In article <i897s2-b56.ln1@news.kempston.net>, Mike Mann
<mike@kempston.net> writes
>Richard Clayton <richard@highwayman.com> wrote:
>> almost all[*] UK ISPs can map IP addresses to accounts -- for if not
>> they would be unable to disconnect spammers, insecure end user systems,
>> virus infected machines etc. Failure to cope with abuse is not a
>> recipe for a fruitful peering relationship with others.
>>
>>[*] I currently know of none that specifically cannot, but doubtless
>> some are less competent than others :(
>
>Some of those ISPs who provide PAYG dialup access, funded entirely from
>per-minute telephone charges, cannot map customers to accounts because
>there are no accounts.
I would put it that the "account" maps directly to/from the CLI...
>The most they can do is to map an IP address to
>a telephone number and often have the means to block access from
>particular telephone numbers in the event of abuse.
.... yes indeed. Such systems generally insist on CLI (or are run by a
telco that can access SS7 information). For if not they cannot prevent
ongoing abuse; and that is tantamount to commercial suicide :(
that said, there have been ISPs in the past who failed this clue test,
but I expect they've addressed the issue by now :)
>But they cannot, in
>general, map the telephone number or the activity to a named person.
If they are a large telco they may well be able to :) but I agree with
your general point, that data from another entity would be needed to
trace the connection to its originating point.
Of course if that originating point was a PAYG mobile then even more
logs would need to be consulted to form a view as to its ownership.
--
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
> So, if I put my car key into your car, and it unlocks, then I can take
> it as your permission for me to drive it away?
No. But I would expect you to maintain your car in a roadworthy
condition and drive it in a safe manner. The same way as (more on
topic) I would expect you to maintain and operate your TV and other
electronic equipment such that it does not cause excessive radio
interference and get it fixed if it does. Even though you may know
nothing about electronics or car mechanics, you are still liable if
your electronic equipment causes radio interference or if a fault in
your car causes an accident. Or, again in the realm of cars, I am sure
that an excuse of "that is how the lights behaved when I switched them
on" would not be acceptable to either the police officer who stops you
for inappropriate use of dipped/full beam headlights nor to the
magistrates when charged with driving without due care and attention
(or whatever the charge might be).
If I might use yet another analogy. If a drinks vending machine were
to come set by default to 'free vend' and the owner placed the machine
in an area open to the public without changing it from 'free vend', I
do not think they would have any cause for complaint when they
returned and discovered that nobody had paid for the drinks. Similarly
with a wireless router, or other complex piece of equipment, if the
default configuration is not what the owner requires, then it should
be changed. Whether or not the configuration is changed, the state it
is in *should* be able to be taken as being the owner's intention.
On Wed, 03 Aug 2005 16:23:17 GMT, SMS in message
<news:Vb6Ie.7226$p%3.34229@typhoon.sonic.net> wrote:
> Alex Heney wrote:
>
>> There are many cities where the police would advise you not to go into
>> certain areas alone after dark. If you do so, then you are not being
>> sufficiently careful, and the police would rightly be annoyed with you when
>> you got mugged.
>>
>> But that still doesn't mean that the gang who mug you are right.
>
> Yet another bad analogy.
Just because they don't show what you would like them to show, does not
make them bad analogies.
And nor does just saying "another bad analogy". Explain *why* if you think
it is a bad one.
--
Alex Heney
Global Villager
Friends help you move. Real friends help you move bodies.
To reply by email, my address is alexATheneyDOTPLUSDOTcom
On Wed, 03 Aug 2005 16:24:19 GMT, SMS in message
<news:Tc6Ie.7228$p%3.34149@typhoon.sonic.net> wrote:
> Alex Heney wrote:
>> On Wed, 03 Aug 2005 13:04:40 GMT, SMS in message
>> <news:Ih3Ie.7202$p%3.34124@typhoon.sonic.net> wrote:
>>
>>>Roderick Stewart wrote:
>>>
>>>>Why on earth should it be
>>>>assumed that something of mine is available for anybody to use, simply
>>>>because it isn't a tangible object like a house or a car with locked doors?
>>>
>>>Because you are making it available for anyone to use, and advertising
>>>its availibilty.
>>
>> He is doing neither.
>>
>> If I leave my bicycle leaning against my front gate, does that mean it is
>> OK for you to just borrow it without asking?
