As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Just borrowing a cup o' bandwidth...

milehighmilehigh Registered User regular
edited July 2009 in Help / Advice Forum
For the record I'm posting from my laptop at a bar. However, onto the question. I just moved into my new apartment, and have the computer setup. My new fiber optic internet (20 Mbps ZOMG) won't be up until Monday or Tuesday.

In the meantime I seem to have picked up a wireless network which appears to have been setup haphazardly, named linksys, no password, WEP etc.

What are the ramifications for using this in the interim? Both ethically and security wise? I mean could there be some crazy hacker sitting downstairs waiting for me to connect to his wifi so he can steal my soul/bank account numbers? Is it wrong to use a minimum amount of bandwidth once a day just to check email, order status' etc (on that note if I do use this connection is logging into my email or anything else that requires account info a bad idea?)

Thanks in advance.

milehigh on
«1

Posts

  • urahonkyurahonky Registered User regular
    edited July 2009
    I really don't think you have anything to worry about.

    urahonky on
  • matthias00matthias00 Registered User regular
    edited July 2009
    I wouldn't do online banking on it, but beyond that you should be fine.

    matthias00 on
  • TyrantCowTyrantCow Registered User regular
    edited July 2009
    theoretically, the owner of the network you're using could see any clear text information you're passing along to the internet.

    but, if the router is setup as you say, they are either not very technically adept or extraordinarily nefarious. I would put money on the former.

    the ethical decision is yours

    TyrantCow on
  • VoroVoro Registered User regular
    edited July 2009
    Security wise: Do you know what ethereal is? Connecting to a wireless network is never secure, especially not in an apartment complex and especially not when the access point is that insecure. If you can't vouch for every individual living within the maximum range of your wireless card, then you don't want to supply sensitive information over that connection.

    Ethics wise: You're still mooching off of a connection you didn't pay for, without even telling the person who paid for it. Using a minimal amount doesn't make it less wrong, it only lowers the severity.

    Voro on
    XBL GamerTag: Comrade Nexus
  • Captain VashCaptain Vash Registered User regular
    edited July 2009
    Voro wrote: »
    Security wise: Do you know what ethereal is? Connecting to a wireless network is never secure, especially not in an apartment complex and especially not when the access point is that insecure. If you can't vouch for every individual living within the maximum range of your wireless card, then you don't want to supply sensitive information over that connection.

    Ethics wise: You're still mooching off of a connection you didn't pay for, without even telling the person who paid for it. Using a minimal amount doesn't make it less wrong, it only lowers the severity.
    salmon'd for direct contradiction.

    It's my understanding, at least as far as the law goes, that leaving your wifi completely open and unprotected is tantamount to an invitation to use said connection to anyone within range.

    however, if there is any encryption whatsoever, be it the laughable wep encryption, or simply not broadcasting the ssid, it is illegal to use that network as the owner has clearly defined that it is not for public use.

    Captain Vash on
    twitterforweb.Stuckens.1,1,500,f4f4f4,0,c4c4c4,000000.png
  • milehighmilehigh Registered User regular
    edited July 2009
    Hmm, ok. Well, still at the bar. I just logged into WoW to show a friend something. Now, there's other people here I don't know using computers as well. Shady looking people. Thinking this through, what's the difference between this connection and the one at my apartment? Both are completely open and allow anyone within range to pick them up and use them. Is this connection (or any public wifi) equally unsecure? I really know little about the technical aspects on it so I apologize if this seems like it should be common sense.

    milehigh on
  • Captain VashCaptain Vash Registered User regular
    edited July 2009
    When you use wifi you broadcast all information you put online into the air.
    theoretically, any suffiecently advanced user will be able to decrypt this information.

    I personally would not trust wifi with any information more sensitive then a forum/social networking login.

    Captain Vash on
    twitterforweb.Stuckens.1,1,500,f4f4f4,0,c4c4c4,000000.png
  • DarwinsFavoriteTortoiseDarwinsFavoriteTortoise Registered User regular
    edited July 2009
    milehigh wrote: »
    Hmm, ok. Well, still at the bar. I just logged into WoW to show a friend something. Now, there's other people here I don't know using computers as well. Shady looking people. Thinking this through, what's the difference between this connection and the one at my apartment? Both are completely open and allow anyone within range to pick them up and use them. Is this connection (or any public wifi) equally unsecure? I really know little about the technical aspects on it so I apologize if this seems like it should be common sense.

