back to article Broadbandit nabbed in Wi-Fi bust

A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else's Wi-Fi. Local rag The Richmond and Twickenham Times reports that the 39-year-old man was spotted on Tuesday morning working outside a house in Prebend Gardens, in leafy Chiswick. After admitting using …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Collared?

"A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else's Wi-Fi."

Sorry to be picky but Police Community Support Officers (PCSO's) have no power of arrest. If he was taken down to the station it would definitely have been by a constable.

Gentlemen, start your flames...

0
0

Surely

*Having* an unsecured Wi-Fi network should be the offence, not pointing it out to someone by using it.

0
0

What a load of...

BALLS. How is some thick copper going to even know how you are accessing the web? What if you have an internal 3g modem, or what if your just editing something in word? This seems totally ludicrous. What about all the gits out there with high gain antennas who can use wifi from the other end of a street let alone the house next door. This article is just to scare people, dont be afraid.

0
0

asking permission

I wonder if a case could be made when using open networks that you've asked and received permission to use them.

surely the act of your computer sending out a DHCP request can be considered as a request to make use of the service, and the router's DHCP reply could be considered as approval, along with the details you need to gain access?

for people trying to crack WEP/WPA passwords, then I agree, that's going to far, but I would imagine an enterprising lawyer could make a case for using an open network with the above... am I wrong?

The owner of the router may not have approved you explicitly, but his equipment has done so on his behalf.

0
0

Check, and... mate

You Brit's are amatures when it comes to getting arrested for stealing bandwith. In Toronto, we go all out:

"In Toronto, a man was arrested with a WiFi-enabled laptop in his car - and his pants down. He was tapping into unprotected wireless networks. Ultimately, however, he was charged not for that, but for the child pornography he was in the process of downloading."

0
0
Anonymous Coward

Daft law...

It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet.

If someone leaves a wifi point open, and I'm a bit lost, am i going to pay a fortune to pull up google map slowly on my PDA via my bluetooth phones gsm connection, or am I going to jump onto the open wifi and pull up the map in a couple of seconds... I'm gonna use the open wifi aren't I!

If it doesn't have a lock on it (encryption) and doesn't have a keep out sign SSID=BuggerOff, how are you supposed to know it's private, and not just a free community hotspot?

Hopefully plod doesn't know much about mobiles, and my N95 will be a good covert wifi pinching tool for a few years.

0
0
Anonymous Coward

'Police Community Support Officers'

"This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people's broadband connections."

Actually he was arrested by 'Police Community Support Officers' and it wasn't in response to a complaint, they were walking around looking for people to arrest. There's no indication they even bothered to ask the WiFi owner if he minded.

It's best to stay in doors when that lot are walking around, if it wasn't him, they'd have arrested someone with a careless sprinkler, or the owner of a dog without a leash or something.

0
0

Open wireless connections

David Haworth seems to have openly spotted the flaws in the argument.

Open wireless connections are "public" in my view. Breaking a password or encryption system is the standard for it to openly qualify as misuse.

I leave my wireless connection open and fence off the rest of the network. I really don't mind if some yuppie in the pub down the road wants to send a few emails.

Besides, it gives me an excuse for all my porn downloads "it was my open connection officer"....

0
0

Waste of police time

Is this really a big problem ?

Can the police not be charged in this case for wasting their own time ? I'm sure people would rather they tried to catch some burglars or rapists rather than nicking a bit of bandwidth from some numpty who failed to protect it.

Having one's unprotected Wifi nicked isn't like leaving your door open and then finding all your stuff gone. This is like leaving your door open, having someone come in, sitting on your sofa and watching your Sky for a bit before leaving.

0
0
Anonymous Coward

Huh?

"Using even an unsecured Wi-Fi network is an offence under the Communications Act 2003"

Given that there is no definitive way of telling an unsecured private wireless router from a (deliberately) unsecured public wireless router, I imagine that the "I thought it was public" defence should push it below the "beyond reasonable doubt" threshold.

An unsecured WiFi router broadcasting its SSID is precisely like leaving your door open and posting a big sign outside saying "come on in and look around", and should be treated so in law.