>
> Yet another bad analogy that is irrelevant.
In what way?
Apart from being perfectly relevant, of course.
--
Alex Heney
Global Villager
Kleptomania: take something for it
To reply by email, my address is alexATheneyDOTPLUSDOTcom
In uk.legal SMS <scharf.steven@geemail.com> wrote:
> Ian Stirling wrote:
>> In uk.media.broadband Graham Murray <newspost@gmurray.org.uk> wrote:
>>
>>>floyd@apaflo.com (Floyd L. Davidson) writes:
>>>
>>>
>>>>That is indeed a complication. But what the computer does
>>>>automatically is not an indication of the user's intent, legal
>>>>or otherwise.
>>>
>>>That is the main point in this discussion which I disagree with. I
>>>believe that the owner should be responsible for the correct
>>>operation of his equipment (computer or otherwise) and for correctly
>>
>>
>> So, if I put my car key into your car, and it unlocks, then I can take
>> it as your permission for me to drive it away?
>
> Yet another dopey analogy.
Yeah, there is no real close one that I can think of.
I stand by my earlier assertions (I think in uk.telecom.broadband) that
I think that a good case could be made for this being a contravention
of the CMA.
A router in general would seem to meet the 'computer' part of the CMA,
which is a rather wide definition.
One of my current routers (WRT54G) runs software of my own writing,
in addition to its usual tasks.
Not even mentioning that my router is significantly more capable
(with non-original software) than my first computer.
On Wed, 03 Aug 2005 19:57:47 GMT, SMS in message
<news:3.34298@typhoon.sonic.net> wrote:
> Ian Stirling wrote:
>> In uk.media.broadband Graham Murray <newspost@gmurray.org.uk> wrote:
>>
>>>floyd@apaflo.com (Floyd L. Davidson) writes:
>>>
>>>
>>>>That is indeed a complication. But what the computer does
>>>>automatically is not an indication of the user's intent, legal
>>>>or otherwise.
>>>
>>>That is the main point in this discussion which I disagree with. I
>>>believe that the owner should be responsible for the correct
>>>operation of his equipment (computer or otherwise) and for correctly
>>
>> So, if I put my car key into your car, and it unlocks, then I can take
>> it as your permission for me to drive it away?
>
> Yet another dopey analogy.
I think you are using the "bad analogy" response wherever you can't
actually come up with an argument against it.
--
Alex Heney
Global Villager
When in doubt, think.
To reply by email, my address is alexATheneyDOTPLUSDOTcom
On Wed, 03 Aug 2005 16:45:37 GMT, SMS in message
<news:Rw6Ie.7241$p%3.34144@typhoon.sonic.net> wrote:
> The Todal wrote:
>> I often wondered whether it was legal to do so, having had neighbours hijack
>> my connection, and having discovered that my own kids were sometimes
>> inadvertently hijacking a neighbour's connection.
>>
>> Yet another way for law abiding citizens to find themselves in breach of the
>> law, then:
>>
>> http://news.bbc.co.uk/1/hi/technology/4721723.stm
>> [quote]
>> A recent court case, which saw a West London man fined £500 and sentenced to
>> 12 months' conditional discharge for hijacking a wireless broadband
>> connection, has implications for almost every user of wi-fi networks. It is
>> believed to be the first case of its kind in the UK, but with an estimated
>> one million wi-fi users around the country, it is unlikely to be the last.
>> "There are a lot of implications and this could open the floodgates to many
>> more such cases," said Phil Cracknell, chief technology officer of security
>> firm NetSurity. Details in this particular case are sketchy although it is
>> known that Gregory Straszkiewicz had "piggybacked" on a wireless broadband
>> network of a local Ealing resident, using a laptop while sitting in his car.
>
> Good article by Information Week,
You mean it agrees with you, although without really saying anything other
than that the author's opinion is that it is a very low level crime.
--
Alex Heney
Global Villager
Both of his feet are firmly planted in the air.
