Anti-Wi-Fi pol goes war driving
p2p news / p2pnet: To make a point about what they saw as the dangers of unsecure Wi-Fi, a New York county politician and a cto went war driving.
Westchester County’s Andy Spano wants an anti-Wi-Fi law, which could be the first such in the US, because without it, ” Somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data.
He and the county’s cto, “took a laptop computer equipped with easily available software and drove around downtown White Plains today in search of vulnerable networks,” says a statement, going on:
“Last week, a team from the Department of Information Technology performed the same survey and came across 248 wireless hot spots in less than a half an hour of driving down Westchester Avenue and Main Street in White Plains. Out of those, 120, or almost half, lacked any visible security at all. Many users marked themselves as easy targets by failing to change the network`s default name from ‘default’ to something unique.”
Spano’s draft proposal calls for new legislation that would, “require Internet cafes as well as commercial businesses that use wireless networks to take basic security precautions to protect private customer information from potential data thieves and hackers”.
Under it, all commercial businesses using wireless networks and with personal information would have to have, “secure networks that protect the public from potential identity theft and other potential threats such as computer viruses and data corruption”.
“For example, a retail establishment that uses a wireless network to process credit card transactions would be required to install a firewall, one of the easiest and least expensive ways to guard a network from attack,” says the statement.
“They would have to file a note of compliance with the county. Businesses that offer public Internet access would be required to post a sign stating that the network has been secured with firewall protection and stressing the need to use discretion.”
Something you think we should know? tips[at]p2pnet.net
See:-
Mercury News – SPANO PROPOSES LAW TO COUNTER RISKS OF WIRELESS NETWORKS, November 2, 2005
November 7th, 2005 at 4:42 pm
I guess now we need to have some political hack to force people to encrypt their network. I leave my wireless network unencrypted for a reason. It is a FREEWAN CELL!!!! I gues people can encrypt network communications and post a sign that gives the key. I can however see where one would require credit card and personal information transaction to be encrypted, but all this other stuff is ridiculous.
November 7th, 2005 at 8:41 pm
As long as it only applies to bussinesses that hold personal information I dont have a problem with them being reqired to put up a firewall .
Even some poeple leave thier personal information open to all on p2p networks so this may protect people who are unaware how to proectet themselves from identity theaft online .
November 7th, 2005 at 9:14 pm
As long as this only applies to businesses, that’s just fine.
I’d like to see all wireless products come with WPA-PSK or even AES enabled by default, but that’s probably an idea way before its time.
November 7th, 2005 at 9:36 pm
Instead of outlawing leaving WANs open, the government should require that manufacturers include a notice about the possible side-effects of not securing ones wireless network and clear instructions on how to secure it.
Sure, most manufacturers include something in the manual, but the manual is often on CD and not printed on paper. There should be a sticker or something covering the powerswitch stating that security should be enabled unless you are certain that you want others to access your wan.
November 7th, 2005 at 11:35 pm
If internet cafe owners havn’t worked out that completely open Wi-Fi networks are a security hazard, and therefor BAD FOR BUSINESS, that’s their problem.
Personally, I’d feel happier using a Wi-Fi network at a place that advertises “We use X grade encryption and security by…” than a place that has a notice saying “We conform to Local Ordinance 4856″. Most Local and State laws are so far behind the times that I’d want to know exactly what is being used to keep my data safe.
Supergreat Security v5.6? Bah! That was hacked two months ago, I’m not using that!
Is this county going to employ a team of security guys to make sure all the standards they make people use are up to scratch? Network security is a 24/7 job, so they’re going to need a department to keep everyone using the latest protection.
And anyway, if somore is too stupid to change the access from “default” to something else, why should everyone else be punished for it? What about the morons with sensitive data who ACTUALLY CONNECT to these networks?
I didn’t think there was a law against being stupid. Good business is about proving you’re not.
November 8th, 2005 at 2:58 am
This is one of the very holes in this business of sue’em all. Someone buys another computer for the kid to do homework with and needs a router to connect it with. Typically most home users aren’t security experts. I am sure most all here have heard the old adage “When all else fails read the instructions”.
Home users expect to plug it in and it to work. They are not IT tech experts. If you have ever read a router instruction book it is filled with terms that immediately turn into a hunt and seek for the meanings of unfamiliar terms. So unfamiliar that is akin to learning a new language to figure out what they are talking about.