0
0

Re: Daft Law

"It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

Not a very good analogy.

So it'd be alright to plug in your mobile and start charging it from their electricity too?

Just as it'd be alright to use the bandwidth they're paying for, for your own use? Even if they've got a limit

Wander into my house after I leave the door open and I'll arrest you for trespass. You can be charged with that.

0
0

Laptop default settings

With the way this law is worded, doesn't that mean the laptop companies and Microsoft are "aiding and abetting"?

The average MS laptop is setup as default to just jump onto the first network it sees. So the average, non-technical user, turns on the laptop and without them doing anything - the laptop jumps onto the nearest WiFi connection.

So how is the user at fault?

(I have had a client like this.... she had broadband supplied by a big name ISP. They had supplied a non-wireless router. So her conversations with their support were "interesting" as she would access the Internet without ever plugging in the cables.... THAT wasn't on the support scripts. LoL (She was using the unsecured neighbours network without anyone realising))

And what about "town wide" WiFi networks? Brighton has a mad plan to WiFi enable the town... so how does one know when it is a "legal" open network or an "illegal" open network?

0
0
Anonymous Coward

re asking permission

Nice piece of thinking David. Got to say that - given the prominence of the WEP/WPA/WPA2/etc options in the installation notes, (and in some cases in the setup-programs/drivers), a good barrister should be able to claim the "the 'victim' had ample chances to properly secure their network, but chose not to". Hey, there's an idea - countersue the dumba** with the unsecured WLAN for deliberate entrapment!

That said, I've accidentally used someone else's unsecured WLAN in the past - mainly because a neighbours kit was transmitting at higher power than my USR WLAN router, and the (also USR brand) WLAN card in my PC automatically locked onto it, rather than *my* WLAN, (and it was a bitch to stop it doing this). So am I going to have the "rozzers" at the door?

In common with most other of the other posters here, I'd differentiate between using an "open" network (accidentally or otherwise) and break-in to a WEP/WPA protected one. The former is fine (imho) whereas the latter is clearly an illegal activity and therefore one that deserves the full weight of the law against it.

0
0
ian

Better than the ICO

Is this more potential crims than the ICO has ever caught, in its entire useless history?

0
0
Anonymous Coward

how shameful, for the police that is..

This is not like entering someone's house at all. The man was in his own car, using his own laptop. The toy police (PCSO) had no right to search him at all*.

In fact its more like you happen to be overhearing someone's playing their CDs and enjoying the music. How dare you! You didn't pay for that CD, just because the owner had his window open allowing you to hear the music, you shouldn't be allow to enjoy it at all. What a load of bollocks.

I'm still getting 419 Spam, from UK IPs, why don't the police's computer crime squad have a go at doing something about that, instead of looking for easy arrests (no doubt to populate their DNA database) of someone not causing any harm at all.

When I say no harm, I'm referring to using the open WiFi not what ever the person was doing on the laptop, which I'm fairly sure would have benign. If it had been anything more serious we would have heard about it, because the present charge is just too lame and they know it.

*If these guys come up to you, don't entertain them at all, they have no right to search you or even question you, they are there to observe and call in real police if needed. (having said that, get proper legal advice if you need to find out how to deal with these little wannabes)

0
0

Puiblic vs private networks

I'd say it's pretty simple to figure out whether it's a public network or not actually. For one thing, public networks have SSIDs like "STARBUCKS" or "BRIGHTONFREEWIFI", rather than "NETGEAR" or "31SMITHSTREET". But more importantly, if there is a large free WiFi network in your city you'd probably know about it. And there aren't any in the UK that I know of. If you are in a residential street, the networks are probably private. If you are sitting in Starbucks it's probably public. Apply a little common sense, it's not rocket science.

Ok, if you are a non-technical person it's easy to make a mistake, but for a professional to claim "I didn't know" would be a bit much.

0
0
TEQ

@ Adrian

Trespass is a civil, not criminal offence. You can't have someone arrested for trespass (unless it is aggravated trespass), neither can you impede their egress off the property. All you can do is ask them to leave/call the police who will ask them to leave.

0
0
Anonymous Coward

What victim?

