny to read Mike with his panties in a bunch about something in one place, and then glossing over or ignoring the potential in another because it doesn't suit his agenda. (in case you don't know, Mike is pro "open wi-fi", but I doubt his home wi-fi is open... do as I say, not do as I do).
[ link to this | view in thread ]
Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
Why is it that Mike's alleged do-as-I-say-not-do-as-I-do is disallowed but the above confirmed do-as-I-say-not-do-as-I-do isn't, eh?
[ link to this | view in thread ]
Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
In the first case (SOPA, other bad legislation) you have unelected government agents (and/or corporations required to obey them) opening up vast holes in security (and freedom of other kinds). This top-down insecurity would be there despite your best efforts.
In the second you have private citizens, sometimes uninformed, making less-then-optimum security decisions For Themselves. This can be solved with simple information campaigns and is ultimately their responsibility.
See the difference?
and re: human nature "hacks"
I am more worried about the (inevitable) social engineering hack that compromises the bureaucratic machine that inserts itself into the middle of the network then i am worried about the (equally inevitable) social engineering hack that get a virus on Joe Blow's computer.
[ link to this | view in thread ]
Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
I think it's funny that you try and twist every article/thing Mike writes/says into some kind of pro-piracy stance. Despite the fact that he's adamantly against piracy. There are quotes made by him and easily findable attesting to THIS FACT.
Mike isn't necessarily pro-open wifi. He just thinks about things from a logical and reasonable perspective if you ask me. What makes more sense? Cops telling people to lock up their wifi (for the obvious reason, they're not doing it cause they care but because copyright cartels are hammering the point to them and their superiors) or cops actually, you know, solving and preventing legitimate crimes (like actual theft, murders, rape, drug trafficking, etc)?
Also, what you "doubt" and what you "know" are two different things. Unless you have proof that Mike's wifi is not open, it isn't "do as I say, not do as I do" in regards to this article or what he's saying. In fact, it wouldn't be even if it was closed. Mike has the right to leave his wifi open or closed. That's his prerogative. But being told by the police to "secure your wifi" when there is no such law on the books mandating such an action is a bit much. As I said, there are better things they can do with their time rather than waste tax payer dollars to go around doing such notifications.
But hey, keep grasping at straws to paint Mike as some something or other. People really believe the comments you make and the points you point out. [rolls eyes] Have a good weekend Trolly McTrollerson. Maybe Monday you'll get a clue and up your game. Or, you know, get lost. Since you don't like Mike or his "agenda". I know when I don't agree with someone's stance or what they say, I spend all day every day hounding them (like a stalker) and trying to twist things around on them (futilely). It's really the grown up thing to do. It sure beats something like... I don't know... walking away... never visiting a site again... etc.
[ link to this | view in thread ]
Harbinger....
I won't be surprised when such a law is proposed. And what of free public wi-fi then? What about people who don't have a credit card or "credentials"?
[ link to this | view in thread ]
Re:
Strictly speaking, a DNS hijack is not a man in the middle attack. Additionally, I think you meant to say that it would be easy to change which DNS server(s) the gateway looks to for address resolution.
Oh yeah - and wth does "chances are equally strong" mean? Is this some bizarro form of statistical analysis?
[ link to this | view in thread ]
Re: I would love that
[ link to this | view in thread ]
Re: Mostly right
89.9 percent of all statistics are made up on the spot.
[ link to this | view in thread ]
Does anyone know what software they will be using for this task? Also, do they make their own directional antenna?
[ link to this | view in thread ]
The Queensland Police are NOT going to go around fining people, or somehow making them do what they legally do not have to do.
All they are doing is informing the wider community who might not be as technology savvy as they should be that unless they specifically choose to have an open WIFI that it could be a cause for concern.
Also they will be educating people on the uselessness of WEP encryption (most Android phones can decrypt WEP in under 5mins now).
It is part of a National Consumer Fraud Week campaign and not some sinister plot by some nefarious authority to tell people what they can or cannot do.
In Australia we have numerous campaigns like this at the state and federal levels and the community likes and supports them, and their are NO civil liberty problems with them.
[ link to this | view in thread ]
Re:
They will be mostly using WIN and *nix systems with commercial antennas. Knowing QPS I'd even guess they might have some hand held scanners (ie:Android systems).
and if they Find an SSID they find offensive they wont do anything since most "offensive ones" are from people who are normally tech savvy in first place.
Mine is "FRED_Unwired" at home.. FRED = Fucking Ridiculous Electronic Device
[ link to this | view in thread ]
Re:
This could be contributing to the concern...
http://boingboing.net/2012/03/22/australias-government-wont.html
[ link to this | view in thread ]
Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
+ 2 lickspittles and a pat on the head.