    I don't know much about MMOs, but it seems like that takes more than a minimal amount of bandwidth.

    DarwinsFavoriteTortoise on
  • milehighmilehigh Registered User regular
    edited July 2009
    milehigh wrote: »
    Hmm, ok. Well, still at the bar. I just logged into WoW to show a friend something. Now, there's other people here I don't know using computers as well. Shady looking people. Thinking this through, what's the difference between this connection and the one at my apartment? Both are completely open and allow anyone within range to pick them up and use them. Is this connection (or any public wifi) equally unsecure? I really know little about the technical aspects on it so I apologize if this seems like it should be common sense.

    I don't know much about MMOs, but it seems like that takes more than a minimal amount of bandwidth.

    Yeah, I'm using a bar's free wifi, not my apartments.

    milehigh on
  • DarwinsFavoriteTortoiseDarwinsFavoriteTortoise Registered User regular
    edited July 2009
    milehigh wrote: »
    milehigh wrote: »
    Hmm, ok. Well, still at the bar. I just logged into WoW to show a friend something. Now, there's other people here I don't know using computers as well. Shady looking people. Thinking this through, what's the difference between this connection and the one at my apartment? Both are completely open and allow anyone within range to pick them up and use them. Is this connection (or any public wifi) equally unsecure? I really know little about the technical aspects on it so I apologize if this seems like it should be common sense.

    I don't know much about MMOs, but it seems like that takes more than a minimal amount of bandwidth.

    Yeah, I'm using a bar's free wifi, not my apartments.

    Oh ok.

    Well theres no difference between the open wireless connection at the bar and the open connection at your apartment.

    DarwinsFavoriteTortoise on
  • VoroVoro Registered User regular
    edited July 2009
    Voro wrote: »
    Security wise: Do you know what ethereal is? Connecting to a wireless network is never secure, especially not in an apartment complex and especially not when the access point is that insecure. If you can't vouch for every individual living within the maximum range of your wireless card, then you don't want to supply sensitive information over that connection.

    Ethics wise: You're still mooching off of a connection you didn't pay for, without even telling the person who paid for it. Using a minimal amount doesn't make it less wrong, it only lowers the severity.
    salmon'd for direct contradiction.

    It's my understanding, at least as far as the law goes, that leaving your wifi completely open and unprotected is tantamount to an invitation to use said connection to anyone within range.

    however, if there is any encryption whatsoever, be it the laughable wep encryption, or simply not broadcasting the ssid, it is illegal to use that network as the owner has clearly defined that it is not for public use.

    How is that a contradiction? Right and wrong is binary. If your answer to "is this wrong?" is anything other than yes/no, then you're just trying to use bullshit rationalizations to justify what you're doing. If you steal a candy bar, it is wrong. If you steal an entire vault full of cash, it is wrong. The severity is different in both cases, but that doesn't change whether or not it is wrong.

    And yes, the bar is just as insecure. You really only want to send account information via a landline. Whatever accounts you logged in to while at the bar, you might want to make note and change those passwords when you have your connection on Monday or Tuesday, just to be safe.

    Voro on
    XBL GamerTag: Comrade Nexus
  • DocDoc Registered User, ClubPA regular
    edited July 2009
    When you use wifi you broadcast all information you put online into the air.
    theoretically, any suffiecently advanced user will be able to decrypt this information.

    I personally would not trust wifi with any information more sensitive then a forum/social networking login.

    You're familiar with the fact that SSL encryption provides extremely good end-to-end protection from man in the middle attacks, right? Basically, people would have a much easier time dumpster diving for your bank account info than trying to decrypt SSL packets.

    That is to say, there's no reason to believe that logging into your bank website (assuming it's a secure site) is any more problematic over wireless (yes, even unsecured wireless) than a wired network. Yes, you lose the benefits of WEP or WPA for non-SSL sites, but for secured sites the strongest security protocol on the stack is still in place.

    Doc on
  • HevachHevach Registered User regular
    edited July 2009
    To use an analogy: If your door is unlocked and somebody opens it and comes it, it's still breaking and entering. If the door is wide open, it's not breaking and entering (no barrier to entry) but it's still illegal for them to come in, because an open door is not an invitation without an actual invitation ("Come on in," open house sign, etc).

    The whole "open invitation" thing's only legal basis is that it was successfully used to defend against a file sharing case - anybody could have done it over the wireless connection without the owner's knowledge.

