RE: Wireless Security (Part 2)

["Steve Armstrong" <stevearmstrong () logicallysecure com>]

Herman

How are you going to get the web page open?   What if they don't want to
use your connection for web browsing?  A common use of other wireless
connections is for bandwidth hungry or illegal activities.  And while
there are illegal activities that can be performed with a web browser,
it is more likely to be another program that utilises the connection eg
P2P or Bit Torrent for illegal file sharing.

However, your post did get me thinking as to the legal ramifications of
conducting sniffing operations on what you believe to be a closed
network.  For example if I was sniffing all traffic on my network and
you connected without permission and my knowing, I would capture your
traffic.  While there is an offences of accessing a private network
(especially is encryption was broken to gain the access), but where do I
stand on the interception and storage of your data?

While some may say this is clear cut, how about the grey area of an
insecure wireless LAN,  there a remote un-authorised user may connect
without their knowledge and may pass data they believe to be private.
While I did not intend for you to connect I still have your data -
possible without your knowledge.

Interesting eh?

Perhaps the lesson here is to ensure you encrypt your WLAN to ensure the
casual user does not connect, and if they do (ie they have hacked in),
they are not casual, not wanted and get what they deserve. 

Steve A


-------------------------------------------------------

UK IT Security Forum  -  www.logicallysecure.com/forum 




-----Original Message-----
From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] 
Sent: 15 May 2006 22:34
To: security-basics () securityfocus com
Subject: Wireless Security (Part 2)

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A few months back we had a discussion going about whether or not a
person who has setup a Wi-Fi network for their and their families use.
And IF someone illegally connects to said network if the person who
setup the network has the right to go into the other person's computer
to find out who they are.  The consensus is/was that sadly no the person
who setup the Wi-Fi network doesn't have the right to go into the
intruder's computer to find out who they are.

What IF the person who sets up the Wi-Fi network has a web page, or a
dialog box that is displayed that says the following whenever a new
computer signs onto the network:

                                WARNING

   You have connected to a PRIVATE COMPUTER NETWORK

IF you were NOT invited to join the network then leave now.
IF you continue to use the network, know that by doing so you consent to
having your computer inspected for the purpose of finding out who you
are so that the proper authorities can be notified.
IF you leave now no actions will be taken, but IF you continue then the
appropriate actions WILL be taken, you have been WARNED.
This is your ONLY warning, leave NOW.
Also know that along with your name your computers MAC address will also
be recorded, and blocked in the future.

        If the above is setup as a web page then the capitalized words
would be in bold as well as red to catch the person's attention.  Also
with the above they wouldn't be able to say that they weren't warned,
correct?

- -----
Herman
Live Long and Prosper
 ___________________          _-_
 \==============_=_/ ____.---'---`---.____
             \_ \    \----._________.----/
               \ \   /  /    `-_-'
           __,--`.`-'..'-_
          /____          ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: Space the Final Frontier

iQA/AwUBRGjzqx/i52nbE9vTEQL2VgCfa6k5g7v+iXyLAWn8x0C4puoejFIAnA0l
pyeqL5W4eOfzDQCLuHEk31Q/
=c+u5
-----END PGP SIGNATURE-----