[ link to this | view in thread ]
Re: Mostly right
Well... duh
The question is how you legislate this kind of knowledge. The basic answer is: you can't. Even if people with insecure connections "secure" them, they're likely to pick WEP encryption or easily guessed/hacked passwords so you're back to square one, only with an added false sense of security on the user's part...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
But, hey, why let facts get in your way of another pointless personal attack, right?
[ link to this | view in thread ]
Credit
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
It's nice to see how you ACs seem to not be able to understand that some people want facts and evidence that back up your unsubstantiated claims. I see "Mike says one thing and does another" yet no proof being offered to back that up. Which I pointed out.
I also pointed out that if I have a problem with someone, I do the adult thing and avoid them entirely, rather than act like a child/stalker and keep coming back for more and hurling insults/"ha! got ya!" like remarks day in and out.
It's okay, I know you're a troll and your comment was the best you can do in general. I wouldn't expect an adult like reply from you. Do run along now. [doesn't pat you on the head, because he might catch your stupidity]
[ link to this | view in thread ]
Re: Re:
SOPA/PIPA and IP/Copyright review has no relevance whatsoever to what the Police are attempting as an educational campaign in regards to the Fraud, Phishing and unauthorised usage that can occur by people unknowingly allowing their WIFI connections to be unsecure.
I guess its a difference in both our countries cultures.. For example we agree on the following that the US doesn't in regards to Govt and LEOs
* major advertising restrictions on alcohol
* mandatory (and criminal sanctions) on wearing of vehicle seat belts
* NO advertising of tobacco products in any way
* Tobacco products have huge warnings (graphical imaging too) on packaging
* We had major AIDS advertisements in 90's that scared everyone into practicing safe sex. ie: Wear condoms
* Our kids are actually taught sex education from a early age in state schools
* Educational campaigns by LEO's and Governments are asked for constantly and the governments actually spend a lot of time, money, and resources to mostly get them correct, unbiased, and relevant to the situation. Minority gorups like Religions etc be damned.
It's not always a conspiracy here, though I agree the situation with the FOI and secret talks with ISPs/Industry is of a concern, I am actually pessimistic that it will all come out in the end since people like myself (who played a role in bringing down the last idiotic *AA attempt at litigation by Media Rights Group in Australia - I'm the Thompson in the article) are constantly looking over their shoulder in both a professional and personal manner. ie: We try to keep the bastards honest. I said try! ;)
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
What gets pushed around here? Open up your wireless and making things insecure.
Move to a "darknet" and make things insecure.
Use alternate DNS system and make things insecure.
All this to avoid, ready, the POSSIBLITY that SOPA might have made things insecure.
The cure is worse than the cause, but there isn't much angst and anger to be had railing against people trying to break the internet (by breaking the DNS into "alternate" DNS systems).
As for "Trolly McTrollerson", all I can say is that all I am doing is providing Mike's views back all the in the same place. I feel truly sorry for you if you aren't able to think for a minute and realize the contradictions in his views.
Oh and for you, while the job of Mike's bidet is taken by Marcus, toady is still open. I guess that's your job now.
[ link to this | view in thread ]
Re: Re:
The alternate is to change the gateway entirely, but that would mean all traffic would go through the new gateway, which is less desirable, just from the standpoint of volume.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
Nor has it been said, "move to a "darknet" and make things insecure". What has been said is that censorship and abuse of power by those wanting to control information WILL lead to such a move. But it's not advocated for or recommended, just merely pointed out that it will be a reaction to such actions (as previously stated).
Ditto the DNS system. You do this, people will do this. Thus creating insecurity in both systems because of measures being advocated and lobbied for in the interest of a select few, at the expense of the many.
And yet again, you're overlooking the part where the people who created the internet, the security experts who work with the DNS system on a daily basis, etc all said SOPA WOULD HAVE made things insecure. Not possibly. Not maybe. WOULD HAVE. They presented facts and evidence attesting to the fact.
And it was ONLY after the public uproar (not led by Google) that the DNS bits of SOPA were removed. But it should be noted, removed is not the same thing as COMPLETELY TAKEN OFF THE TABLE. They were merely taken away, for the time being. To possibly, although "most definitely" would be the more appropriate term given those behind this, be implemented at a later date.
"The cure is worse than the cause", interesting choice of words. That perfectly describes SOPA and such measures to combat piracy. They're not actually stopping the problems or eliminating the reasons for why piracy exist, as has been noted before it is a service problem and an unwillingness to meet consumer expectations or move forward with the times and technology.
