Using other's unsecured wireless

[BlackHatHunter]

I am a newbie, but figured it would be best to post this under 'wireless security' rather then 'newbie security questions'. I looked through several other posts and tutorials and didn't find all the answers to my questions:

I recently got a laptop with wireless capability. At my house and throughout town there are several usecured wireless connections. I have dial-up at home and all of these connections are high-speed.
-Is it illegal to use there wireless connection?
-What are the security risks?
-My school provides wireless access also. Are there the same risks using it as there are using someone's personal wireless connection?

Some in the area are secured but I figure those that are unsecured are just people that took their wireless router out of the box, plugged it in, it started working so they never configured or put any security measures in place. If they didn't bother to secure thier connection is it there own fault, so I should have a free-for-all (or is that screwed-up to think that way). I read how crackers will setup Hotspotter or Karma to act as a rogue access point just so they can sniff your traffic (IronGeek). What's the likelyhood of that?

This is getting long so I'll shut-up now. But any help would be greatly appreciated.

Thanks in advance,

BlackHatHunter

[phishphreek]

Not sure if it is illegal... but would I use it? Yes.

Is it ethical? Maybe. Maybe not. If you're getting rid of your own internet connection to leech someone elses, maybe its not ethical.

If you're using that just temporarily while away on business, or out shopping to access misc. resources... why not? I do it to access my home network. But, again... I do pay for my own connection.

It is not secure, and how are you supposed to know if they put it out for public use or not. They probably don't have any warning (banner) on them and you are requesting to use it before you do use it and they grant it to you.

Sometimes your devices will connect to APs without you even knowing. I turned on my pocket pc last night and realized that it had reassociated me with an open access point in the area. I didn't want to do that... it did it for me.

Just keep in mind... since it is not secured or encrypted, anyone within range can sniff the traffic.

I personally only use open APs to VPN into my home connection where I know my traffic can't be sniffed by the public. I'm still at risk of sniffing from my ISP or big brother.

[BlackHatHunter]

Thanks Phish. Good points.

If I go to secure (https) sites for gmail, shopping, online banking, et cetera, isn't my traffic pretty secure?

I figure I can keep my dial-up for normal use but use other's high-speed connections for big downloads and gaming.

Does anyone else have any thoughts on the legality or risks of this?

[brokencrow]

Surfing unsecured wireless connections is, I believe, legally something
of a 'gray' area. Many wireless cards are config'ed to automatically
join those networks, so I'm guessing you could always plead ignorance
(at least one time anyway).

I used to trust these kinds of wireless connections, but no longer.
Secure sites using https logins may or may not be decryptable, but
if you've got the same login names and passwords for both secure
and unsecured logins, it wouldn't take a genius with a sniffer to reverse
engineer a login or two (just a script kiddie?). I've got a server I
vpn into for surfing hotspots anymore.

He-heh, I've hacked around too many of those free wifi hotspots to ever entirely trust them again.

[BlackHatHunter]

Yeah, I'm not sure how ethical it is to do it either.

Anymore expert opinions would be appreciated.

Thanks.

[fourdc]

I'm going to stretch an ethical viewpoint.

A while ago, an electrical engineer managed to get shocked installing a clothesline at his house. He discovered that he had received EMF from some high tension wires that were near his house. He built a homebrew transformer and captured the EMF and powered his house.

The power company sued, he countersued saying the power company's EMF was trespassing on his property and he had every right to use it. He prevailed in court.

If someone doesnt want you to use their "net", they should secure it, period. It's not as if your hunting down an access point, you just turned on your computer. Their network has invaded your space.

I'm not much of a scientist/doctor but what if there is some relevance to the claims that all of this wireless electrical noise is bad for us?

Of course your security is not guaranteed on their net.

[SirDice]

If you live in Holland, it'll be illegal.

They recently changed the laws.. You don't have to circumvent any security now.. Being on a network without permission would do.. Which means unsecured wireless networks are off-limits..

[Spyrus]

Noone here is authorized to give you any type of legal advice. Phishy is just giving you his opinion on it. I wouldnt worry about it but there is always an off chance that something could happen...

It is just a risk for you to take. no open shares, disabling your guest account, setting an administrator password if you are in XP home (doesnt by default), using up to date patches and AV. A software firewall will help protect your PC but remember anything you do on the net *could* be sniffed and watched. That is why it is recommended to use a VPN, in your situation you dont have hispeed so you probably dont have it.

[cabby80]

Not sure about what most people's internet access is like in the states but I still have a download limit.

If you were to connect to someones AP and use up some or all of their download limit would that be stealing? They have paid for the downloads and you are effectively taking it away without their permission?

I don't know the legal answer, and I doubt it has been tested but I could see some lawyer trying it.

From your perspective though, if the user doesn't know enough to secure the AP they are probably not going to know enough to detect you using it.

[nihil]

OK this is a United Kingdom viewpoint, but when it comes to the law I guess it is the same in many other places.

Intent is the key.............if you inadertently use someone else's resources bcause they are unsecured and have a stronger capability, that would be allowed.

There are some local free hotspots as well. This is a small town (pop. 32,000) so you have two libraries, the bus station, train station, council offices and several hotels...............all intentionally free....... and advertised as such by the local Tourist Board (another one there)

If you deliberately use someone else's private resources that they are paying for, then you would be breaking some sort of law in most locations IMHO. However, I believe that some sort of material loss would have to be proven.............or you would just get some sortof reprimand rather than a punishment.

Just a viewpoint from over here......