Forgot your password?
typodupeerror
Wireless Networking Hardware Your Rights Online

War Driving To Be Protected In NH 387

Posted by CmdrTaco
from the baby-steps-in-the-right-direction dept.
AllMightyPaul writes "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks. Basically, it put the burden of securing a wireless network on the owner of the network and allows people to connect to open networks that they believe are supposed to be open. This is excellent news as I'm sure we've all tried to connect to one wireless network and ended up accidentally connecting to another one. Being from NH, now I can finally drive through Manchester and connect anywhere I want with little worry, but not until after January 2004, and that's if the bill passes the Senate."
This discussion has been archived. No new comments can be posted.

War Driving To Be Protected In NH

Comments Filter:
  • by Enzondio (110173) * <(moc.elixel) (ta) (eromlej)> on Tuesday April 29, 2003 @12:40PM (#5835181) Homepage
    This is what we should expect from New Hampshire

    Live free or die!
    • Bad analogy! (Score:5, Insightful)

      by WPIDalamar (122110) on Tuesday April 29, 2003 @02:18PM (#5836210) Homepage
      The whold leaving your doors unlocked & open and then people walking into your house is a bad analogy. A better one would be:

      You leave your T.V. pressed up against your window, and then people walking down the street watch it.

      Or...

      You put a speakerphone in the middle of the street, and then yell out your window whenever you make a call... and then people can listen to your conversation, and even add some comments in.

  • Legalize it? (Score:5, Insightful)

    by xchino (591175) on Tuesday April 29, 2003 @12:41PM (#5835194)
    So was it previously illegal? AKAIK, there are no laws against war driving, so while they may have protected this right, they didn't legalize it. Definately a step in the right direction, though.. it's so infrequent that we see lawmakers making laws to PROTECT our freedoms rather than remove them.
    • Re:Legalize it? (Score:4, Informative)

      by sharekk (654035) on Tuesday April 29, 2003 @12:49PM (#5835299)
      From the article: "Like most state and federal computer crime laws, New Hampshire's existing statute says it is a crime to knowingly access any computer network without authorization"

      Basically before if you were driving past a starbucks and picked up their connection you could be doing something illegal. I expect it's still illegal to crack WEP (easy as it may be) but using random open wireless is Ok.
    • Re:Legalize it? (Score:5, Insightful)

      by mcworksbio (571932) on Tuesday April 29, 2003 @01:06PM (#5835451)
      infrequent that we see lawmakers making laws to PROTECT our freedoms rather than remove them

      IMHO this is not a good thing. One of the problems Americans face today is the presence of so many laws reducing explicit or implied freedoms, as you noted. Yet explicitly stating in statute tangible freedoms contradicts the Constitutional notion of preexisting rights fundamental to the human condition. The goal of the Constitution is to recognize freedom, protect it, and limit rights only to the extent necessary to support the common good.

      At first blush you are right, its about time we had freedoms recognized by politicians. But I would much rather see them tear down thousands of bad laws and restrictions, and get a couple of really good, common sense ones in there, and enforce them. I don't want to start to have my freedoms enumerated by a Congress, Court, or Executive.

      P.S. This is all without respect to political affiliation. Wireless, RIAA, M$ monopolies, Guns, Abortion, Environment...all these issues may have different sides, and all need applicable laws, but I am just saying that the laws should not state a freedom and protect it, only restrict abuses contrary to the will of the Constitution, the people, and the common good.
      • Re:Legalize it? (Score:5, Interesting)

        by djembe2k (604598) on Tuesday April 29, 2003 @01:37PM (#5835773)
        I respect your idealized libertarian (quasi-anarchist?) streak here, but it is unrealistic.

        Some background, for those who need it. The first amendment (to take a well-known example) doesn't say "You get the freedom of speech." It says "Congress shall make no law abidging the freedom of speech." In other words, the freedom in question is assumed to pre-exist the Constitution, and the Constitution is just explicitly recognizing it, and declaring it as a limit on governmental power.

        But there's a contradiction built in, because the Bill of Rights still enumerates particular rights, and for a couple of centuries courts have been understandably less willing to protect rights that aren't explicitly enumerated (privacy and substantive due process and the backlash against it being the exception that proves the rule) than those that are.