    The analogy does break down though: Last I knew there was still no federal law regarding wireless network intrusion (except for one that only applied to government networks) and few states have laws to fill that hole.

    Connecting to the network probably isn't illegal, but it's still unethical and if they find out (which if they didn't secure the network I doubt they could find out) they could press civil charges, which don't necessarily need a law to be broken.

    Hevach on
  • DocDoc Registered User, ClubPA regular
    edited July 2009
    I'd have hesitations about mooching long-term, but not just over a weekend.

    Just go easy on the bandwidth is all.

    Doc on
  • SarcastroSarcastro Registered User regular
    edited July 2009
    The onus is on the owner of the internet connection account to provide appropriate security for the use of that connection. The fine print on thier Terms and Conditions explicity states that they are responsible for this, and in the event that illegal content is traced back to that IP, it falls on them to account for it.

    By not being concerned about the security of thier shit, they have created a public access internet connection. This is thier offering to anyone nearby capable of using it. You are not 'taking' anything, you are accepting that service. From the ISP (and quite likely legal, as these things are often entwined) point of view, the account holder has done this purposefully and willingly.

    So you aren't doing anything wrong, according to the ISP; ethically, we all know it was probably done out of ignorance. It seems dickish to take severe advantage of that (like going over thier bandwidth limitations) but for a few meg here and there, its win/win, nobody is taking the hit.

    Sarcastro on
  • Blake TBlake T Do you have enemies then? Good. That means you’ve stood up for something, sometime in your life.Registered User regular
    edited July 2009
    The onus is not on the owner of the network.

    That's like saying it's the onus of someone in the house to make sure to look their doors to stop burglars coming in. Sure it is stupid to leave your door unlocked, but it is still wrong to take something that doesn't belong to you.

    It's like your brother coming in using your CDs and then putting them back. Personally I have no problem with him using my stuff, what I have a problem is him using my stuff without asking me.

    Here is a simple rule for ethics. If you have to stop and ask yourself if something is ethically wrong then it usually always is.

    Blake T on
  • HevachHevach Registered User regular
    edited July 2009
    There is no such legal onus beyond the contract with their ISP. That's put there more to protect the ISP than to place burden on the owner - it lets the ISP dump the burden of any shit that happens on your lap and wash their hands of it.

    Some googling around: In Florida this can get you arrested, there is no distinction in their laws about network access - secured or unsecured, you can be arrested for accessing it, the "open invitation" crap was thrown out there several times.

    In Michigan it's treated as service theft - even with written permission of the owner, if you're not on their property you can be charged, and it carries the same criminal penalties as stealing cable or electricity, there's been several convictions even with the owner of the line testifying for the defense (most famously Sam Peterson who recieved a $400 fine and 40 hours of community service, but the maximum fine of $10,000 and prison time has been invoked).

    Washington has had at least one almost identical case to those in Michigan where they used service theft laws, with convictions against people accessing networks from off the owner's property but still with permission.

    Several other states have applied tresspassing laws - an open gate, open door, or unfenced yard do not constitute permission to access the property. In that vein, you could bring up attractive nuisance laws, but those only protect children in most cases - their protection is extended to adults only if they are removing their children from an attracitve nuisance. I don't see how it would really apply in this case, but generally to be an attractive nuisance something has to be dangerous and potentially irresistible to children. I can see how my koi pond is one, but not a wireless network.


    I'll stand by my previous statement: It's unethical, possibly illegal (more possibly than I'd said before, seeing how readily other laws have been applied), and while you're probably not going to be caught, that doesn't change the first two facts, only whether or not you're willing to risk it.

    Hevach on
  • ChanusChanus Harbinger of the Spicy Rooster Apocalypse The Flames of a Thousand Collapsed StarsRegistered User regular
    edited July 2009
    milehigh wrote: »
    Hmm, ok. Well, still at the bar. I just logged into WoW to show a friend something. Now, there's other people here I don't know using computers as well. Shady looking people. Thinking this through, what's the difference between this connection and the one at my apartment? Both are completely open and allow anyone within range to pick them up and use them. Is this connection (or any public wifi) equally unsecure? I really know little about the technical aspects on it so I apologize if this seems like it should be common sense.

    I don't know much about MMOs, but it seems like that takes more than a minimal amount of bandwidth.

