RE: Wireless Security

["Herman Frederick Ebeling, Jr." <hfebelingjr () lycos com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: Alloishus BeauMains [mailto:all0i5hu5 () gmail com]
Sent: Tuesday, 18 October, 2005 09:34
To: hfebelingjr () lycos com
Cc: security-basics () securityfocus com
Subject: Re: Wireless Security

: Good points.
:
: A good level of paranoia isn't bad, as it will normally lead people to
: take at least rudimentary precautions and take those reasonable
: measures I mentioned.

Yep, gotta agree that a little paranoia isn't a bad thing.  It's only when one
reaches the "foil hat" stage that things
have been taken to too far of an extreme. . .;-)

: However, I note that there is a difference between the two analogies.
: In the situation you mentioned, a person was allowed to use the car.
: In that case, of course, the person who allowed an untrustworthy
: person to use the car could be held accountable.

Ok, this one I think we need to disagree to.  Just because person a) loans
person b) his/her car doesn't mean that they
should be held accountable for what that friend does.  Let's say that the friend
in question instead of using the
borrowed car to "run" drugs gets involved in a hit-and-run accident killing an
innocent bystander.  Does that mean that
the owner of the car should be held responsible?

 The same is true with
: a wireless connection. If you explicitly give someone permission to
: use the wireless connection, and then they use it for nefarious
: purposes, then you could be held liable.

On this one too, I'd have to think that we'll have to again, disagree.  That's
like saying that someone who has say an
account with NetZero and they d/l "tons" of kiddie porn.  Does that make NetZero
"guilty" as well???  I don't think so,
and I think that their lawyers would agree with me.  Or that'd be like saying
just because the criminals use the roads
conduct their illegal activities that those who built the roads are also somehow
"guilty" because of it.

 If you give someone
: permission to use your mailbox, and they decide to slip a brick of
: coke in there, then you might be held liable.

I would think that one would have to have an idea of WHY someone was wanting to
use their mailbox and allow it to
happen.  Or another way to look at it is like this.  Say someone rents a mailbox
at a private company and they get
"10-keys" of coke delivered to them at THAT address.  Does that make the private
company just as guilty, as the persons
who placed the order?

:
: On the flip side, if you didn't give them permission, then they are
: stealing. If your friend did not give his other friend permission to
: use the car, and it is found to have drugs, then your friend would
: report the car as stolen, which should, in a normal circumstance,
: absolve him of any wrongdoing.

Sadly the Military doesn't work the way that "normal" people think that it
should. . .

:
: I would imagine that if you came home from work, and checked you
: mailbox and found a brick of coke, then the most appropriate action
: would be to call the police (No, not keep it and snort it, and no, not
: sell it......the other dude might come looking after all). I would
: also imagine that if you told the police the situation...that you just
: checked your mail and there is a brick of coke, then they would
: probably leave you alone after a few questions and probably send some
: patrol cars to check out your neighborhood, stake out your
: mailbox...etc etc.

Unless the person who put the brick of coke in your mailbox was dumb enough NOT
to wrap it in a "plain brown" wrapper
how would one know that it was coke until AFTER they opened the package???

:
: Likewise, many cities/states now have cybercrimes units that you could
: call if you suspected someone using your network, and you can normally
: call your isp and let them know of unauthorized activity.

That's good to hear.

:
: Lastly, the solution to this is the same as the solution to many other
: issues....simply awareness. Many 70+ elders, for instance, would not
: imagine that using their credit card over an unsecure network might
: pose a risk. Most people simply need to be educated. In some cases, it
: actually takes a bad occurrence (such as ID theft) to make someone see
: the light.

Yep, education IS the key to everything, which is why I started this in the
first place.  And I've learned that just
because something is "too" fantastic doesn't mean that someone won't have
thought of it.  Which is/was something that
we were told when I was in the Army.  If captured don't even make up any "plans"
to tell the captures cause ya never
know IF someone hasn't already put those "plans" to work. . .

:
: PS: On a side note, I noticed that this did not get posted to the
: Internet, or web. Am I posting this to the mailing list? Or am I
: responding just to you? Is everyone seeing this, or just you? Do I
: need to do anything other than reply? reply all? Or do I need to put
: security-basics () securityfocus com in the send address?

I think that ya need to hit the reply all button, and IF the
security-basics () securityfocus com address isn't there then
ya need to add it.

Herman

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ1VmWx/i52nbE9vTEQK05wCfW0Voy4JMHhBBaZMqYBsOxMXrsioAn3yW
ZM086qyScefvvqP/zPbg2lIp
=kiJo
-----END PGP SIGNATURE-----