"a good barrister should be able to claim the "the 'victim' had ample chances to properly secure their network, but chose not to"

What victim? That law as worded makes the *act* a crime, there doesn't need to be a victim, or even a problem that needs to be fixed. The 'victim' can't even say 'well I'm fine with it' to fix this crime.

It just has to be *unauthorized* for it to be a crime under this law.

In this case the guy admitted he didn't get permission to use it, so he was arrested.

He should have said, his computer requested the connection and was granted it, and then he'd have a defense, because it would be like him selecting a service on his phone and it connecting. He didn't ask permission in that case either, his phone did, just as his computer did in this case.

But the dumb sod didn't realize he needs to choose his words carefully.

There's lots of cases like that, if in doubt say nothing.

0
0
Anonymous Coward

re: how shameful, for the police that is..

sorry, I was getting the story mixed up with some other WiFi bust. He wasn't in his car, just sitting on the wall outside the place (the fool). Apologies if I mislead anyone. My other comments still stand. :)

That'll teach me for not checking out the original story first.

0
0
Anonymous Coward

Open Broadband

London & Norwich now have large accessible WiFi networks. Norwich's is free. This sort of thing is going to cause huge amounts of discussion over the next few years. Although I agree that owners of WiFi routers and AP's should have a responsibility to secure them. If you leave your phone in the street and someone uses it, is that a crime? I secure my network, and alot of manufacturers are doing it as default now, e.g. BT, Orange, Linksys, but many aren't my Netgear router didn't come secured!

0
0

Title

A friend has just found that he has been using his next door neighbour's WiFi, he set his own up 18 months ago and clicked the first network that came up, they both have the same make of access point. It was only when the neighbour WEPed his that the penny dropped.

Personally I have an access point named 3KBSFree which will let you download your email from the street at a whoppingly slow yes, 3KB/S. But hell, free is better than nothing.

0
0

Not true at all ...

"I'd say it's pretty simple to figure out whether it's a public network or not actually. For one thing, public networks have SSIDs like "STARBUCKS" or "BRIGHTONFREEWIFI", rather than "NETGEAR" or "31SMITHSTREET"."

I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi". Whats that all about? Im fairly sure its some default setting from some manufacturer, though ... cos im seeing it everywhere. Mind anyone in the know can spot the difference between a wireless card and an access point (that little image is handy). The average Joe isn't going to realise this. It would also be a very easy way to hack someone's machine. They connect to YOU and then you hack them. Bet it'd be dead hard to trace as well ...

0
0
Anonymous Coward

Re: WiFi theft

It's difficult to lampoon the police when they do it so effectively themselves.

0
0

Community Support Officers

The problem here is surely the pettifogging PCSOs, or Gauleiters as they should be called.

0
0

Better analogy

The "open front door" analogy really doesn't work in this situation. Even if the door is wide open you have to physically move your carcass onto Private property thereby committing the crime of Trespass. It's not like that with WIFI.

Now, IANAL but, an open access point that is broadcasting it's SID is BROADCASTING an open invitation to connect, over PUBLIC frequencies, and at least in this case, well beyond the Physical boundries of the Private property, onto PUBLIC property.

Broadcast;

http://dictionary.reference.com/search?q=broadcast&x=0&y=0

NOT

http://en.wikipedia.org/wiki/Broadcast_(band) :-)

The act of broadcasting the SID of an open access point could be considered an invitation to join the network and the DHCP process could be considered the act of asking for and receiving permission to join the network. Remember even if you connect to the access point, you can't use the internet connection without the IP information supplied by DHCP. Using the internet connection is the "theft of services", right? Not just connecting to the AP and doing nothing.

In US law (roughly based on UK law, right?) there is a concept called "attractive nuisance". This basically means that if you have something on your private property that is visible from public property and everyone who sees it is going to want to use and you make no effort to secure it or prevent access to it, you give up to some degree, some of your property rights to that thing and possibly the piece of property it is on. Here's an example; you are a single person with no children and you live alone in a house with a large unfenced backyard that borders a public park. One day you build a children's playset at the back of your property, easily visible from the park. some children playing in the park notice your new playset and wander over and start using it. One of the children falls off the slide and breaks his arm. His parents sue you. They will probably win even though the child trespassed and used your property without permission. You intentionally created an "attractive nuisaunce" and made no attempt to control access to it. You could have built a fence, you could have posted signs that said "Private Property - keep off - this means you little brats" But you didn't, so you accept some responsibility. It's probably different in the UK so somebody correct me if i'm wrong. But there are ridiculous laws like this in the US that need knocked down too.