    MMOs actually require very little bandwidth (at least the ones I've played, which is most all of them). You can play them on a 56k dialup modem without any serious lag.

    Chanus on
    Allegedly a voice of reason.
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited July 2009
    Doc wrote: »
    When you use wifi you broadcast all information you put online into the air.
    theoretically, any suffiecently advanced user will be able to decrypt this information.

    I personally would not trust wifi with any information more sensitive then a forum/social networking login.

    You're familiar with the fact that SSL encryption provides extremely good end-to-end protection from man in the middle attacks, right? Basically, people would have a much easier time dumpster diving for your bank account info than trying to decrypt SSL packets.

    That is to say, there's no reason to believe that logging into your bank website (assuming it's a secure site) is any more problematic over wireless (yes, even unsecured wireless) than a wired network. Yes, you lose the benefits of WEP or WPA for non-SSL sites, but for secured sites the strongest security protocol on the stack is still in place.

    As I understand it, the danger with public wi-fi is that there could be a similarly-named ad hoc network utilizing DNS shenanigans redirecting common banking sites, ebay, etc to phishing sites.

    TL DR on
  • underdonkunderdonk __BANNED USERS regular
    edited July 2009
    Gray area legally.

    99.9999999% chance you won't get "caught" using the network.

    Don't do anything besides basic stuff - no banking or other access of sensitive information.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited July 2009
    I have a mental image of someone looking at their router logs and seeing an IP address for 'BOB FROM APT 3A_PC'

    TL DR on
  • EWomEWom Registered User regular
    edited July 2009
    I know a guy who claims to have gotten a cease and desist from the RIAA for downloading music, when it turned out to be someone useing his wireless connection that wasn't secure. Whether it's true or not I don't know, but something to think about, on the moral and legality standard.

    I mean if you use some one elses stuff to do something illegal (not saying you'll be pirating or anything, just in general) do you get in trouble, or the other person, or both?

    EWom on
    Whether they find a life there or not, I think Jupiter should be called an enemy planet.
  • DocDoc Registered User, ClubPA regular
    edited July 2009
    I'm quite surprised that so many people are voicing objections to leeching wi-fi for a weekend, and not using it for anything nefarious.

    Doc on
  • SarcastroSarcastro Registered User regular
    edited July 2009
    Blaket wrote: »
    The onus is not on the owner of the network.

    That's like saying it's the onus of someone in the house to make sure to look their doors to stop burglars coming in. Sure it is stupid to leave your door unlocked, but it is still wrong to take something that doesn't belong to you.

    No, it's like someone coming inside your house and saying Guys! Hai Guys! Free Stuff Here! Attention! Free Stuff! Right Here! The broadcast reaches onto other people's property, sent out by a device owned by the account holder. Its up to that account holder to ensure that a household broadcast is kept private.

    I can't speak for Stateside bylaws, but I've certainly worked security for a Canadian ISP, and when the RCMP come knocking, they go for the user attached to the leased IP. That being said, if you've taken any precautions at all, its considered a private network, and there are some legal issues with breaching that.

    Sarcastro on
  • Folken FanelFolken Fanel anime af When's KoFRegistered User regular
    edited July 2009
    The comparisons are meaningless. The primary issue is whether or not its illegal. Since he hasn't told us where exactly he lives, we can't say for sure that it is or not in his state.

    Now... if it is legal, you certainly have the option of being a dick or not being a dick depending on the bandwidth you use.

    Folken Fanel on
    Twitter: Folken_fgc Steam: folken_ XBL: flashg03 PSN: folken_PA SFV: folken_
    Dyvim Tvar wrote: »
    Characters I hate:

    Everybody @Folken Fanel plays as.
  • HevachHevach Registered User regular
    edited July 2009
    Sarcastro wrote: »
    Blaket wrote: »
    The onus is not on the owner of the network.

    That's like saying it's the onus of someone in the house to make sure to look their doors to stop burglars coming in. Sure it is stupid to leave your door unlocked, but it is still wrong to take something that doesn't belong to you.

    No, it's like someone coming inside your house and saying Guys! Hai Guys! Free Stuff Here! Attention! Free Stuff! Right Here! The broadcast reaches onto other people's property, sent out by a device owned by the account holder. Its up to that account holder to ensure that a household broadcast is kept private.

    I can't speak for Stateside bylaws, but I've certainly worked security for a Canadian ISP, and when the RCMP come knocking, they go for the user attached to the leased IP. That being said, if you've taken any precautions at all, its considered a private network, and there are some legal issues with breaching that.