        Yes, enumerating freedoms can have the effect of implying that we are not free to do anything except what is enumerated. But that's a built-in side effect of the way the Bill of Rights is written. It's even worse since the courts rules that the 14th Amendment "incorporates" much of the Bill of Rights applies to the states. Before the 14th Amendment, it wasn't clear that expressions like "Congress shall make no law" applied to state and local legislative bodies. The Supreme Court used the 14th Amendment to rule that many of the *enumerated* rights in the Bill of Rights now could be enforced as restrictions on state and local legislatures as well. But this explicitly applies only to things enumerated, and even then only the ones the courts have picked and chosen.

        In other words, when you (the previous poster) say "I don't want to start to have my freedoms enumerated by a Congress, Court, or Executive.", I'm saying it is already way, way, way too late. Maybe if that attitude was in place in the 1780's we could have a system that works that way. Of course, with that attitude, we'd still have the Articles of Confederation (which might not be such a bad thing from a small-weak-government-is-good point of view). But we don't.

        Additionally (and then I'll shut up), legislative acts creating or recognizing rights are often absolutely essential to turn the abstract principles listed in the Constitution into specific and applicable rules and regulations with enforcement mechanisms. Parts of the post-Civil War amendments were widely disregarded until Congress passed the Voting Rights Act almost 100 years later. Now there were clear rules explaining what did and didn't constitute disenfranchising somebody, and a way to enforce it. If you were a black citizen in Mississippi, it was the Voting Rights Act and not the 15th Amendment that actually made it possible for you to relatively safely get to the voting booth, cast a ballot, and be confident that it was counted.

        OK, I've gone off topic, but I'll bring it home. Explicitly listing this freedom is a Good Thing. The freedom to use open wireless networks could be seen as competing with the freedom to use your own wireless network without sharing resources with intruders. We need explicit guidance on how to balance these things, and how to enforce the balance we come up with. That's what legislatures are supposed to do with the system we've got, as opposed to the one we might wish we had. That's what they are doing here.

        • Re:Legalize it? (Score:5, Informative)

          by bjschrock (557973) <bschrock @ g m a i l . com> on Tuesday April 29, 2003 @02:38PM (#5836425)
          I just wish everyone would pay more attention to the last two amendments in the Bill of Rights:

          Amendment IX

          The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

          Amendment X

          The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
  • Wait a second... (Score:5, Insightful)

    by b0r1s (170449) on Tuesday April 29, 2003 @12:42PM (#5835200) Homepage
    There are still real moral issues here with whether or not it's actually RIGHT to connect to other people's networks. Just because the networks are not completely secure, you're still not justified in connecting to them, specifically if your reason to connect is to abuse them.

    The law has decent motivation, but it's basically saying "Go ahead and break into wireless networks, because if they're not completely secure, it's not your fault." What happens when people start snooping the traffic, stealing corporate secrets, and then claim that the wireless network wasn't secure, so they can't be responsible?
    • by bluprint (557000) on Tuesday April 29, 2003 @12:48PM (#5835273) Homepage
      I think the point is that the burden of deciding wether a person/company intended for a network to be open shouldn't be placed on the individual, but rather, on the person who set up the network.
      • Re:Wait a second... (Score:5, Informative)

        by b0r1s (170449) on Tuesday April 29, 2003 @01:12PM (#5835524) Homepage
        Here's the text:

        1Computer Related Offenses; Network Security. Amend RSA 638:17, I to read as follows:

        I.
        • (a) A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:

          • (1) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or

          • (2) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or

          • (3) The person reasonably could not have known that his or her access was unauthorized.


        • (b) The owner of a wireless computer network shall be responsible for securing such computer network. It shall be an affirmative defense to a prosecution for unauthorized access to a wireless computer network if the unauthorized access complies with the conditions set forth in subparagraph I(a)(1)-(3).



        So, the way I read it is: the owner is responsible for securing the network, but its legal IF and ONLY IF you were legally granted access, would have been granted access if asked, or had no way of knowing whether or not you were allowed to use the network.