You are doing everything but providing Mike's views back in the same place. You're portraying Mike's views only insofar as you think they are and going "aha! got you Mike!" Which is not at all the same thing. I've yet to see any contradictions in his views, but as I said, present some evidence. Not what you think or feel he's saying/doing. Actual verifiable proof. Otherwise, you are acting like a "Trolly McTrollerson".
Also, I have several jobs, so toady or bidet I can pass on. As I stated once already, I'm not a Mike fan. But I do call out stupidity/incorrect information when needed. Be it against Mike or trolls such as yourself. If Mike's wrong or I don't agree with him I'll say so. But as far as this article and what you're saying goes, the only one who's wrong here is YOU.
It must suck to be openly called out for being full of shit. It must also suck hating someone and their views so much that you can't get enough and obsess over them as much as you do. There are professionals who can help you with that, if need be they can provide medication to further aid with the obvious mental issues you appear to have. Do seek help, for your sake as well as ours. There's enough loonies in the world already, don't add to their number (as obviously "too late" as that is).
[ link to this | view in thread ]
Re: Re: Re:
Sure, I suppose you could. But lacking proper credentials, changing configuration of a well secured DNS server is no small task. For example, I imagine Google protects their DNS servers rather well. Where do you point your gateway - or maybe you run your own DNS?
"most easily achieved at the router level by changing the DNS servers... thus creating a man in the middle type deal."
Changing the address of what DNS server the gateway looks to for address resolution is not a man in the middle attack.
[ link to this | view in thread ]
Re: Re: Re:
How would that work - exactly?
[ link to this | view in thread ]
Re: Re: Re:
The issue is silly. In this review of the top ten wifi home gateways:
http://wireless-router-review.toptenreviews.com/
FOUR of the 10 routers offer what they call a "guest network" (under the "Security" heading). This is actually a security feature that allows users to segregate guests from their own LAN.
The guest networks are normally separate SSIDs and login credentials, which allow guest and public access to the Internet, but not the users's computers or Internet traffic.
And, yeah, I have one and leave it open. Before this was an available feature, I had a separate wifi router that I used for guests.
This police policy is stupid, misguided, and bucks 2 general trends towards securing one's personal wifi, and overall more available open wifi.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
So what you'd get out of such an attempt would be the usual mish-mash of poorly understood concepts and knee-jerk stipulations that have little to do with real security and make it harder for genuine uses. E.g. most hotels and other "guest" uses are unencrypted but use a portal-type authentication to use the service. Can you see a law coping well with the concept of network segmentation? I can't.
[ link to this | view in thread ]
Re: Re: Re:
No, this is not at all what I am suggesting.
A: It will lead to all sorts of compatibility issues, especially backwards compatibility, but compatibility in general. Encryption is already a mess.
B: Someone may wish to broadcast a LAN in the open for anyone to access, a LAN that has no access to the Internet, perhaps because they put data on a network drive that they want anyone to be able to access. It could be for an event where information about the event and videos are available, there could be all kinds of non-infringing reasons for this.
C: Businesses and some people may have negotiations with their ISP's that enable them to share internet connections with the general public.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
Change the DNS server addresses on the router and you could point at a different malicious DNS server that for example happens to define "whatevermybankis.com" to point at an address that's actually a pass-through proxy that'll capture the traffic on it's way to a legitimate website. Yes it's not quite that simple - certificates etc - but it's a faily powerful attack vector.
Of course, none of that has anything much to do with open wifi as such as we're talking about a router change, which is a completely different thing as you rightly pointed out.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
http://www.techdirt.com/blog/wireless/articles/20100611/1234429783.shtml
In fact, there are plenty of stories on Techdirt about open WiFi (particularly because his co-workers at EFF are very supportive of the idea). As always, Mike uses a few nice qualifying terms to let him weasel out of things, but in the end, he likes open WiFi. He tends to agree with EFF that an opwn WiFi is some sort of service provider, and thus not liable for what happens on the connection. So why not?
He glosses over the fact that inviting someone into your network on THIS side of any firewall is a very insecure idea.
"And yet again, you're overlooking the part where the people who created the internet, the security experts who work with the DNS system on a daily basis, etc all said SOPA WOULD HAVE made things insecure."
Actually what was said was that SOPA *might* harm the current iteration of DNSSEC, which is a system which isn't widely used, and wouldn't be able to be used universally anyway because plenty of countries already have exception lists, DNS redirects, and the like in place.
Pushing people off onto "off brand" DNS systems, with little or no oversight or control is many times worse than dealing with the current system that we have, which is what SOPA would have left us with. People seem to forget that small point.
