Comments on: Unguarded Wi-Fi threat http://www.p2pnet.net/story/11418 p2pnet.net - reader powered Mon, 09 Nov 2009 07:47:13 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Reader's Write http://www.p2pnet.net/story/11418/comment-page-1#comment-134125 Reader's Write Fri, 23 Feb 2007 19:24:26 +0000 #comment-134125 n/t n/t

]]> By: Reader's Write http://www.p2pnet.net/story/11418/comment-page-1#comment-134115 Reader's Write Fri, 23 Feb 2007 15:57:06 +0000 #comment-134115 That's bad news. I'd say almost all wireless routers ship by default with wireless security disabled by default for convenience. Whether or not the appeal is successful for the RIAA, router companies need to step up to the plate and ship their products with WPA enabled by default. WPA is already supported by all major operating systems and most wireless devices, so the only excuse for not enabling it is that a long password must be typed in to each computer or device wanting access. That excuse may work for public hotspots, but it doesn't fly for private accounts, where sharing your connection with an outsider is usually a TOS violation, even though an ISP-provided wireless router is almost always provided with security disabled. This isn't hard for companies to do; provide a strong default password for the security (one that's different for each unit) and provide a piece of paper with the password on it right on top of the router itself in the packaging. Unlike most recorded passwords, this one can probably stay within easy reach (say, right next to the router itself) as it mostly protects from outside access and not inside, approved access. This is important, and not just for infringement liability purposes. The account holder could find himself or herself responsible if an outsider used the account to transmit viruses, child porn, or other obviously illicit activities which the law enforcement agencies scan for like hawks. It will be very difficult for you to prove that someone used their device on your network without your permission in court, even if you were to go as far as to log the MAC addresses of every device that connects to your Wi-Fi connection and subsequently prove that none of your devices have that address. This still doesn't prove that you didn't give permission, and you could still be held liable. That’s bad news. I’d say almost all wireless routers ship by default with wireless security disabled by default for convenience. Whether or not the appeal is successful for the RIAA, router companies need to step up to the plate and ship their products with WPA enabled by default. WPA is already supported by all major operating systems and most wireless devices, so the only excuse for not enabling it is that a long password must be typed in to each computer or device wanting access. That excuse may work for public hotspots, but it doesn’t fly for private accounts, where sharing your connection with an outsider is usually a TOS violation, even though an ISP-provided wireless router is almost always provided with security disabled. This isn’t hard for companies to do; provide a strong default password for the security (one that’s different for each unit) and provide a piece of paper with the password on it right on top of the router itself in the packaging. Unlike most recorded passwords, this one can probably stay within easy reach (say, right next to the router itself) as it mostly protects from outside access and not inside, approved access.

This is important, and not just for infringement liability purposes. The account holder could find himself or herself responsible if an outsider used the account to transmit viruses, child porn, or other obviously illicit activities which the law enforcement agencies scan for like hawks. It will be very difficult for you to prove that someone used their device on your network without your permission in court, even if you were to go as far as to log the MAC addresses of every device that connects to your Wi-Fi connection and subsequently prove that none of your devices have that address. This still doesn’t prove that you didn’t give permission, and you could still be held liable.

]]>