        This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2. The only issue up for debate is 3: would you have known that you were not authorized? I'm sure once this hits court, the party with the better lawyer is going to win.
        • # (1) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or

          # (2) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or

          This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless acc

      • I agree wholeheartedly. There are wireless networks set up all over the place. My laptop has integrated 802.11b, and windows has the habit of automatically connecting to open networks. So, whenever I'm sitting in a coffee shop or wherever and open my laptop to work on something, I don't want the be held liable because some guy didn't configure his network properly. In most cases I don't even know who set up the WAP, let alone whether they intended for others to use it.
    • by Corvaith (538529) on Tuesday April 29, 2003 @12:51PM (#5835310) Homepage
      I don't care whether wardriving is legal or not. I don't do it. I do, however, use my laptop--with its wireless card in, I never bother to remove it, but not with any kind of extra antenna or anything--in the car when riding with other people, occasionally. Windows has on numerous occasions thoughtfully informed me, in the middle of nowhere, that it had connected me to whatever network it happened to find.

      And as long as things are set up so that connecting to the network doesn't involve anything more than just happening to be where that network is, the idea that you could be prosecuted for 'breaking into' their network is a scary one. There's often no 'breaking' involved. If I end up connected to somebody's network, and it required nothing more than a laptop configured for my *usual* wireless access, then no, it's not my fault.

      If you have a wireless network and you're using it to transmit 'corporate secrets', etc, then secure the thing. People who run around purposefully trying to find other people's networks to go online from are a little slimy, maybe, but it's not 'breaking in'. It's complaining that somebody's sitting on the chair you happened to leave on the sidewalk. It may be your private resource, but you've left it sitting in public space with absolutely nothing to indicate that people *shouldn't* sit in it. And the average stranger who does is probably just resting his feet, not sabotaging your property.
    • The law has decent motivation, but it's basically saying "Go ahead and break into wireless networks, because if they're not completely secure, it's not your fault." What happens when people start snooping the traffic, stealing corporate secrets, and then claim that the wireless network wasn't secure, so they can't be responsible?

      Come on, that's like saying that if I'm allowed to enter a business with an open door, then I'm also allowed, by default, to rob the place and give the owner a Dirty Sanchez [g0d.org].

      The l

    • Motivation (Score:3, Interesting)

      by jaaron (551839)
      I think we have to look at motivation here. For example, I just found out that someone in my apartment complex is running an unsecured wireless network. How do I know? Well, I was setting up my wireless PDA and noticed I was connected before setting my WEP keys. Checked the IP's and, yep, most definitely wasn't my wireless network.

      Now, harmlessing stumbling upon someone else's wireless network shouldn't be a crime. I think that's part of the point here. Maliciously using someone else's wireless net
    • NO it does not NOT say any of that.

      All it says is that if you do not make basic efforts to secure the network, then you can not prosecute people for using it.

      This law STILL allows you to prosecute people for using that network for illegal purposes, including stealing corporate secrets that were on that network and snooping the traffic.

      It does have a side effect of making it harder to prove guilt (as merely being caught on the network is no longer a crime), but that is not that severe.

  • by carou (88501) on Tuesday April 29, 2003 @12:42PM (#5835201) Homepage Journal
    Shouldn't this article be on unwired.com?
    • my last month's wired mag came bundled with an extra magazine called 'un wired' (still made by Wired) where they explained everything you can imagine about wireless networking. I thought it was pretty clever... :)
  • Wow (Score:4, Funny)

    by Snowspinner (627098) <philsand@@@ufl...edu> on Tuesday April 29, 2003 @12:42PM (#5835204) Homepage
    The government passing reasonable digital rights legislation?

    Come on, April Fool's was almost a month ago now.
    • by Spunk (83964)
      Forgive my bias (grew up there), but NH generally has a very reasonable government. woot :)
    • by jmccay (70985)
      It's not surprising considering our current Governer is the founder of Cabletron (a technology company). Southern New Hampshire (especially Portsmouth and Nashua) is rich with Technology Companies--along with northern Mass.
  • war driving lessons (Score:4, Informative)

    by ih8apple (607271) on Tuesday April 29, 2003 @12:43PM (#5835210)
    war driving lessons [nwfusion.com]
  • by fobbman (131816) on Tuesday April 29, 2003 @12:43PM (#5835212) Homepage
    ...it seems like you can apparently get most anything passed if you attach the word "War" to it. Even the theft of bandwidth.

  • by phippy (176682) on Tuesday April 29, 2003 @12:43PM (#5835224)
    if it hasn't already, the ability for wireless access point and card manufacturers can further harden (at least within the 802.11x spec) their default configs.

    a law like this can't do any harm, besides the harm that has been done (or is happening) already. it sounds like to me that this is a good thing. raising awareness around network security is always a good thing.