    Your door is visible from off your property as well, as is my pond or that guy's pool or my neighbor's dog kennel. What you're saying here is the exact description of how an attractive nuisance is defined - attractive nuisance only protects children, adults are expected to know better and are prosecuted equally for investigating an attractive nuisance as they would be for any other act of trespassing, citizens are not expected to secure anything that isn't capable of leaving their property on its own and harming others.

    You mention working for a Canadian ISP, I'm sure then you're aware that in Canada unauthorized access to any network regardless of its security is a felony, Theft of Telecommunications. Google also turns up that in a number of cases going back to November 2003 with a child pornography case that's mentioned several times to have set the precedent, the owner of the unsecured network is protected from prosecution for offenses committed by an intruder.

    Hevach on
  • Captain VashCaptain Vash Registered User regular
    edited July 2009
    Ignore analogies of trespassing and physical property. They're useless in this situation.

    When I set up an unprotected network that connection is literally sending out a signal that is requesting new connections to my network.
    If I don't want these new (but not unsolicited) connections it is my job as network owner to disable that.

    Captain Vash on
    twitterforweb.Stuckens.1,1,500,f4f4f4,0,c4c4c4,000000.png
  • underdonkunderdonk __BANNED USERS regular
    edited July 2009
    Ignore analogies of trespassing and physical property. They're useless in this situation.

    When I set up an unprotected network that connection is literally sending out a signal that is requesting new connections to my network.
    If I don't want these new (but not unsolicited) connections it is my job as network owner to disable that.

    This is true, but there's no case law to support it. It's a big legal grey area.

    underdonk on
    Back in the day, bucko, we just had an A and a B button... and we liked it.
  • EchoEcho ski-bap ba-dapModerator mod
    edited July 2009
    Doc wrote: »
    I'm quite surprised that so many people are voicing objections to leeching wi-fi for a weekend, and not using it for anything nefarious.

    Everyone's an expert at silly analogues involving physical objects to describe something purely digital.

    Echo on
  • RBachRBach Registered User regular
    edited July 2009
    Doc wrote: »
    When you use wifi you broadcast all information you put online into the air.
    theoretically, any suffiecently advanced user will be able to decrypt this information.

    I personally would not trust wifi with any information more sensitive then a forum/social networking login.

    You're familiar with the fact that SSL encryption provides extremely good end-to-end protection from man in the middle attacks, right? Basically, people would have a much easier time dumpster diving for your bank account info than trying to decrypt SSL packets.

    That is to say, there's no reason to believe that logging into your bank website (assuming it's a secure site) is any more problematic over wireless (yes, even unsecured wireless) than a wired network. Yes, you lose the benefits of WEP or WPA for non-SSL sites, but for secured sites the strongest security protocol on the stack is still in place.

    As I understand it, the danger with public wi-fi is that there could be a similarly-named ad hoc network utilizing DNS shenanigans redirecting common banking sites, ebay, etc to phishing sites.

    This is true. It's also possible that someone is operating a proxy on the network that intercepts all traffic including SSL-secured pages. However, as long as you're diligent about ensuring a given page's SSL certificate matches what it should and not some random proxy server you should still be OK.

    Also make sure you have a software firewall running, of course. :)

    RBach on
    [SIGPIC][/SIGPIC]
  • CasualCasual Wiggle Wiggle Wiggle Flap Flap Flap Registered User regular
    edited July 2009
    Sarcastro wrote: »
    The onus is on the owner of the internet connection account to provide appropriate security for the use of that connection. The fine print on thier Terms and Conditions explicity states that they are responsible for this, and in the event that illegal content is traced back to that IP, it falls on them to account for it.

    By not being concerned about the security of thier shit, they have created a public access internet connection. This is thier offering to anyone nearby capable of using it. You are not 'taking' anything, you are accepting that service. From the ISP (and quite likely legal, as these things are often entwined) point of view, the account holder has done this purposefully and willingly.

    So you aren't doing anything wrong, according to the ISP; ethically, we all know it was probably done out of ignorance. It seems dickish to take severe advantage of that (like going over thier bandwidth limitations) but for a few meg here and there, its win/win, nobody is taking the hit.

    This. I know of some people that leave their wifi open on purpose just to be nice. Given what sarcastico said about illegal content being their responcibility I wouldn't do it but some people are just generous.

    Casual on
  • SarcastroSarcastro Registered User regular
    edited July 2009
    Hevach wrote: »
    abloo.

    Hopefully in the case of someone committing a crime, they end up going after the actual criminal. It's all very case by case, but a freely open access point is considered just that- free access. So don't be a dick, mm'kay?

    Sarcastro on
  • DrFrylockDrFrylock Registered User regular
    edited July 2009
    It's my understanding, at least as far as the law goes, that leaving your wifi completely open and unprotected is tantamount to an invitation to use said connection to anyone within range.

    I point you to this case in Illinois and another, also referenced in that article, in Florida, where two men were successfully prosecuted for using someone else's open WiFi without permission. It is certainly not as you say, and I'd like to see you substantiate your claim. If the convictions don't demonstrate that this is a legal gray area, I don't know what would.
    Sarcastro wrote:
    but a freely open access point is considered just that- free access. So don't be a dick, mm'kay?

    Just because you want it to be true doesn't mean it is, at least in all jurisdictions. But don't let a little thing like facts cloud your opinion there, OK?
    theoretically, any suffiecently advanced user will be able to decrypt this information.

    I understand that movies like Hackers and Swordfish are compelling entertainment, but in the real world, strong encryption...is. WEP has some flaws that make it breakable with specialty hardware and enough data and computing power; if the access point's encryption is WPA (or better, WPA2) it is highly unlikely that anyone will get access to your data by breaking the encryption. If the data is ALSO encrypted via SSL, then you have very little to worry about, even against the most capable third parties (SSL's encryption algorithms have been demonstrated to be extremely sound).
    Doc wrote:
    That is to say, there's no reason to believe that logging into your bank website (assuming it's a secure site) is any more problematic over wireless (yes, even unsecured wireless) than a wired network. Yes, you lose the benefits of WEP or WPA for non-SSL sites, but for secured sites the strongest security protocol on the stack is still in place.

    Doc has it right here.
    milehigh wrote:
    I mean could there be some crazy hacker sitting downstairs waiting for me to connect to his wifi so he can steal my soul/bank account numbers?

    It's theoretically possible, although it's unlikely he would have access to your soul via WiFi, and your bank account numbers would likely be encrypted through SSL.
    milehigh wrote:
    on that note if I do use this connection is logging into my email or anything else that requires account info a bad idea

    Anything that passes credentials in cleartext (old-school unencrypted POP, IMAP, Telnet, FTP, a small minority of websites) is not a good idea.

    DrFrylock on
  • PeregrineFalconPeregrineFalcon Registered User regular
    edited July 2009
    DrFrylock wrote: »
    I understand that movies like Hackers and Swordfish are compelling entertainment, but in the real world, strong encryption...is. WEP has some flaws that make it breakable with specialty hardware and enough data and computing power; if the access point's encryption is WPA (or better, WPA2) it is highly unlikely that anyone will get access to your data by breaking the encryption. If the data is ALSO encrypted via SSL, then you have very little to worry about, even against the most capable third parties (SSL's encryption algorithms have been demonstrated to be extremely sound).

    Pardon me while I salmon your lies now. :P

    WEP is shit and breaks in about five minutes, tops. WPA with weak passphrases also goes down in a hurry to dictionary attacks, but that's about an hour or so after sufficient data capture. WPA with a good passphrase or WPA2 are the only ones you need to break out the supercomputers for.

    The bit about SSL is bang-on, unless someone runs a proxy and slips a forged certification in there.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • DrFrylockDrFrylock Registered User regular
    edited July 2009
    Pardon me while I salmon your lies now. :P

    WEP is shit and breaks in about five minutes, tops. WPA with weak passphrases also goes down in a hurry to dictionary attacks, but that's about an hour or so after sufficient data capture. WPA with a good passphrase or WPA2 are the only ones you need to break out the supercomputers for.

    The bit about SSL is bang-on, unless someone runs a proxy and slips a forged certification in there.

    Lies?

    I said that breaking WEP requires enough computing (yes, you can do it on a fast laptop), enough data (you do have to capture enough packets), and specialty hardware (a WiFi network adapter that can be put into promiscuous mode, which is very likely not the one that came with your laptop).

    I am not sure why it is a surprise that guessing someone's password will allow you access to their password-protected resources, either.

    DrFrylock on
  • PeregrineFalconPeregrineFalcon Registered User regular
    edited July 2009
    DrFrylock wrote: »
    Lies?