""The cure is worse than the cause", interesting choice of words. That perfectly describes SOPA and such measures to combat piracy."
SOPA wasn't just about piracy, at least not in the music and movie piracy way. It was about companies operating offshore to avoid US law, and purposely selling otherwise illegal products into the US, including pirated and counterfeit goods. The hiding illegal businesses offshore deal is a real issue, and something that will have to be dealt with. Because the speed that many countries deal with these things are VERY slow (if at all), the US is sort of in a position to have to take action at the levels it controls to try to solve the issues.
"You are doing everything but providing Mike's views back in the same place. You're portraying Mike's views only insofar as you think they are and going "aha! got you Mike!" Which is not at all the same thing."
I point out when Mike's views don't add up. I bring them back, and say "look, you can't have it both ways". His response generally is dismissive, pointing sometimes to weasel words used, or when really caught, to try to insult me personally.
A couple of guys with laptops, a car, and decent wireless equipment (like an external antenna on the car) could wander around town, modify wireless units, and quickly set up a pretty solid man in the middle attack system without anyone noticing. Don't you think that is something to be concerned about?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
Open WiFI != Insecure network.
I have open WiFi on my home connection and it's very secure thankyou.
And:
2 (obvious) things on this one:
1/ Open WiFI != to insecure wireless access point. Conflating the 2 is either deliberately obtuse or you have no clue how the technology works. and
2/ If they are skilled enough to set up such an attack then a "secured" wireless connection is going to present little more challenge than an open one.
[ link to this | view in thread ]
Re: Give the police a break!
Ever tried it? In a corporate environment where the senior management theoretically cares about data security it still takes months if not years to change insecure behaviours and that takes regular attention. Wandering up to the door and saying to someone who knows nothing about computers "Oh you should have a password on your WiFi" is very firmly in the "Window dressing and pointless waste of police time and taxpayer money" category.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: You know, for a smart guy Mike, you often seem to miss things.
"Finally, a side note, because this has come up before from commenters who think that I'm being inconsistent: supporting open WiFi does not mean that you support individuals not protecting themselves when using the open WiFi. In past threads, it was suggested that supporting open WiFi while pointing out how silly it is for people to complain about their own poor security habits was in disagreement. It is entirely reasonable and consistent to support open WiFi (at the access point level) while suggesting that individuals (at the user level) encrypt their own data. In fact, that's quite a useful situation: more open WiFi, but security at the user level, is really a situation that works best for everyone."
So, from what I read in that article you linked to, that DID NOT AT ALL support any of what you're claiming against Mike, is that the use of open WiFi was illegal, but setting up open WiFi, in Finland at least, was perfectly okay. With Mike commenting on it, then pointing out that there's nothing wrong with having an open WiFi access point, but if you're going to do so, there's nothing wrong with making sure you're secure.
"He glosses over the fact that inviting someone into your network on THIS side of any firewall is a very insecure idea."
No, he doesn't. At all. He says in that same article that you can have open WiFi, but "encrypt your own data". I.e. make sure YOUR stuff if safe, if you do decide to do so (have an open WiFi connection that is).
"Pushing people off onto "off brand" DNS systems, with little or no oversight or control is many times worse than dealing with the current system that we have, which is what SOPA would have left us with. People seem to forget that small point."
No one was pushing anyone onto "off brand" DNS systems. Which is a point you seem to be thinking Mike was making. It wasn't. Mike merely pointed out in a few SOPA related articles what would potentially happen if the U.S. can do as it wants and force censorship to become commonplace. People would move onto other DNS systems. Think of it like this. I'm going to put it very simply, for you. You're a business owner. You run a restaurant. You act like a douchebag. Constantly. I get tired of your stupidity and rudeness and thinking you can treat your customers as you please. I take my business to the place down the street that serves up a much broader menu, at the risk of knowing it may not be as clean. That's my choice. But a choice, acted upon due to YOUR actions. Perfect 1:1 example? No. But it's as simple as I can make so you might understand. No one is promoting going to other DNS systems. Such systems MAY be insecure. Emphasis on MAY. But, it will happen and people will move to avoid such totalitarian control on the part of one country and a few special interest groups.
"SOPA wasn't just about piracy, at least not in the music and movie piracy way. It was about companies operating offshore to avoid US law, and purposely selling otherwise illegal products into the US, including pirated and counterfeit goods. The hiding illegal businesses offshore deal is a real issue, and something that will have to be dealt with. Because the speed that many countries deal with these things are VERY slow (if at all), the US is sort of in a position to have to take action at the levels it controls to try to solve the issues."