To reply by email, my address is alexATheneyDOTPLUSDOTcom
Ian Stirling wrote:
> In uk.legal SMS <scharf.steven@geemail.com> wrote:
>
>>Ian Stirling wrote:
>>
>>>In uk.media.broadband Graham Murray <newspost@gmurray.org.uk> wrote:
>>>
>>>
>>>>floyd@apaflo.com (Floyd L. Davidson) writes:
>>>>
>>>>
>>>>
>>>>>That is indeed a complication. But what the computer does
>>>>>automatically is not an indication of the user's intent, legal
>>>>>or otherwise.
>>>>
>>>>That is the main point in this discussion which I disagree with. I
>>>>believe that the owner should be responsible for the correct
>>>>operation of his equipment (computer or otherwise) and for correctly
>>>
>>>
>>>So, if I put my car key into your car, and it unlocks, then I can take
>>>it as your permission for me to drive it away?
>>
>>Yet another dopey analogy.
>
>
> Yeah, there is no real close one that I can think of.
Nor has anyone been able to come up with a great one yet.
A proper analogy must meet the following criteria:
1. The service is very often intentionally provided for free by
businesses, and municipalities,
2, The service is very often intentionally provided for free by individuals,
3. Some businesses have decided to charge for the service, rather than
give it away free,
4. Some individuals and businesses don't want others to use the service
so they prevent others from using the it, with security measures that
cost them nothing to implement,
5. Some individuals and businesses don't care if anyone uses the
service, nor do they encourage the use of the service either; hence they
take no steps to prevent the use by others, but neither do not advertise
the availability of it,
6. Some individuals and businesses don't want anyone else to use the
service, but they are too lazy or dumb to take steps to prevent the use
by other,
7. The user of the service has no reasonable way of determining whether
free providers of the service are doing it intentionally, or doing it
because they are lazy or dumb.
8. The user's equipment will often automatically use the service,
without the knowledge of the user.
9. No real financial harm occurs to the provider when a user uses the
service.
In article <%k9Ie.7304$p%3.34298@typhoon.sonic.net>, Sms wrote:
> > So, if I put my car key into your car, and it unlocks, then I can take
> > it as your permission for me to drive it away?
>
> Yet another dopey analogy.
Please explain why you think so. You've used the "bad analogy" line several
times now without qualification in response to a carefully considered and
presented argument. Without any argument at all in their support, those
words don't really mean anything.
We are talking about the rightness or wrongness of taking someone else's
property without their permission. Specifically, the "property" is the use
of a wireless internet service, and various people (including myself) have
suggested examples where the "property" is something more familiar and
tangible, in the hope that it will make the situation easier to understand.
I suggest that the morality of taking what isn't yours is the same
regardless of what the thing you take actually is, or how careless the
owner has been in neglecting to protect it to what you might consider an
appropriate standard, because it is simply the fact that it belongs to
someone else that makes it wrong to take it. This is certainly the concept
of "ownership" that I was brought up to recognise, though maybe you have
acquired a different one.
If you think it is acceptable to take some items of other people's property
without their permission, while not acceptable to take other items, which
is to say that the *nature* of someone's property is what determines
whether thay have exclusive ownership of it, then please explain your
understanding of what it means to own something.
On Wed, 03 Aug 2005 22:35:58 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Alex Heney wrote:
>
>> You mean it agrees with you, although without really saying anything other
>> than that the author's opinion is that it is a very low level crime.
>
>No, I mean that it is logical, and well thought out, a skill that you
>have not yet mastered,.
Wong on both counts.
It doesn't make any points you haven't already made.
--
Alex Heney, Global Villager
Plagiarism is the sincerest form of flattery.
To reply by email, my address is alexATheneyDOTplusDOTcom
Roderick Stewart wrote:
> In article <%k9Ie.7304$p%3.34298@typhoon.sonic.net>, Sms wrote:
>
>>>So, if I put my car key into your car, and it unlocks, then I can take
>>>it as your permission for me to drive it away?
>>
>>
>>Yet another dopey analogy.
>
>
> Please explain why you think so.
I'm sure that you understand why stealing a car is very different than a
computer connecting to a wireless signal that the owner may or may not
have intended to be open to others.
Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
>On Wed, 03 Aug 2005 01:52:03 -0800, floyd@apaflo.com (Floyd L.
>Davidson) wrote:
>
>>Opps, yes, it was Intel. Not HP. (I just think of HP when I think
>>of Oregon...)
>
>That makes up for one my screwups. I think we're about even now.
Nah. That's just a little boo boo. You screwed up *big time*.