    *well, except when it fosters more fear than actual security
  • by b.foster (543648) on Tuesday April 29, 2003 @12:44PM (#5835231)
    How many people have actually been prosecuted for using an open wireless network without authorization?

    And how many of those people (if any) were malicious hackers?

    Why don't our legislators spend their time protecting innocent people (Skylarov, Felten, Serebryany, etc.) from laws like the DMCA that have been abused, instead of saying "hey, it's legal to wardrive, which nobody has ever been maliciously prosecuted for"?

    • Because there are already constituents that LIKE being able to malicoulsy prosecute for DMCA violations.

      I APPLAUD them for solving the problem BEFORE it becomes important, and thereby stopping our enemies before they become strong enough to attack our freedoms.

  • I've set up a little Wireless LAN at home, wifey's laptop plus the PS2, Linksys, and it seems like I have to put in the an identifier for the...workgroup? Something, I forget the technical word, but I changed it from the default "Linksys" to something specific to my house...and I had to make sure everything that was connecting to the Router used the same ID.

    So, setting aside that there are probably tons of home Wifi installs that still use "Linksys", and assuming lots of people don't use the encryption tha
    • The SSID is no protection, because you can use "any" as the ssid and you will get on most non-encrypted WiFi networks. And you'd be surprised at the amount of them not protected (around 75% in my area)
    • Answers:
      • The identifier you are referring to is the SSID (Service Set Identifier).
      • wardriving programs operate by putting the wlan card into promiscuous mode and sniffing all the wireless traffic passing through the air. I beleive that they also send out probes for SSIDs.
      • If you are not using WEP (Wired Equivalent Privacy), then everything transmitted is cleartext. However, WEP has been proven insecure, and should not be relied on for any sensitive data.

      And yes, there are alot of Linksys default SSIDs

    • Unless you specifically disable it on the Linksys, your SSID (which you mention was "Linksys") is broadcasted. Anyone with a wireless card and the right software (which WinXP includes) can see the SSID of your home WiFi LAN. The Linksys also has 2 options for WEP encryption, disabled or manditory (at least for the version 2 WiFi Access Point, which I use). If its disabled, then all traffic sent across your WiFi LAN is plain-text, in the clear (unless you are using some encrypted protocols above the WiFi lay
      • Huh. On the one hand, since my 'Net seems to be unmetered, I wouldn't mind sharing. But I'm not crazy about the eavesdropping idea; yeah, I know we're all sending "postcards" when we connect anyway that anyone in between can see, but this makes it too easy for a would be badguy (not that we're doing would be of that kind of general interest, but still) It's too bad there's no mode for "encrypt, but only w/ Public Keys" ala SSL.

        On the other hand, unless maybe you were bringing a laptop to the playground acr
  • You mean... (Score:5, Funny)

    by Faust7 (314817) on Tuesday April 29, 2003 @12:45PM (#5835241) Homepage
    "That was your network I had Kazaa, WinMX, and Grokster running full-steam 24/7 on? I had no idea, honest. Hey, OW."
  • by eGabriel (5707) on Tuesday April 29, 2003 @12:45PM (#5835249) Homepage
    I don't recall the wording, but doesn't most of this equipment carry a message from the FCC that says that the device must accept any interference from other devices?

    Maybe it's a bit backward, but I think that can justify your having picked up the signal; you were just accepting interference...
  • by jetsaredim (569308) on Tuesday April 29, 2003 @12:47PM (#5835267)
    The area alone the border between MA and NH is quite built up with tech firms (HP, Oracle, RedHat, etc...) - wonder if they'll be cracking down on their wireless networks? Also, what happens to someone in NH who grabs some bandwidth from MA or vice-versa?
  • by ewanrg (446949) <<ewan.grantham> <at> <gmail.com>> on Tuesday April 29, 2003 @12:48PM (#5835280) Homepage
    I'm all for having reasonable laws for reasonable people. And this one seems to have it's heart in the right place.

    However, if you have the ability to use someone's network "accidentally" how do you distinguish someone who is using a lot of bandwidth for an innocuous reason from someone using a little bandwidth for a protective screen? I seem to recall reading an article about SPAMmers using open links to anonymously go through SMTP sites to further propogate their "stuff"...

    And if the company is running Windows and has shared network resources, where does my 100 page accidental printing land on the scale of things?