The best analogy i could come up with in this situation is this;

I'm walking down the sidewalk to work one morning. I walk by the front of your house and notice that your garden hose is hanging over your fence spouting water onto the Public sidewalk. Since I'm thirsty, i lean over and *without physically touching your hose* (that's garden hose, pervs) i take a drink of water.

Now have i tresspassed? No. Have i stolen your water? Maybe, would it matter if I had let the water hit the sidewalk first and then lapped it up from there? The water was going down the gutter anyway, at what point does it change from private to public property?

As previous posters have mentioned, the guy made a huge mistake admitting to anything. The proper response when the Neighborhood Nazis walked up and asked what he was doing would have been either to say something like "I'm sitting in my private car, legally parked in public place working on my private laptop, not that it's any of your business - now fuck off", or, simply winding up the window and ignoring them. If/when an actual cop shows up you have to deal with him but the same rule applies. "My name is so and so, I live at x address, I'm sitting in my car working on my laptop. Period. If you have any more questions i'm going to need my lawyer present."

It seems to me that these kind of laws have only existed so far because they've only been applied to the uneducated. The first time someone tries this on a reasonably well funded IT professional, with a bad attitude about authority, I can't see it holding up. All it's going to require is the right expert witnesses to explain the situation in layman's terms to the jury in a way they can understand and no reasonable person would convict. And at least in the US these laws are pretty vulnerable to constitutional challenges, the problem is that it's so very expensive to take a case far enough on constitutional grounds, that it's going to take someone with a ton of money, a professional understanding of the subject, lots of endurance, and a strong enough feeling of Civic responsibility to not just take the settlement and make the whole thing go away.

Begin mini-rant:

At least in the US, it's government OF the People, BY the People, not just For the people. If you don't like the way things are going in your govt, Get your fat asses off the couch and DO something. Just voting for the lesser of two evils ain't enough. They're both obviously in the pocket of the global corps. If you're not willing to fight and suffer for your freedom, you don't deserve it. Maybe start by learning your actual rights under the constitution and federal and local laws and the proper way to deal with law enforcement, so you don't make it so goddamn easy to take away those rights.

End rant:

Best,

Joe

0
0

@David Haworth

Really good argument.. if that happened to myself, I'd definitely try and use that.

Also, October?? That gives plenty of time for the hacker to sell his laptop and get a new one, does it not?

0
0

What the?!? OMG what a dumb/lame law.

WTF, what if the owner of the wireless router WANTS to share it? This is a prime example of an overarching stupid law. I am not proud of the assinine pandering politicians we've had for the last few years here in the US, but I'm sooo glad I don't live in the UK which seems to be the king of lame laws passed recklessly, without regard for how STUPID they are.

0
0

@ Oscar

"I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi""

Windows is designed to default to connect to *any* wireless connection it can find; it's the operating system of choice for idiots, and therefor it's meant to help idiots do what they want to do, no matter how stupid that thing they want to do may be.

Take a look here http://blogs.chron.com/techblog/archives/2006/09/free_public_wif.html for a more in-depth (and less rabidly anti-morons) description of the problem.

The first thing I do after a Windows install is check the "connect only to access points" box in the wifi control settings, thus eliminating the problem of my field people finding themselves connected via a "man in the middle" when they're trying to VPN back into Corporate HQ.

0
0

If an offence was committed, who was the victim?

I'd love to know who exactly was the 'victim' of this blokes supposed crime. If he's being charged with unauthorised use of a network, how did these 'PCSO' goons determine that his network access was in fact unauthorised?

Presumably the wardriving geek dropped himself in it when questioned - I can't see any other way that this could stick legally.