(I don't remember what it was, but I could look it up and
embellish it! ;-)
....
>>But that supports exactly what I'm saying. Schwartz didn't view
>>what he was doing as a security intrusion, so much as doing his
>>employer a favor by demonstrating that there were problems which
>>he alone seemed to recognize.
>
>That's what I thought BEFORE I read the appeals court decision. The
>basic requirement when someone is "helping" improve security is to
>inform the sysadmins or network owner of the attempts and results. I
>run into that all the time when Snort finds some "helpful" individual
>running port scans on machines from inside the firewall at one of my
>customers. If he tells me what he's doing (preferably before, but
>after is tolerable) and tells me what he finds, there's no problem.
>However, Randall Schwartz didn't do that. He sat on his collection of
>decrypted passwords and didn't say anything until after he was caught.
>In fact, he did it twice over a 2 month period, without telling
>anyone. That's not helping anyone with security.
Hey, what he did was *dumb*. But he claims, and there isn't
really any evidence to suggest otherwise, that he *was* going to
show it all to someone higher up. He just got caught before he
got around to it. He wasn't stealing company secrets to sell to
the competition, or whatever...
>>I'm not saying what he did was
>>smart, I'm just saying he didn't think he was really breaking
>>the law.
>
>Permit me to speculate that such an explanation might be a good excuse
>fabricated by his attorney. I would susbscribe to this explanation if
>he had announced to Intel that a bunch of passwords were insecure. He
>could have done it anonymously and avoided retaliation. But, he
>didn't.
Actually that explanation is one that his lawyer had to try to
get around! The dumb shit sat there an talked to the cops all
about it, because he simply didn't understand the legal view of
what he had been doing. The trial court allowing evidence from
interview with the police was one of the things appealed, and
lost.
>>He thought he was getting around a couple of hard to
>>deal with Pointy Haired Bosses. He was probably right to at
>>least some degree, and greatly wrong to a much greater degree.
>>
>>Frankly, I thought, then and now, that criminal prosecution was
>>ridiculous, and lends weight to the PHB concept.
>
>Here we agree. It was a major over-reaction on the part of Intel and
>should have been handled internally and quietly. For some unknown
>reason, Intel saw fit to turn this incident into a high profile legal
>action, probably to "set an example". Maybe there was a lull in the
>never ending AMD versus Intel litigation and the legal department
>needed some work.
Yep. That was simply bad publicity for Intel and did them
no good at all. It probably hurt them far worse than it did
Schwartz.
>>On the other hand, having had PHB's try to start exactly that
>>kind of investigation of *me* on at least two occasions that I
>>know of during the time period when that was a typical reaction
>>to anyone in a telephone office who understood computers, I
>>can't describe how stupid I think it is to not recognize the
>>potential danger. And of course the appropriate response to
>>that danger is to keep ones nose so polished clean that such
>>investigations turn out embarrassing for the person who
>>instigates them. (I ended up with battle scars; they ended up
>>bleeding to death!)
>
>Congrats. I've spent more time on the other side of the issue in
>having to deal with employees and consultants that double as hackers.
But clearly you bring some sane common sense to the table too!
Unfortunately, that doesn't always happen.
....
>Now, back to the topic at hand. It's highly likely that some company
>or agency is going to "set and expample" of wireless hacking. It will
>probably be some person with an otherwise spotless reputation running
>port scans, WEP decryptors, or just Netstumbler on an allegedly secure
>wireless system. The primary purpose of the case will not really be
>to "set an example" as much as it would be to establish the evidence
>requirements, court proceedures, and judicial precidents required for
>conviction. Otherwise, each state will flounder erratically dealing
>with vague issues, such as what constitutes permission, while the
>district attorney refuses to prosecute due to lack of precidents.
>
>Note that you do not have to be guilty to go broke. Randall Schwartz
>paid Intel about $60,000 in "restitution" and about $200,000 in legal
>fees. I'm not sure of the exact amounts, but that's quite a bit for
>an incident where no damage was done to the alleged victim.
Exactly. Somebody is going to be used to generate some case law,
and they aren't going to recover well...
This fits exactly the same scenario I mentioned above with the
danger in 1990-95 that to me was obvious for anyone in a
telephone office who actually understood what a computer was
doing. The only reasonable response is to keep a squeaky clean
nose... because that means you can sit on a fence and bad mouth
everyone running around in circles stomping on the dumb shit
that didn't see it coming.