    I said that breaking WEP requires enough computing (yes, you can do it on a fast laptop), enough data (you do have to capture enough packets), and specialty hardware (a WiFi network adapter that can be put into promiscuous mode, which is very likely not the one that came with your laptop).

    I am not sure why it is a surprise that guessing someone's password will allow you access to their password-protected resources, either.

    Maybe not outright lies, but to paint WEP as anything but Asking For It security-wise is a little misleading.

    There's a difference between WPA2-AES, which will take you a lot of power to crack, as in "a few hundred computers crunching for hours at a time for a single key", and WEP, which cracks in five minutes to a WalMart laptop.

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
  • Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited July 2009
    The real issue is that most routers seem to be set up to broadcast their ID by default, so people who don't know anything wind up telling everyone about their unprotected network.

    That being said I don't think it's a huge ethical issue assuming you're being safe with your own information and aren't doing anything harmful. If you're just using their network to look at websites you're using such a small amount of bandwidth that no one will ever notice the difference. Don't see what the harm is.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • Captain VashCaptain Vash Registered User regular
    edited July 2009
    I present you with a video
    http://www.metacafe.com/watch/1106987/how_to_crack_wep_wireless_networks_for_noobs/
    "how to crack wep for n00bs"

    Now I'm not saying that we're going to have to call in John Mcclain to save the day after "omgz hackerz" take all our poor OPs vital information and erase his social security number and 401k plan.

    What I am saying is complete truth though, and that is that when you connect to any wifi connection (the one our OP is referring to being UNencrypted) you are broadcasting that information through the fucking ether back to the router, and that there are tricks and games that any sufficiently advanced computer user could use to steal sensitive information from you.

    and I'm not talking about hollywood, wave my hands over a keyboard and take control of all the stoplights in new york, I'm talking real life, pushing a virus through to your system if you accidentally have file sharing open, dns spoofing major website urls and replacing them with phishing sites, reading cleartext files, none of these methods are outside the range of anyone with a computer, a suitable wireless card (one that can do packet insertion), and the right piece of software on any modern laptop.

    LONG STORY SHORT

    if you're worried about your information, don't put it out over unprotected, publicly available wireless networks.

    Captain Vash on
    twitterforweb.Stuckens.1,1,500,f4f4f4,0,c4c4c4,000000.png
  • CasualCasual Wiggle Wiggle Wiggle Flap Flap Flap Registered User regular
    edited July 2009
    DrFrylock wrote: »
    Lies?

    I said that breaking WEP requires enough computing (yes, you can do it on a fast laptop), enough data (you do have to capture enough packets), and specialty hardware (a WiFi network adapter that can be put into promiscuous mode, which is very likely not the one that came with your laptop).

    I am not sure why it is a surprise that guessing someone's password will allow you access to their password-protected resources, either.

    Maybe not outright lies, but to paint WEP as anything but Asking For It security-wise is a little misleading.

    There's a difference between WPA2-AES, which will take you a lot of power to crack, as in "a few hundred computers crunching for hours at a time for a single key", and WEP, which cracks in five minutes to a WalMart laptop.

    Just for my peace of mind how likely is it that your average guy on the street would have the skills to do it?

    Casual on
  • PeregrineFalconPeregrineFalcon Registered User regular
    edited July 2009
    Casual wrote: »
    DrFrylock wrote: »
    Lies?

    I said that breaking WEP requires enough computing (yes, you can do it on a fast laptop), enough data (you do have to capture enough packets), and specialty hardware (a WiFi network adapter that can be put into promiscuous mode, which is very likely not the one that came with your laptop).

    I am not sure why it is a surprise that guessing someone's password will allow you access to their password-protected resources, either.

    Maybe not outright lies, but to paint WEP as anything but Asking For It security-wise is a little misleading.

    There's a difference between WPA2-AES, which will take you a lot of power to crack, as in "a few hundred computers crunching for hours at a time for a single key", and WEP, which cracks in five minutes to a WalMart laptop.

    Just for my peace of mind how likely is it that your average guy on the street would have the skills to do it?

    Considering that a video called "How to crack WEP for noobs" was just posted, if he can use Google he can do it. :P

    PeregrineFalcon on
    Looking for a DX:HR OnLive code for my kid brother.
    Can trade TF2 items or whatever else you're interested in. PM me.
Sign In or Register to comment.