 |
Scott,
A private computer network doesn't broadcast it self into my house and readily accept my connection.
The car analogy doesn't work in this case. The better analogy is: you left your MP3 player in my apartment and I used it to listen to your music. Should I be punished for that?
My $.02
There are a couple of reasons to secure a wireless network:
1. creating Spam created by the stealer or virus.
2. Downloading of illegal porn (the stuff that puts you in jail quickly)
This is primarily why some hotspots remove outgoing mail (SMTP) and have firewalls on vistied sites. Our free libraries only allow http and very secure versions of https. That's it.
The makers of consumer routers rarely put a function to list who is connected. Makes it hard for the consumer to tell.
Using encryption infringes on speed.
Windows passwords are not that strong. Best not to have filesharing on, nor open incoming ports.
Sniffing is easy and free. Sniffing wireless is harder. I haven't done that yet.
Your browser encrypts and then sends the encrypted information, so it's difficult to snatch.
Windows is just too easy to break into, or so it seems. Personal info stored there seems to be a greater threat.
Hiding the SSSID is the minimum that should be done for a wireless network. This makes it a little hard to troubleshoot at times.
Certain passwords are in plaintext. Telnet and FTP for instance. These are slowly being eliminated, although not fast enough. Mail may be too unless your using a browser based client. Not sure.
Now suppose you and your neighbor had an agreement to share garbage collection. Legal?
If you share internet and/or cable then it's illegal because of your agreement.
Breaking into a computer system (using someone else's WIFI) without their permission is against the law.
And, in order to break the security, you have to know the holes. Been on both side of the fence primarily before PC's were in the picture. I broke security. I was offered a job.
I could crash minicomputers and take out entire networks with two statements. Crash dumps rat. When your on both sides, you realize that security depends on the secured system to be free of vunerabilities. IE. They are not intentionally created. Being the hacker, means that you have to be one step ahead. Guessing at vunerabilities.
A grad student wrote a network terminal handler for his thesis. A fancy word for a program that would support multiple terminals over a network. Not the same, but similar to unix TERM variable and TERMCAP entries although it only supported 3 different displays.
The student asked me to try to crash it. I thought about it for about 5 minutes. Went over to a logged out terminal and typed 3 characters. CRASH. I was in high school. He wasn't pleased.
This mini-computer had "Administrator accounts" and all the passwords were the same and it was changed very regularly. Also the "Administrator" accounts had the ability to log onto a standard account just by logging onto an administrator account and then directly logging onto the account of a standard account. This increased security because the administrators didn't have to know the passwords of all the accounts. This was when passwords could be looked up. Unix has a one way encryption which makes that impossible. A dictionary data base was used to break into our system. It was intentional and it was considered "fun" at the time. 6 character passwords, all upper case with numbers made it easy. The after 5 tries, you have to wait 20 min now used on the web gets rid of that problem. More secure sites like banking, require a phone call to reset if the number of trials are exceeded. So, it's always cat and mouse.
My network is unsecured. The guy parked outside is easily spotted. It doesn't carry across the street, nor in the neighbors back yard. Three out of the 4 neighbors have computers. One has wireless. All are incapable of hacking. With a high gain antennae, you could reach the network. Bricks attenuate the signal quickly.
KISS,
There is no doubt that people should secure their home wireless networks. I have a side job in tech support and make some fun money doing that.
Here's a funny story about a tech savvy guy who wanted to mess with people accessing his wifi signal (you can skip the code parts and look at the images): Upside-Down-Ternet
Quote:
Originally Posted by excon
Okay, YES, if you send sensitive information over an unsecured wireless network, or even over a WEP secured network, it is entirely possible for someone to get that information, even if your bank uses a secure connection. Never underestimate the ability of the determined to get at your information.
Heh.. nice work.Quote:
Originally Posted by NeedKarma
Hello again, twill:
I'm not an IT guy... I AM a security guy. I know enough to know, that as long as data resides anywhere, somebody can get it. From a technological point of view, the only thing that makes encryption work, is that is hasn't been hacked YET.
WILL it be hacked?? Duh!
My question has to do with the here and now. My concern is with the dollars in my account TODAY - not whether they could be vulnerable in the future. I KNOW about the future.
So, Mr IT technician, IS my data (and my money) safe (in the real world meaning of safe)? Or should I stop my online banking, bill paying and purchasing? Really, Dude. I don't want to lose my money. But, doesn't EVERYBODY bank online?? If it wasn't safe, don't you think I would have heard by now?
excon
PS> I want you to know, that I just didn't willy nilly put my data online and ask questions AFTERWORDS. I checked quite extensively into the safety of these very issues, BEFOREHAND. If I'm, and all the people I checked with, wrong, please let me know.
PPS> My apologies to Solarrigger for stealing the thread.
Is that only for twill or can anyone answer?
I do ALL my banking online either form my wired desktop or my wireless laptop, hell I even do it from work. The data is encrypted and between your browser and the bank's webserver farm. Can it be decrypted? Yes. Is it easy for the regular techie kid to it? Absolutely not.
Of course I'm not the regular computer user. I know how to keep my PC free of malware and viruses - that's your bigger threat, not the guy who attaches a sniffer to a cable. I also secure my home network properly.
If one is against doing banking online because of security then I hope they never give their credit card to the waiter at a restaurant - that is 200% more risky than online banking.
I'm not against online banking, I actually bank online myself. CAN a secure tunnel be hacked? Yes, it can, that's not something in the near future, that's a here and now reality. I'm not saying don't ever bank online, I AM saying to be smart and use every precaution you can. Chances aren't likely that your local computer geek will have what it takes to get to your data, but it's still a possibility. Using an unsecured wireless network is just opening the door a little bit more for them to get to you.
I'm not saying wireless is bad, I use wireless nearly exclusively in my home, but it does need to be secured to ensure maximum security of your data.
The other thing to consider, I have seen WiFi connections that are merely traps. When you connect to another person's unsecured network, you're taking a risk, several actually.
1) Will they have the know-how to ID my computer on their network? (Which, by the way, the low-end router I installed at my parent's house, a Wal-Mart purchase, can easily tell me who's on the network)
2) Is their network open because they don't know any better? If so, is their network virus and spyware free, or am I at risk for picking something up from one of their computers. If they do know better, why are they leaving it open? Some WiFi networks are actually set up by people to steal information from your computer. Sure, that HTTPS tunnel that you've created to connect to your bank is a secure, encrypted signal, but are the temporary Internet files residing on your box secure?
3) If I am identified on someone's network, will they call the police on me? This one isn't likely, even if they do identify you, but some people are anal about this stuff.
There is good advice to be had here and some valid viewpoints to consider. Long story short... protect your assets and data. Don't just ignore the fact that something can happen. Even if you could prosecute, it does you no good if the damage has been done. When my debit card number was stolen by a gas station (according to police investigation), the outcome was the same... replace everything and contact a lot of people to work things out. Prosecution was irrelevant to me.
If you take reasonable precautions then you have made your data and network difficult enough to access that just about everybody will go fishing elsewhere. At the risk of repeating myself, the interest on this thread shows that it should be a wakeup call.
Or when the security firm website emails you and says that it's possible that your credit card info was stolen and that you should cancel your card as a precaution. It was stolen and was eventually used. It's ironic that a company selling security equipment themselves got compromised.
I think people have slightly gone off the point in some posts. I have read this topic, are people saying that it is not worth the risk, using someone else's wireless internet? Or is it down to them to secure it and if not it's fine to use it?
In my opinion its not OK to use it. Even if you won't get caught, even if its not totally illegal its still not ethical.
| All times are GMT -7. The time now is 07:51 PM. |