Those who ignore what we are saying, might just be that dumb shit.
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
Alex Heney wrote:
> On Wed, 03 Aug 2005 22:35:58 GMT, SMS <scharf.steven@geemail.com>
> wrote:
>
>
>>Alex Heney wrote:
>>
>>
>>>You mean it agrees with you, although without really saying anything other
>>>than that the author's opinion is that it is a very low level crime.
>>
>>No, I mean that it is logical, and well thought out, a skill that you
>>have not yet mastered,.
>
>
> Wong on both counts.
Before I was married I had a girlfriend whose last name was Wong, and
another girlfriend whose last name was White. Sometimes I got confused
between White and Wong.
> It doesn't make any points you haven't already made.
White. The points were good points by both me and the article in question.
On Wed, 03 Aug 2005 17:56:05 -0800, floyd@apaflo.com (Floyd L.
Davidson) wrote:
>Nah. That's just a little boo boo. You screwed up *big time*.
>(I don't remember what it was, but I could look it up and
>embellish it! ;-)
Well, I remember, but I'm not gonna remind anyone how badly I can
screw up sometimes. Kinda ruined my illusion of infallibility.
>Hey, what he did was *dumb*. But he claims, and there isn't
>really any evidence to suggest otherwise, that he *was* going to
>show it all to someone higher up. He just got caught before he
>got around to it.
The appellate court and I disagree. There was about 6-8 weeks between
when he did the first password crack and the 2nd password crack. The
prosecution elected to consider that two counts and the appellate
court agreed because he had ample time in between to inform Intel of
what he was doing. If he was going to tell them, then he blew his
chance.
>He wasn't stealing company secrets to sell to
>the competition, or whatever...
That what I consider to be the problem. Intel did not incur any
losses other than legal costs which they instigated.
>Actually that explanation is one that his lawyer had to try to
>get around! The dumb shit sat there an talked to the cops all
>about it, because he simply didn't understand the legal view of
>what he had been doing. The trial court allowing evidence from
>interview with the police was one of the things appealed, and
>lost.
Well, ok. Few of us have any real experience in dealing with the
legal machinery. We generally assume it to be logical, rational, and
expedient. Instead, we find it to be vindictive, insane, and anything
but logical. I guess he found out the hard way. Probably the first
victim of wireless intrusion prosecution will fall for the same
illusions.
>Yep. That was simply bad publicity for Intel and did them
>no good at all. It probably hurt them far worse than it did
>Schwartz.
A $200,000 hole in his bank account and a substantial amount of lost
working time is punishment enough. Very few people seem to know the
cirumstances surrounding the case which leads me to suspect Intel
remains unaffected. Perhaps the hackers all know the details, but Joe
SixPack still buys computahs with Intel CPU's.
>Exactly. Somebody is going to be used to generate some case law,
>and they aren't going to recover well...
My guess is that guy in Florida is not going to be the first. There
are too many complications and the case is insufficiently interesting
to attract the attention of the higher courts. He also probably
doesn't have the money to persue the issue to its legal conclusion.
On Wed, 03 Aug 2005 21:46:27 +0100, Cynic <cynic_999@yahoo.co.uk>
wrote:
>Do you? I have never used one, but have assumed from the signs that
>it is freely available. Are the burger-flippers able to provide a
>customer with a temporary login?
the only time I have actually used one in McDonalds was in Florida,
TBH I can't remember if I paid for a thingummy at the counter to use
it or used a credit card on the sign-in screen the laptop was pushed
to....
On Thu, 04 Aug 2005 01:21:22 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Roderick Stewart wrote:
>> In article <%k9Ie.7304$p%3.34298@typhoon.sonic.net>, Sms wrote:
>>
>>>>So, if I put my car key into your car, and it unlocks, then I can take
>>>>it as your permission for me to drive it away?
>>>
>>>
>>>Yet another dopey analogy.
>>
>>
>> Please explain why you think so.
>
>I'm sure that you understand why stealing a car is very different than a
>computer connecting to a wireless signal that the owner may or may not
>have intended to be open to others.
>
Who said anything about stealing?
>I do not believe there is any accurate analogy.