    I agree that you don't want to arrest someone for browsing through "linkedsys" when they meant "linksys" (or picking up the wrong "linksys" which is probably even more likely). But I'm not sure this is the answer.

    FWIW,
    Ewan

    • If the network people have those concerns, then they have the responsibility to PROTECT their system against it.

      All this laws does is say: "If you leave your doors wide open, you have no right to complain if some someone comes into your house to get out of the rain."

      The law does not in any way make it legal for you to spam/print from their network, just as the above statement would not let people take stuff out of your house just because you left your door open.

      • An interesting argument.

        In other news its also my responsibility to make sure I'm wearing a flak jacket to protect my personal system from someone discharging a lawfully held firearm in a public place when I visit the US.

        Leaving my car unlocked might be regarded as reckless - and might invalidate my insurance under a duty of care clause. But its still theft if you open the door and drive away in it.

        And actually there are laws in most legislations to stop you walking in to someone's house - I'd start look
        • The old "House Breaking" analogy is horrible here.

          Hate to say the analogy of choice is the old "Information Superhighway". If you're driving along and get lost or take an unfamiliar turn...If the road isn't marked Closed then it isn't closed. There is no way to tell a Private Driveway apart from a side street unless it's marked. Same with networks.

          With a ubiquity of connections sprouting everywhere, all different, we need to drop that house analogy yesterday. The highway analogy is much better, es
        • No.

          Part of the problem is you fail to admit that there is a LEGAL and requested "war-driving" going on. (If you live in NYC, I know that Chelsea Market advertises the fact that they offer a free network for people to log in - I heard about it and I do not even own a network card for my computer). Shooting people is NEVER legal.

          Try again but remember that PUBLIC minded groups are intentionally leaving networks open and WANT you to use it.

          The TRUE analogy is NOT someone that is leaving their cars onlo

    • You don't distinguish.

      If you don't secure your wireless network, then people can use it. If you don't want people using your wireless network then it's your problem to secure it.

      I would assume that something like WEP would be good enough to satisfy the bill. Since, although it is a broken security system, you can't accidently stumble into it the way you can with an open wireless network. Heck set the WEP key to your company name and legitimate users (and real crackers) won't be inconvienced at all, but pd
  • What about road rage? :)
  • I do a bit of wardriving myself.

    I think that if anything, the biggest kicks I get out of wardriving is generating maps [crackrock.org] of my results.

    (I do like plugging my map - shameless self promotion I guess)

    While I never connect to networks, it would be nice to know that if I ever did need to access one that I wouldn't have to worry about going to jail over it. Props to the government on this one.
  • If you are driving around LOOKING for wireless networks with poor security to exploit that is not the innocent stumbling upon open wireless networks.
    • I disagree. Wardriving is more like one of those police / fire band scanners (to me at least). It's just neat to see what netorks are around, what people are naming them, whatever. It's hard to explain.

      Plus, passive stumblers like kismet never connect to the networks in question. You are never really 'on' the network unless you choose to do so. That, I agree, is potentially immoral. But what if I have my windoze box set to SSID "any" and I connect to one of these, with 0 reconfiguration of my client

  • I love my NH (Score:4, Insightful)

    by Tevye (551399) on Tuesday April 29, 2003 @01:00PM (#5835395) Homepage
    A others have mentioned, NH is a nice place to live. No state income tax, no sales tax.. It is a nice place to be.

    I'm seeing a lot of "the idea is good but...", but I do think it's a good idea. I read the analogy of walking into someone's house if it's unlocked and taking their food, etc, but I don't think that's the right analogy.

    A better one, (which also applies in NH) is that if you're hunting in the woods, you can't be prosecuted for trespassing unless it posted "No Trespassing" or the owner comes along and tells you to leave. This keeps people who are in the woods and might not have a convenient parcel map from the town from being prosecuted because they wandered into an adjacent lot. Do note that this is not the same as walking into land that is expected to be private, i.e. a house or an office building (during non-business hours).

    Just my input.
    Live Free Or Die.
    • Of course the same logic allows the government to set precedent for sniffing out unsecure networks just about everywhere, since it leaves the burden onto the owner. How secure is secure "enough" when its possibly your privacy that's concerned? While it may make a certain sense that "if you're not encrypted, you're wide open", I'd rather not set any sort of legal justification for the government to start data mining ANY sort of private network. This might not be the case here, but attaching a legalism to the
  • by yack0 (2832) <keimelNO@SPAMgmail.com> on Tuesday April 29, 2003 @01:03PM (#5835425) Homepage
    I'll summarize it again as I have in other forums.

