Using other's unsecured wireless
Page 1 of 6 123 ... LastLast
Results 1 to 10 of 57

Thread: Using other's unsecured wireless

  1. #1
    Member
    Join Date
    Aug 2005
    Posts
    62

    Using other's unsecured wireless

    I am a newbie, but figured it would be best to post this under 'wireless security' rather then 'newbie security questions'. I looked through several other posts and tutorials and didn't find all the answers to my questions:

    I recently got a laptop with wireless capability. At my house and throughout town there are several usecured wireless connections. I have dial-up at home and all of these connections are high-speed.
    -Is it illegal to use there wireless connection?
    -What are the security risks?
    -My school provides wireless access also. Are there the same risks using it as there are using someone's personal wireless connection?

    Some in the area are secured but I figure those that are unsecured are just people that took their wireless router out of the box, plugged it in, it started working so they never configured or put any security measures in place. If they didn't bother to secure thier connection is it there own fault, so I should have a free-for-all (or is that screwed-up to think that way). I read how crackers will setup Hotspotter or Karma to act as a rogue access point just so they can sniff your traffic (IronGeek). What's the likelyhood of that?

    This is getting long so I'll shut-up now. But any help would be greatly appreciated.

    Thanks in advance,

    BlackHatHunter

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Not sure if it is illegal... but would I use it? Yes.

    Is it ethical? Maybe. Maybe not. If you're getting rid of your own internet connection to leech someone elses, maybe its not ethical.

    If you're using that just temporarily while away on business, or out shopping to access misc. resources... why not? I do it to access my home network. But, again... I do pay for my own connection.

    It is not secure, and how are you supposed to know if they put it out for public use or not. They probably don't have any warning (banner) on them and you are requesting to use it before you do use it and they grant it to you.

    Sometimes your devices will connect to APs without you even knowing. I turned on my pocket pc last night and realized that it had reassociated me with an open access point in the area. I didn't want to do that... it did it for me.

    Just keep in mind... since it is not secured or encrypted, anyone within range can sniff the traffic.

    I personally only use open APs to VPN into my home connection where I know my traffic can't be sniffed by the public. I'm still at risk of sniffing from my ISP or big brother.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Member
    Join Date
    Aug 2005
    Posts
    62
    Thanks Phish. Good points.

    If I go to secure (https) sites for gmail, shopping, online banking, et cetera, isn't my traffic pretty secure?

    I figure I can keep my dial-up for normal use but use other's high-speed connections for big downloads and gaming.

    Does anyone else have any thoughts on the legality or risks of this?

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Surfing unsecured wireless connections is, I believe, legally something
    of a 'gray' area. Many wireless cards are config'ed to automatically
    join those networks, so I'm guessing you could always plead ignorance
    (at least one time anyway).

    I used to trust these kinds of wireless connections, but no longer.
    Secure sites using https logins may or may not be decryptable, but
    if you've got the same login names and passwords for both secure
    and unsecured logins, it wouldn't take a genius with a sniffer to reverse
    engineer a login or two (just a script kiddie?). I've got a server I
    vpn into for surfing hotspots anymore.

    He-heh, I've hacked around too many of those free wifi hotspots to ever entirely trust them again.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Member
    Join Date
    Aug 2005
    Posts
    62
    Yeah, I'm not sure how ethical it is to do it either.

    Anymore expert opinions would be appreciated.

    Thanks.

  6. #6
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    I'm going to stretch an ethical viewpoint.

    A while ago, an electrical engineer managed to get shocked installing a clothesline at his house. He discovered that he had received EMF from some high tension wires that were near his house. He built a homebrew transformer and captured the EMF and powered his house.

    The power company sued, he countersued saying the power company's EMF was trespassing on his property and he had every right to use it. He prevailed in court.

    If someone doesnt want you to use their "net", they should secure it, period. It's not as if your hunting down an access point, you just turned on your computer. Their network has invaded your space.

    I'm not much of a scientist/doctor but what if there is some relevance to the claims that all of this wireless electrical noise is bad for us?

    Of course your security is not guaranteed on their net.
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Ethical or not, goin' to court is a bummer. There's so many laws anymore (federal, state, local), no telling what's legal or not until it's in front of a judge.

    http://www.infoworld.com/article/05/...iarrest_1.html
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    If you live in Holland, it'll be illegal.

    They recently changed the laws.. You don't have to circumvent any security now.. Being on a network without permission would do.. Which means unsecured wireless networks are off-limits..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Quote Originally Posted by brokencrow
    Ethical or not, goin' to court is a bummer. There's so many laws anymore (federal, state, local), no telling what's legal or not until it's in front of a judge.

    http://www.infoworld.com/article/05/...iarrest_1.html
    The state law under which Smith was charged prohibits accessing a computer or network knowingly, willfully and without authorization. Kajtsa said it's the first time anyone has been arrested in St. Petersburg for using someone else's Wi-Fi.
    That troubles me. The router was setup as "open" authentication. His laptop requested "permission" to use the AP, the the AP gave him authorization.

    The owner setup the AP that way. The router was authorizing the user on behalf of the owner. If the owner didn't want someone else using the AP, they should have set it up to require some UID/PW (radius) or required the user have the correct MAC address and key.

    Unless of course we don't get the whole story here. Maybe the guy did break into the AP... but I doubt it. There are so many APs out there that I wouldn't even bother.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Member
    Join Date
    Aug 2005
    Posts
    62
    So it looks like I don't REALLY need to worry about prosecution if I use other people's APs to surf the web, right? ... in USA

    Is it just a matter of the risk I'm willing to take? Anyway to mitigate those risks (other then just not using it)? Have no file sharing, patches, AV & local firewall I suppose. Anything else?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •