Well, it is a crime - if and only if some otherwise unqualified prosecutor or DA is hoping for a promotion / elected position. /waves a tiny American flag.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Henry Sent: Wednesday, June 30, 2004 7:00 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [nycwireless] Confessions of a War Driver I disagree with thew author of that article in that it is not a crime to just connect to an unsecured wireless network (in the U.S.A. anyway) if you do not use the connection in a malicious way. If I'm mistaken I'd sure like to see the specific section of the law being violated. -- James Henry [EMAIL PROTECTED] AirPower Information Services www.airpower.com Stop SPAM dead in its tracks. It worked for us! http://spamarrest.com/affl?392504 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, June 30, 2004 6:00 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [nycwireless] Confessions of a War Driver > > > Confessions of a War Driver > Opinion by David Ramel > > > JUNE 30, 2004 (COMPUTERWORLD) - I admit it: I'm a war driver. > Cloaked in > anonymity, I cruise the alleyways and byways of corporate America, > lurking, searching, probing for a weakness. > There! The telltale tone in my earphones alerts me to a potential > target. I quickly glance at my laptop in the passenger seat. No > encryption on this wireless network. It's wide open. > > I have the tools. I have the knowledge. Seizing the opportunity, I ... > do nothing. > To go further and actually connect to the wireless network I've found > would violate the cardinal rule of war drivers: Thou shall not access > another's network under any circumstances. > > "Don't do it," says war-driving guru Chris Hurley. Regardless of your > motivation -- to experiment, to prove a point, to show an admin his > network is unsecure -- "you're committing a crime," he says. > > Hurley, a.k.a. Roamer in the war-driving world, is the > organizer of the > WorldWide WarDrive (WWWD), a project in which volunteers armed with > wireless-network-detection software and GPS receivers map all the > networks they can find in a week. The war drivers compile statistics > that reveal where the networks are and whether or not they are using > basic encryption methods. They are trying to prove a point: Wireless > network managers need to take security more seriously. > > This year's event, WWWD No. 4, ended June 19 after locating 228,537 > access points (AP). Of those, about 38% had basic encryption, such as > Wired-Equivalent Protocol (WEP) or Wireless Application > Protocol (WAP). > Last year's WWWD found 88,122 APs, of which 32% had > encryption. Complete > stats are available online. > > Hurley is encouraged by the increase in the percentage of encrypted > networks, but he was looking for more. "I was kind of hoping for a > better increase, up to 40%," he says, but adds, "As long as > there is an > increase, you're happy." > > Hurley, an information security engineer working in the > Washington area, > became interested in war driving after Peter Shipley reported on his > fledgling war-driving efforts at the Def Con security > conference several > years ago. Since then, Hurley has taken over the annual Def Con > war-driving events and the WWWD in an effort to publicize the > vulnerabilities of wireless networks. > He points out in his book, WarDriving: Drive, Detect, Defend, > A Guide to > Wireless Security, that hackers can easily take war driving a > few steps > further and use freely available tools to connect to an unencrypted > network for free Internet access or to sniff out passwords > for complete > access. That would allow them to steal information or use the > network as > a base to launch future attacks. It's not much harder, he says, to use > other free tools to crack the notoriously flawed WEP > encryption scheme. > Even the more secure WAP is vulnerable to certain attacks. (Note: > Wireless hacking tools are detailed in the story "The > Hacker's Wireless > Toolbox.") > > "There are so many threats that you open yourself up to by > not securing > your wireless network," Hurley says. > And as Hurley and his war drivers have shown, there are a lot > of people > out there opening themselves up. > My own war-driving forays support his take on the sorry state of > wireless security. Using the free Windows application NetStumbler, I > consistently found more than 100 wireless APs on my 19-mile drive to > work -- before 9 a.m. Of these, typically about 70% aren't encrypted. > And about 44% are using their default Service Set Identifier, which > makes them more vulnerable to hackers. > > Of course, the nature of the terrain in my commute indicates that most > of these APs are on private home networks. Hurley believes that the > recent explosion in home networking is responsible for much of the > increase in networks discovered by war drivers. While these > home network > owners may not have corporate secrets to protect, they could > be leaving > themselves open to Internet access interlopers. Or worms or viruses > transmitted from the