SOPA was specifically about piracy. Trying to throw in the counterfeit good portion was BS. There are already laws in place to deal with such things. You say Mike uses weasel words, you and the people you support do the same (if not more so than anyone else). Be men, stand by your position. Don't be afraid. We get it. You hate piracy. So just be up front about it. SOPA WAS about piracy, pure and simple. Anything else was just thrown in to say "nuh uh... but counterfeit goods..."
The long and short of it is the U.S. is not the world. It might be a big part of it in some ways, but the other countries can decide for themselves what laws they need or do not need and what is or isn't illegal. "They act too slow." Boo fucking hoo. That's their prerogative. Let them deal with whatever is taking place IN their country and we'll do the same. Overreach wins you no friends and turns the ones you do have on you. The people were complacent up until SOPA. The minute they realized the internet, which is a world thing and is great at the moment in it's openness was under attack, they let it be known they wouldn't stand for such a thing. Look what happened. SOPA shut down, for the time being.
"I point out when Mike's views don't add up. I bring them back, and say "look, you can't have it both ways". His response generally is dismissive, pointing sometimes to weasel words used, or when really caught, to try to insult me personally."
No, again, you don't. You try and point out when Mike's views don't add up, and go "aha!" That's what you constantly do. Mike has called you out on this and so have a number of others, myself included. Mike doesn't want things both ways, in regards to anything. But you try and conflate his position on one thing with his position on something else and, again, say "aha! but what about your previous stance on THIS Mike?!" That's what you do. I've seen him ask you, assuming you are who you obviously seem to be, for proof of this or that or to explain yourself and you weasel word your way out of it as well. You expect more from Mike than you're willing to offer of yourself. And it is for that that you get called out and insulted. Besides, if you don't want to get personally insulted, maybe you should stop acting like such a troll/jerk. You're personally taking shots at Mike and what he says and saying "weasel word his way this and that". Guess what? That's you making personal insults, although you try to make it appear like you're not. Essentially insulting someone, but weasel wording your way through it so it doesn't seem like you are. As I said, you're either trolling/obsessing/etc. But you're in no way acting like an adult/reasonable/respectful/logical.
"A couple of guys with laptops, a car, and decent wireless equipment (like an external antenna on the car) could wander around town, modify wireless units, and quickly set up a pretty solid man in the middle attack system without anyone noticing. Don't you think that is something to be concerned about?"
No. As someone else said, those same couple of guys could do the same thing to even a secure connection. I don't see you acknowledging or even pointing out that. Maybe we should do away with WiFi entirely, since you're so concerned about the safety regarding it and man in the middle attacks. Heck, I can launch a man in the middle attack FROM MY CELL PHONE. And do so to secured connections easily. Maybe we should warn of the perils of people with smartphones. Everyone, for the most part, has one. Heck, there's millions of potential man in the middle attacks from that alone.
Either way, you're overlooking the important part, yet again, where the police are wasting time telling people to close their WiFi when they could be solving real crimes. And doing so, just to attack Mike's positions/statements. Not because it appears you care one way or another. Because if you did, you'd acknowledge my previous bit and be calling for a flat out end to WiFi in general. If you're so concerned and worried about the safety of other's information that is.
[ link to this | view in thread ]
Re: Re:
It just says "I'm not giving you direct entry here", as opposed top open that says "Come get your network connection here".
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
According to word I have 11,100 pages of flat text (and of course my password is encrypted somewhere in there) I *can't fit* that on a billboard.
[ link to this | view in thread ]
Re: Re: Re: Re:
I just happen to have 4 linksys WRT54G's , one of which I bought years ago, and 3 that were given to me by friends who bought N-routers to replace them. 5 minutes to flash each one with DD-WRT, and...voila!
[ link to this | view in thread ]
Re: Re: Re:
Whats up with that Mike, It's not like it was a weekend and you all have Lives outside of Techdirt or something.. I mean sheesh.
*runs now*
[ link to this | view in thread ]
Canadian doors...
[ link to this | view in thread ]
Re: Canadian doors...
[ link to this | view in thread ]
We know most end users don't have a clue about setting up security on their systems, including their WiFi and only the Geeks and Techno know and understand how to set it up to create security whilst still being able to allow others to make use of their WiFi.
Maybe the Police are trying to get the point across that these days, the burglar doesn't need to enter your home to steal all your personal information if you are leaving a 'Digital' door open?
[ link to this | view in thread ]
[ link to this | view in thread ]
Response to: Anonymous Coward on Mar 23rd, 2012 @ 3:17pm
[ link to this | view in thread ]
and whats yout POINT
[ link to this | view in thread ]
and whats yout POINT
[ link to this | view in thread ]