0
0

@ Trevor Watt

"Personally I have an access point named 3KBSFree which will let you download your email from the street at a whoppingly slow yes, 3KB/S. But hell, free is better than nothing."

And I'm sure all the usernames/ passwords/ credit card nos. that are transmitted via your network are not being collected ;)

0
0
Tom

Just to muddy the waters a little further.

Wasn't there a case in the US a while back where a guy was charged with sitting outside a coffee shop and plugging in to their "free" network. IIRC the coffee shop owner did not want to press charges, but the guy was done anyway.

0
0
Anonymous Coward

ISP Contract

Most ISP's have small print in their contracts that state that you will not share your connection beyond the limits of your property (to stop people getting a 8mb/s connection and running cat 5 to the next dor neighbour and splitting the cost)

If this is still the case (My info is years old now) then the owner of the router could also be in trouble for breach of contract...

0
0
Anonymous Coward

PCSOs?

Just a thought on PCSOs not having power of arrest - if I can make a citizens arrest, and I'm an average Joe, why can't they? Hmm..that just makes them Guardian Angels (remember them?) in a stab vest.

However, in terms of a police state, it's little wonder folks are leaving the country in droves - what a shit hole, and I was born here. The '97 vintage Tories were pillocks for sure, but what would the place have been like if they'd stayed in power? Same/better/worse? - it's ciggie paper time.

0
0

Hee hee ...

"I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi". Whats that all about?"

No guesses? It's pretty easy to figure out:

1) Joe Dingbat pops open his laptop to check his email from his car

2) He is offered a number of "available" wireless access points

3) He chooses the one labeled "Free public Wifi" ... *DOH* mistake #1

4) He logs into his email account ... *DOH* mistake #2

5) After responding to a few, he decides to buy a book from Amazon.com

6) He goes there, chooses and pays with his credit card ... *DOH* mistake #3

7) He logs off, and goes about his day

Meanwhile, he is unaware that he has just handed over his email account information and his credit card information to a gleeful criminal who not only set up the access point for the express purpose of scraping such information from unsuspecting passersby who are lured in by the "free" connection, but who has also used the opportunity to dump a teeny-weeny rootkit onto his laptop.

Hee hee. Sorry, Joe Dingbat. You been p0wnt! Not so "free" now, is it?

Anyone who uses an unknown "available" access point is foolish, at best. Maybe that will change as time goes on, but it exemplifies the biggest problem facing cities that want to establish a wide-range free municipal wifi system: How to tell the fakes from the real thing.

0
0
Anonymous Coward

The main thing ...

The main thing is they got his DNA. Whether he is charged or not is irrelevant. The DNA is the target.

0
0

SSID isn't permission

Broadcasting an SSID to an unsecured network isn't permission.

Permission is something that has to actively be given, permission isn't there by default. The default for a wireless network is no encryption and something along the lines of "BELKIN" as the SSID. You have to take action to change that, so default values indicate no action has been taken, therefore you can assume no permission has been granted.

Looking at it from a different by the commonly used metaphor. An unsecured wireless network is an unlocked door and an SSID is a sign in public view saying the door is unlocked.

This is the equilivant of leaving a door unlocked and hanging a sign outside saying "The lock on the door is broken". Although a stupid thing to do and insurance wouldn't pay, anyone entering would still be trespassing.

0
0

It gets you thinking ...

My wireless router is my property.

I leave it "open".

I give it a generic name like "Free public Wifi"

I log everything that runs through the box.

Some shmoe decides to tap into my "Free public Wifi"

I collect his email login info.

I collect his credit card info.

Is there a problem here?

It's my box, and he's illegally tapped into it. I can grab whatever I want, and he has willfully passed that data on to me. Kinda like the guy who walked through the open door and hung out on the couch to watch your big screen ... and then dropped his wallet on the way out the door. Found goodies, and no legal obligation to either tell the trespasser that the wallet was dropped nor to return it to them. They left it as a token of their appreciation for using your paid-for services for free.

I'd say the router-piggybacker's actions have granted me explicit approval to grab his data. He has therefore implicitly given me the right to store his data. He gave me his login info, and I could maybe even argue that he has also given me approval to use it. He handed it right over to me!