outside computer. Or worse. Hurley recounted the > November 2003 case in which a Toronto man was found in his car using > another person's wireless home network to download child pornography. > > While that man was arrested, Hurley pointed out that if > someone accessed > a network to download child pornography and then disconnected from the > network, the network owner couldn't prove that he himself > didn't commit > the crime. > > But it's in the corporate world where unsecured wireless networks are > the most dangerous. If you war-drive through any office park, you will > likely find lots of wide-open nets. Last Saturday, I did exactly that. > Few people were around, and nobody paid any attention to me, but the > networks were still running, letting me know they were available. > > News reports have detailed how a Lowe's home improvement store earlier > this month was attacked by wireless hackers intent on stealing credit > card numbers from the parking lot. And as far back as 2002, > researchers > revealed to Best Buy executives that some of their stores were > transferring credit card numbers over unsecured wireless networks. > During last month's Mobile & Wireless World conference, an Intel > executive mentioned that someone once wirelessly "snooped" > the e-mail of > 10 to 12 vice presidents in a company facility in Oregon. > > And those are just the hacks that have been made public -- companies > obviously are reluctant to talk about wireless security > breaches. Hurley > says he has heard of many other slip-ups that he can't talk about. > > So why, with all the publicity about wireless security, with > all the Web > sites, books, magazines, white papers, consultants and TV shows > detailing how to secure wireless networks, are corporate > staffers still > failing to take appropriate security precautions? > Hurley thinks it's overworked administrators who aren't > trained to work > with wireless networks. He says they are often just told by their > managers to put in a wireless network, and they do it as fast and as > easily as possible. > > And, he says, network administrators are supposed to make > sure that the > company's network is up and usable -- that's their main job. It's the > job of security officers to ensure it's protected from attackers. The > two job functions are often at odds. And many companies don't > even have > security officers, Hurley says. It all adds up to war drivers finding > thousands of unsecured networks, year after year. (To get a security > manager's take on the threats posed by unsecured wireless networks, go > to QuickLink 47059.) > > What advice does Hurley have for corporate America? First, he says, > decide if you really, really need a wireless network to begin with. If > there's an absolute business case that you do, and you put one in, > "basic security measure aren't enough," he says. "You need to > have some > secure form of authentication as well as a [virtual private > network] ... > so they are encrypting all their traffic through means other > than WEP or > WAP." > > The bottom line, he says is that network administrators should > "essentially treat your wireless network the same way you treat a > dial-up user." > > That's because there may be people out there who don't adhere > to the war > driver code of not connecting to networks they find. There might be a > curious journalist, for example, who wonders if he really > could connect > to those networks and get free Internet access. > > He might take his D-Link AirPlus XtremeG DWL-G650 Wireless Cardbus > Adapter and his Dell notebook and his free NetStumbler > software and find > out that it's incredibly simple to jump on someone's network and surf > the Web. > Then he might wonder if he really could see the traffic on these > networks. He might try a bunch of readily available tools and > find that > the trial version of CommView is one of the few applications > that works > with his card and allows him to actually sniff network packets. > > Then he might chicken out and erase all evidence of such illegalities > and proceed no further. > Others, however, might not. > > http://www.computerworld.com/printthis/2004/0,4814,94225,00.html > -- > "NEXTEL-1 IT'S NOT JUST NEXTEL" > Note The New address > Subscribe to Nextel-1: http://www.groups.yahoo.com/subscribe/NEXTEL-1 > > "NEXTEL2 FOR iDEN SOFTWARE DEVELOPERS" > Subscribe to Nextel2: http://www.groups.yahoo.com/subscribe/NEXTEL2 > > "WIRELESS FORUM HOMELAND SECURITY GROUP" > The Complete Resource for Wireless Homeland Security. > Subscribe to WFHSG: http://www.groups.yahoo.com/subscribe/WFHSG > > > -- > NYCwireless - http://www.nycwireless.net/ > Un/Subscribe: > http://lists.nycwireless.net/mailman/listinfo/nycwireless/ > Archives: http://lists.nycwireless.net/pipermail/nycwireless/ > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.712 / Virus Database: 468 - Release Date: 6/27/2004 > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 6/27/2004 -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/ -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