    - My laptop sees a signal and requests access to the network by asking for a DHCP address.
    - Access point sees my request and GRANTS me a lease on an IP address with which I can access their network
    - I surf using the network
    - I leave.

    I asked, they said YES. They could have easily denied me, but they invited me into the network when I asked if I could. There are SO MANY different ways to keep people out, that owners of AP's just have to do something to secure themselves. Shame on them if they fail to do that.

  • Little-known fact: Manchester, New Hampshire, has the distinction of owning the longest street in the world that is capped at both ends by dead-ends. Main St. So sayeth Guiness. No joke.

    A lot of people immediately ask "well how the hell do you get on or off of it then?" It has streets coming off it, but both ends are dead-ends.

    How is that for a useless bit of info?
  • A state that believes that ppl should be responsible for their own actions. I though that it went out of fashion over the last 23 year.
  • How long will it be until it's overturned?
  • by iabervon (1971) on Tuesday April 29, 2003 @01:08PM (#5835470) Homepage Journal
    It seems to me that this change essentially says that any network which isn't secured in any way is to be considered a public network; that is, if you find a network not using WEP or anything, you should assume that it was intentionally left open as a public resource (like people have started doing). I doubt that the defense provided for this behavior would apply to a network using even a small WEP key, though. Even if you sniff the key, it seems unlikely that you could then claim that the network's owner meant you to have the key. So, while people do have to secure their networks, they don't have to secure them particularly effectively; just well enough to block your defense.

    What this law means is that, if you don't want people to use your wireless network, you have to use some sort of technological measure to let them know to stay out. This makes a lot of sense, because there's no way to find out that someone does want you to use their network.
  • by SCHecklerX (229973) <thecaptain@captaincodo.net> on Tuesday April 29, 2003 @01:09PM (#5835484) Homepage
    These will ensure that casual passers-by do not 'break in' to your network. It also makes it so that someone who does want to break in, has to do so much work to do so that it simply isn't worth their time:
    1. Of course, use a vpn client and gateway, if feasible. This is probably more trouble than it is worth for your home network, but should be standard practice at a corporate network.
    2. Just because you are using IPSec, don't think that WEP is useless. Use it! It is a deterrent, and also a strong signal to an intruder that no, this is NOT a public node.
    3. Enable WEP. 128 bit if possible.
    4. Disable broadcast of SSID. This pretty much kills the windoze stumbler, but kismet will still note that you are there, and will remember the SSID if you had broadcasted it in the past.
    5. Use a non-dictionary, non-identifying word for your SSID. Most places I've stumbled, you'd be amazed at the number of SSID's that are street names, addresses, building names, business names, etc.
    6. Use HEX wep keys, not ascii, and ensure that they are truly random.
    7. Mac filtering, if using the above, is pretty much useless. It is good, however, for keeping your own employees, who might know a WEP key and SSID, off of the network until you have time to change the parameters. A real attacker will simply sniff for a good MAC address, and then use it.
    8. If in a corporate environment and using a multiuser OS for your end users, don't give them the ability to see/modify their wireless settings.
    9. If possible, cycle your WEP keys. This is probably the biggest problem with WEP, the inability to centrally manage keys or have them automatically change over time.
  • "A big article on Wired.com talks about the new House Bill 495 that would legalize the innocent stumbling upon open wireless networks."

    What about deliberate and intentional intrusions? I can understand how people can accidentally connect to a different network than they intended, but wardriving doesn't even come close.

  • by Cereal Box (4286) on Tuesday April 29, 2003 @01:16PM (#5835559)
    It seems that with every article posted on Slashdot I get a better picture of the lack of morals possessed by the average Slashdot reader.

    They see no harm in taking goods and services that they did not pay for and are therefore not entitled to.

    Now they see no problem with hijacking bandwidth someone else paid good money for simply because it's available over the airwaves and unsecured? Tell you what: let me know where you live so I can help myself to your water, electricity, and internet access if your door happens to be unlocked. It's not my fault if I sneak in, you were too stupid to secure your house!

