NY Case Underscores Wi-Fi Privacy Dangers

Tue Apr 26 09:05:20 MST 2011

If someone steals my car and runs someone over, am I liable?  I'm not buying
this behavior as acceptable.  Our networks are not truly secure, and should
never be considered anything more than circumstantial evidence.  Demanding
turnover of computers, I find acceptable.  The home invasion I do not.  Of
course, if the networks are that open, I'm guessing any half-competent
security person could get on said computers remotely and get real evidence.

On Tue, Apr 26, 2011 at 8:53 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:

>
>
> On Mon, Apr 25, 2011 at 9:18 PM, keith smith <klsmith2020 at yahoo.com>wrote:
>
>> Thought this might be interesting to some.
>>
>> Lying on his family room floor with assault weapons trained on him, shouts
>> of "pedophile!" and "pornographer!" stinging like his fresh cuts and
>> bruises, the Buffalo homeowner didn't need long to figure out the reason for
>> the early morning wake-up call from a swarm of federal agents.
>>
>> http://abcnews.go.com/US/wireStory?id=13448808
>>
>
> OMG, yea howdy!
>
> We are responsible for our networks!
>
> Course, most of us can get into WEP and WPA/WPA2 trivially, so unless you
> have a Radius Server (which most WiFi routers will happily work with)
> running Enterprise WPA2, you are still "at risk" of network encroachment.
>
> While WEP/WPA/WPA2 constitutes "reasonable protection", it does not protect
> you.  Anyone on a shared network owns you completely, with the ability to
> use SSLStrip to even get your https logins and passwords.
>
> BUT IS THIS CRIMINAL?
>
> If so, most of the "adminstrator-less" Internet Startups running insecure
> Websites are criminal?
>
> Technical Security HowTo Proof of Concept References:
>
>
> http://www.eastmobiles.com/index.php?option=com_content&view=article&catid=27:wi-fi&id=106:wpa2-key-hack-nvidia
>
> http://blogs.pcmag.com/securitywatch/2010/07/spoofing_hack_against_wpa2_rev.php
> http://www.youtube.com/watch?v=r9x2e32voZY
> http://www.securitytube.net/video/193
>
>>
>> ------------------------
>> Keith Smith
>>
>
>
>
> --
> (503) 754-4452 iPhone
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
>
>  http://www.it-clowns.com
>
> "It took me many years but I have gained access to the root account and
> have removed the user God."   -Saros
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

-- 
James McPhee
jmcphe at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110426/4b427848/attachment.html>