It's a little grey around the "useage" area, but I've definitely been given permission to grab and store any data, in much the same way as some argue that a non-secured box provides permission to use it, and DHCP request/assignment provides a mutually-permissive transaction.

Oops ... some crook stole my router ... I hope all that data doesn't get used illegally ...

0
0
Anonymous Coward

PCSOs? power of arrest.

Just a bit off topic, but the way I see it is that the PCSOs don't have the same power of arrest as the police. They can make a citizens arrest but it's outside the power of the PCSO remit. Therefore if they make an improper arrest, sue the little shite, and make a complaint for assault. The police would love to have the little shite's DNA when they are arrested.

0
0

@James Butler

Welcome to the joyful world of SSL. Amazon, and most Webmail providers use HTTPS servers to handle all passwords/Credit information. So you *should* be perfectly safe submitting your details over a public WIFI connection.

That is assuming, of course, that he isn't infected with malware on his computer.

0
0

Did el fuzzo...

...ask the owner of the AP if they wanted the user prosecuted?

Although I use security mechanisms, if some geeza/gal was clever enough to penetrate my defenses, provided they wern't doing anything illegal RE dodgy downloads e.t.c, I'd invite them in, shake their hand, make them a cup of the finest caffeine and find out how they did it. I wouldn't do the same thing if the local twoc'er was trying to jack my motor. Funny old world isn't it?

I did use to leave my AP open for all, but then realized that a) no-one ever used it and b) if they did, they could do all sorts of naughty things in my name, so it got locked down.

0
0
Anonymous Coward

Sharing your wifi with a proper invitation

If you really want to share your bandwidth, and have permission from your ISP to do that, you can set up your own hotspot.

Such as this supplied by Solwise:

http://www.solwise.co.uk/wireless-hotspot-was-102r.htm

Or subscribe to a Hotspot network such as "The Cloud" or "Openzone" as a supplier of service (you get a miserable return, though - even though it is you providing the service really).

This intercepts all calls to your LAN and Internet connection. You're explicitly giving permission to use the network, and your network can remain encrypted - because if you wish, you can make the user collect a ticket with pertinent details.

Without such a device, it is hard to prove that the owner has explicitly granted access to his/her network and hence the Internet, even if you SSID says so.

Why is this? Well, any novice who sets up a wireless network may not have taken the trouble to set up the router correct, and the devices have default settings. A knowledgeable person would be able to reconfigure the Router and therefore the SSID.

As someone else said, most PCs are set up to use the strongest signal - so a novice may not even notice that the SSID has changed.

The laws are, I agree, antiquated and were designed for the protection, mainly, of military & government communications and systems, and large corporate networks - such as the railway & banking networks.

Until the laws are changed/updated (and there's no guarantee they ever will be), then accessing ANY computer and network device (ie a wireless Router - even if it is just to get an IP number and routing onto another network) without explicit permission is a CRIMINAL offence. It could even result in a custodial sentence.

Because of the sensitivity of Corporate and Military networks and equipment, the law will always have to ensure it protects those networks and the wording for such laws to differentiate between public, private and common ownership will always be a bit hazy.

If the guy is guilty of accessing the Internet through someone elses network, then there will be no option but for the judge to impose at least the minimum sentence he can.

Rob

0
0

This post has been deleted by its author

Rob

RE: Daft law & Trespassing & Muddy waters

"It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

You could be charged with criminal trespassing. Contrary to some places it is not always a civil offense.

" 635:2 Criminal Trespass. –

I. A person is guilty of criminal trespass if, knowing that he is not licensed or privileged to do so, he enters or remains in any place.

II. Criminal trespass is a misdemeanor for the first offense and a class B felony for any subsequent offense if the person knowingly or recklessly causes damage in excess of $1,000 to the value of the property of another. "

Also regarding this:

"Wasn't there a case in the US a while back where a guy was charged with sitting outside a coffee shop and plugging in to their "free" network. IIRC the coffee shop owner did not want to press charges, but the guy was done anyway."

Here in the United States not every state is just a 'state' meaning some are commonwealth states. In the commonwealth state of Pennsylvania the state has the right to charge offenders regardless if the victims do not wish to press charges. I believe the other few commonwealth states are the same in that aspect.

0
0

Free Public WiFi SSID

A point to remember here amidst the paranoia in this thread about joining a free public wifi point is HTTPS, a sensibly set up site like Amazon, most email providers, etc, will encrypt the data en-route, and it's far far tougher to Man-In-The-Middle when certs are involved...

0
0
(Written by Reg staff)

Re: Free Public WiFi SSID

Cliff,

You wrote: "A point to remember here amidst the paranoia in this thread about joining a free public wifi point is HTTPS, a sensibly set up site like Amazon, most email providers, etc, will encrypt the data en-route, and it's far far tougher to Man-In-The-Middle when certs are involved.."

That kind of assumption is dangerous. HTTPS MAY prevent someone from siphoning your login credentials, but as an Errata Security researcher demonstrated at Black Hat, the vast majority of websites (hotmail, Yahoo mail,) make it trivially easy to steal session IDs transmitted over Wi-Fi - even when the wireless user has chosen the SSL URL.

For more on this, see: http://www.theregister.com/2007/08/02/public_wifi_hack/

0
0

Re: HTTPS

Would an unsuspecting user who connected to a rogue open router realize that when they clicked their bookmark for GMail, it displayed http://mail.googlie.com instead of https://mail.google.com?

Unfortunately, newbies and unsophisticated users would be hard-pressed to use the techniques that might keep them "safe", like running Tor/Privoxy with their own DNS resolution or PGP or similar security tools.

0
0

@ various

"It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

If you take their stuff, its still theft.

"An unsecured WiFi router broadcasting its SSID is precisely like leaving your door open and posting a big sign outside saying "come on in and look around", and should be treated so in law."

How? Blaming the victim again. What next? She was wearing a short skirt, she wanted to be raped? He was black in a white area, he wanted to be murdered?

"Found goodies, and no legal obligation to either tell the trespasser that the wallet was dropped nor to return it to them. They left it as a token of their appreciation for using your paid-for services for free.

"

wrong. you need to make a reasonable attempt to return found chattels.

£5 on the street you keep if no-one is around. A rolex you hand in.

0
0

Wi-Fi 0wnage @ Black Hat

... and that's the main reason I have switched to https://gmail.com since reading that article. Mind you, I already have taken measures to avoid someone tapping on my wi-fi; not only 128-bit WEP, but also using an SSH tunnel and pumping all my http(s) traffic through that tunnel (that goes to my squid proxy on the other end).

Except my https://gmail.com practice applies to even my wired access too. Wi-Fi may be the easiest way to leak information, but there is a reason we use SSL for anything involving money...

0
0

It's like...

Using someone else's unsecured WiFi without their permission is like walking by someone's yard and enjoring the view of their beautiful garden. If you place something in public view, you cannot reasonably expect them to NOT look at it. If you don't want your neighbors looking at your garden, build a fence around it.

If you don't want you neighbors using your insecure WiFi, secure it, or stop beaming it into public space.

In order for me to be trespassing on my neighbor's wireless, while I'm in my own house, the assumption is that the wireless signal belongs to him, regardless of where it is. If that is the case, then I want to file a trespassing complaint, for my neighbor projecting his wireless signal into my house. Such a case would certainly highlight how ridiculous these things are.

0
0

Lost Wallet

"wrong. you need to make a reasonable attempt to return found chattels.

£5 on the street you keep if no-one is around. A rolex you hand in."

Mmmm ... not quite so clear cut, at least in the USA. The lost wallet was on my property and was left behind during the course of a trespass, either criminal or civil. Therefore I, as the property owner, may lay superior claim to the wallet. I could satisfy a "good faith" effort to return it by posting a notice in the local paper and waiting a couple of weeks before I spent the money as my own.

£5 or a Rolex on a public street is different. Data flowing illegally through my (admittedly rigged) router is still trespassing, and is left behind during the course of that trespass. Perhaps I would post a notice in the local paper anyway, though:

"Found: GMail login information and credit card data. Left on my router by someone who decided to use the bandwidth I pay for. To claim these credentials, please contact ..."

0
0

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2018