    Also, I don't really buy the whole "this is good, now we'll see some better security" argument. Right. You're telling me you'd like nothing better than to see ALL wireless networks secured so you can't go joyriding and stealing bandwidth? Right. A Slashdotter who doesn't want to get a free ride. Next thing you know you guys will be telling me that you'd be in favor of a foolproof scheme that protects your fair use rights for music and movies but prevents you from sharing with millions of random people.

    This is really sad when you think about it. The prevailing morality among young people seems to be "screw everyone else, if it's not bolted down I'm taking it!" There used to be a time in this country when you could leave your doors unlocked because people were decent enough to respect each other's property. Not anymore, I guess.
  • by OwnerOfWhinyCat (654476) * on Tuesday April 29, 2003 @01:21PM (#5835602)
    <IDMTGOOARH [I don't mean to go off on a rant here]>

    Brian McWilliams obviously thinks this is a bad law, and he has slanted his article accordingly. I'd have thought Wired's editors would have caught this sort of thing.

    First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance even though he finds the space to define WEP. Makes it sound a bit aggressive, and not by accident.

    New Hampshire's existing statute says it is a crime to knowingly access any computer network without authorization. By analogy, just because someone leaves his house unlocked doesn't mean you are authorized to walk inside, sit on the couch or help yourself to the contents of the fridge. But HB 495 turns that thinking upside down, experts said.

    No, it doesn't, and if you new the first damned thing about this technology you would never repeat what your (unverified) experts have told you. Walking into someone's open house and helping yourself to the contents of their fridge, is trespassing and stealing, and in showing such low regard for their personal space it becomes reasonable for them to wonder if your are a threat to safety and bodily harm. We're not talking a simple risk of data here.

    What's more, if an alleged intruder can prove he gained access to an insecure wireless network believing it was intended to be open, the defendant may be able to get off the hook using an "affirmative defense" provision of the existing law.

    That's not "getting off the hook." That's having committed no crime in the first place.

    And here we are pandering to the fears of the masses again:

    A 10-minute war drive down the main business district of Manchester earlier this month using a laptop with a standard wireless card revealed nearly two dozen open wireless access points, including some operated by banks and other businesses.

    To the sadly un-geek of the world this suggests that NH is passing a law that makes it legal for hackers to hack your bank accounts. Clearly untrue, clearly flamebait.

    And in closing he reminds everyone that the committee is, "...still open to arguments from anyone."

    And closes with, "We want to be sure that it wasn't the case that, through trying to protect people under certain circumstances, we were opening up greater opportunity for criminal activity," said Peterson.

    If Brian had wanted a decent analogy to explain WAR driving he could have used the following: It's like passing a law that claims it is legal for someone walking by on the sidewalk to let their dog drink from your sprinklers. Technically their dog is trespassing, and technically it's your water it's drinking, and technically it's allowing strangers to loiter near your house where they might become more aware of your houses security vulnerabilities. But as the lawmakers might have said themselves, "let's just get reasonable"

    I like the pretty pictures in Wired, but I cannot renew my subscription in good conscience as the folks in NH are making a rare stand for reasonable behavior and a technology magazine is issuing flaimbait articles in response.

    So Brian, if you're walking by my house with your wireless card in the sleeve of your IPAQ, feel free to check your e-mail and grab some headlines from /. If while you're doing this, your dog drinks from my sprinklers s/he is welcome to all s/he can drink. If you come into my house and steal my food I will offer you a 230 grain explanation of the difference between these activities at about 900 feet per second. Just so ya know </IDMTGOOARH>
    • First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance even though he finds the space to define WEP. Makes it sound a bit aggressive, and not by accident.

      My understanding was that the two terms are derived from the practice of "war dialing", which got its' name from the movie "Wargames". After all, they aren't all that different -- the blind search for previously unknown computer networks -- its' just that one search occurs in a "virtual space"

    • First off he refers to "war driving" and "war chalking" without ever once spelling out Wireless Access Reconnaissance...

      Maybe because not everyone thinks WAR is an acronym?

      My understanding is that war-driving is a play on war-dialing and your acronoym sounds like something made up after the fact.
  • by AllMightyPaul (553038) on Tuesday April 29, 2003 @01:32PM (#5835706)
    I see lots of comments here about how this law protects innocent connectivity and how war driving isn't innocent. That is incorrect by itself.

    War driving is going around looking for open networks to connect to and use. The person war driving isn't necessarily connecting to be malicious and this bill (that isn't law yet) wouldn't legalize malicious connections. However, what it specifically does is designate open wireless networks as networks that you can connect to without getting in trouble. As one person said, it's like the "No Trespassing" sign. If it's there, you have to follow it, but if it's not, you're allowed to walk onto the property (for the most part, there are exceptions).

    War-driving isn't malicious. You're just looking for open networks, which this proposed law will protect. Once you're on the network, you're still subject to laws regarding spam and cracking and all those other things that are already illegal.
  • by JDizzy (85499) on Tuesday April 29, 2003 @01:46PM (#5835883) Homepage Journal
    The article seems to shed a positive light on the NH law proposal, which places the burden of network security on the operator, and the negligence for not securing the Access-Point if they get h@x0r3d. That makes a lot of sense because it not my fault that when I walk down the street and your Access point is bombarding me with your signal. I cannot help but to receive the signal if its there. The analogy is walking around at high-noon and being subjected to sunlight, because I cannot help this unless I burden myself to apply a coating of sun-screen. That sun-screen lotion is the wireless equivalent of a firewall but the major difference is that the sun screen is there for my optional protection. It not my burden to protect myself from your spewing of wireless packets since they do not cause me harm.

    The wireless protocol stands for themselves, and in a court of law they would be easy to examine line by line until the judge/jury is brain dead from the tech-jargon. Not to mention the various accredited folks who can demonstrate with freely available software that WEP is more of an annoyance. MAC based filtering is weak since it is possible to spoof the mac address with most 802.11b hardware drivers. Simply bombard the AP until the ARP table refreshes with you mac as the end point that *should* be getting the traffic. The solution most folks I know use is a hybrid of various methods. One way is to make each wireless node use VPN to the router behind the AP, and use WEP (as an annoyance) on the ether. Disabling the 802.11 beacon is the first thing that should be done, else it your fault for advertising the existence of your wireless network in the first place. As I mention before, MAC filtering helps as an annoyance to would-be-infiltrators. Finally, rename your SID to anything except "WIRELESS" as many folks get on by simply looking for the default SID.

    This is my advice, as a war-driver, I know all the tricks. Enjoy! ;)
  • by serialdj (593159) on Tuesday April 29, 2003 @01:47PM (#5835891)
    If someone installs a Wireless Access Point in their house and then doesn't properly secure it from someone accessing it, it is their own fault. If you left your house unlocked and went away on vacation, whos fault is it that your house got broken in? If you don't take the proper precautions and secure your network yourself, then you only have yourself to blame if someone willfully access your systems and uses them for their own purposes. I have no empathy for people who invest in this technology, but do no invest in the security that is required to protect yourself. The information is provided by the vendors for a reason, and it is the home users choice wether or not to use it. If someone has questions on how to do something, there is always someone, or something willing to answer those questions. NH has drawn a line in the sand and has sided with those who use wardriving for one reason or another, wether it be malicious intent, or like myself who is interested in seeing the spread of this technology, and how well of a grasp people have on its security technologies built in.
  • A use for WEP! (Score:3, Insightful)

    by mlush (620447) on Tuesday April 29, 2003 @01:59PM (#5836020)

    By turning on WEP one would be clearly signalling that the network was not for public use...

  • Bad Analogies (Score:4, Insightful)

    by esampson (223745) on Tuesday April 29, 2003 @02:26PM (#5836298) Homepage
    Lots of people are comparing this to making it legal for someone to come into an unlocked house and eat the food.

    That's a bad analogy. Why? Because there is a widely growing movement of setting up open networks that anyone can connect to. There's no widespread movement to leave homes unlocked and free food in the kitchen.

    This bill doesn't give people the right to break WEP encryption or spoof MAC filtering. They probably couldn't even use it for defense if the SSID had the word 'Private' or something similar in it. The bill simply recognizes the growth of free connections and tells people that if they don't want to be mistaken for a free connection then it's their responsibility to do something about it.
    • Re:Bad Analogies (Score:3, Insightful)

      by Larthallor (623891)
      A better analogy is if someone set up a big screen TV outside where people on the street can see it. If you want to prevent people from seeing the TV, you need to set up some kind of privacy shield to prevent them from seeing it.

      If you don't do this, then you are tacitly agreeing to allow passersby to view the content. However, if you do set up some kind of privacy (bushes, a fence), then you may become upset at people that purposely attempt to circumvent your security.

      I believe that this more close

You are in a maze of UUCP connections, all alike.

Working...