So many people are having problems with port forwarding and security that Microsucks decided to help them out with UpnP that auto calls to open and close ports. That is nothing short of another security headache for any that understand routers and make it possible for malware to open ports on their own in the system once they have found a hole to get in.
What it also does is open up home networks to drive by downloading. So what if they get their IP read and recorded? The IP recorded won’t lead back to the downloader, it will lead back to the owner of the equipment. For the most part an owner that has no clue that they are even vulnerable or open for exploitation. Just because you can read doesn’t mean you can comprehend the text when it looks to be in a foreign language. Just because you were given a manual with the equipment doesn’t make you an expert nor will it guarantee security of your setup. All of which is blithely ignored by the sue’em all.
November 8th, 2005 at 11:30 am
If they successfully pass these kinds of laws, it will then pave the way for more restrictive controls, and you can bet your bottom dollar they have their sights on free wan cells.
They should keep their noses out of everyones business.
November 8th, 2005 at 4:49 pm
Dear Mr. Spano:
I don’t suppose that one of the CTO’s that you went tooling around White Plains in that caravan of limos took the time to explain to you that a firewall goes between the wireless access point or router and the internet and does nothing to keep wardriving policitians off the local LAN?
The firewall will protect people’s personal information from attack from the internet by the likes of Chinese Windows Messenger Spammers, Bulgarian EZBoard Google Spamdexers, Nigerian 419 Phishermen, and script kiddies with a $4000 laptop that live in comfortable, upscale suburbs like Westchester County. The threats originating on the internet are far more significant and probably to a business owner than an unsecured wi-fi hot spot.
The consequences of an unsecured hotspot (assuming it’s segregated from the machines used in “business operations”, as they should be) are: Gettings nasty letters from your ISP because of the ‘excessive usage’ of it by a wardriver/walker/chalker. Even nastier letters from your ISP about all of the spam you send out. A lawsuit because someone downloaded 18 new release movies and 29 new CD releases. An invitation from Jeanine Pirro, the Westchester Country DA, hand delivered by Armed, Uniformed Government Officials (The Police) to come to her office to discuss all of the child pornography that’s been exchanged on your internet service, followed by a visit to Judge Judy.
The last scenario is probably unlikely or unlikely to lead to real trouble, other than embarrassment, once the unsecured wi-fi network comes to light. As your are now your own little ISP, you are immune from any criminal activity that takes place by users, as long as you were not aware of it, or encouraging it thanks to the Telecommunications Reform Act of 1996. Phew!
What’s more likely is that your machines have gotten conscripted in a zombie army, had back doors installed on them, or keyloggers, or some idly curious hacker is going over all of your financial information.
I understand that Westchester Country Community College and also SUNY/Purchase have some excellent classes for those just beginning their exploration of the information technology domain. You might wish to enroll in one before actually filing any legislation on this matter.
I’d also check in with County Attorney about your proposal. Wi-Fi operates over the public Radio Frequency spectrum. The Communications Act of 1934 (reformed in 1996, as noted above) established an agency called the Federal Communications Commission as the sole exclusive agency at any level of government to deal with any issue regarding the transmission and reception of RF signals. Infrastructure, like cell-phone towers, are another matter, but your proposal imposes local requirements on the actual signals. Given their on-going initiative to expand their little empire with the Broadcast Flag, CALEA Provisions for VOIP calls (they’ll cover this in class, or ask Ms. Pirro when you see her), and the Analog Hole (Not to worry, it’s not like the Ozone Hole or a Black Hole,) I don’t think they are going to take too kindly to your proposal
–TurboGeek
PS: Oh, by the way, I really like the cell phone tower located in the rest area on the Hutchinson River Parkway in White Plains. I understand that there was a big fuss because it would detract from the scenic ambience of the area. Was that your idea to stick little green bristley things on each of the antenna array elements wrapped around the monopole mounting, so it would look like a big pine tree amongst the other pine trees comprising the landscape of the area? My little dog jumps with excitement each time he sees it as we’re driving to and from Long Island
Unfortunately, the tower is SO tall that it dwarfs the pine trees by a factor of 3, plus it’s in the wide median of the parkway all by itself, so it look like a giant toilet brush looming in the distance, guarding the cleanliness of the rest area’s lavatories. Sorry that didn’t work out the way it was planned.
–Turb