Just because you don't want to accept it!
There is no such thing as an *accurate* analogy, for anything. That is
why they are analogies.
--
Alex Heney, Global Villager
I tried being reasonable once. I didn't like it.
To reply by email, my address is alexATheneyDOTplusDOTcom
In article <m4eIe.7361$p%3.34370@typhoon.sonic.net>, Sms wrote:
> >>>So, if I put my car key into your car, and it unlocks, then I can take
> >>>it as your permission for me to drive it away?
> >>
> >>
> >>Yet another dopey analogy.
> >
> >
> > Please explain why you think so.
>
> I'm sure that you understand why stealing a car is very different than a
> computer connecting to a wireless signal that the owner may or may not
> have intended to be open to others.
>
> I do not believe there is any accurate analogy.
There probably isn't a completely accurate one, but the relevant point is
the morality of deliberately and knowingly taking or using something that
belongs to someone else, while assuming you have the right to do this if the
owner has not adequately protected it (or perhaps doesn't know how to).
I suggest that the morality is exactly the same regardless of what it is
that you take, or how easy it is to take it, because it is the fact that it
belongs to someone else that makes it wrong to take it. Yet if examples are
quoted involving familiar things like houses or cars, you suggest that these
are not valid examples, implying (unless I misunderstand you) that you think
theft is wrong for an unsecured house or car, but fair game for an unsecured
wireless network. Personally I don't see the difference, because no matter
how careless the owner of something has been in failing to protect it, if it
doesn't belong to you, it doesn't belong to you.
The situation is slightly altered if you do it unintentionally, as, for
example, inadvertently finding yourself on unsignposted private land during
the course of a country walk (or is that a bad analogy too?), but apologies
and explanations are usually sufficient to resolve such incidents, and
decent folk would take care not to do it again. The owner of the land would,
of course, be sensible to fence or signpost it, and in reality must expect a
fair number of unintentional tresspassers if he doesn't, but failing to do
so doesn't make the land any less his, and doesn't deprive him of the right
to ask anyone on it to leave.
On Wed, 03 Aug 2005 13:30:38 +0100, Roderick Stewart
<rjfs@escapetime.nospam.plus.com> wrote:
>In article <87slxr4sek.fld@barrow.com>, Floyd L. Davidson wrote:
>> There are a lot of people who get the idea that "broadcast" means
>> you can do what you like with it, but the legal facts are that
>> it is not true.
>
>Exactly. This even applies to radio and television broadcasts, which
>are only offered to the public under specific terms and conditions for
>specific purposes. They are *not* public property, and you may *not* do
>what you like with them.
You're confusing medium and media.
Paul.
--
.. A .sig is all well and good, but it's no substitute for a personality
.. Humour is very subjective. One man's light-hearted comment is another's insult.
.. Is there a moron carrot above? Have you replied to it? Are you sure?
.. EMail: Unless invited to, don't. Your message is likely to be automatically deleted.
On Thu, 04 Aug 2005 14:06:52 +0100, Paul Harper <paul@harper.net>
wrote:
>On Wed, 03 Aug 2005 13:30:38 +0100, Roderick Stewart
><rjfs@escapetime.nospam.plus.com> wrote:
>
>>In article <87slxr4sek.fld@barrow.com>, Floyd L. Davidson wrote:
>>> There are a lot of people who get the idea that "broadcast" means
>>> you can do what you like with it, but the legal facts are that
>>> it is not true.
>>
>>Exactly. This even applies to radio and television broadcasts, which
>>are only offered to the public under specific terms and conditions for
>>specific purposes. They are *not* public property, and you may *not* do
>>what you like with them.
>
>You're confusing medium and media.
>
Where do you get that idea from, given that he makes no reference to
either?
--
Alex Heney, Global Villager
I tried being reasonable once. I didn't like it.
To reply by email, my address is alexATheneyDOTplusDOTcom
> but the relevant point is
> the morality of deliberately and knowingly taking or using something that
> belongs to someone else, while assuming you have the right to do this if the
> owner has not adequately protected it (or perhaps doesn't know how to).
This point is not relevant for many reasons:
First and foremost, you are talking about something that is very, very,
often intended to be used for free, without asking permission, by anyone
that wishes to use it, and for which there is no way to actually ask
permission in the first place. The reasons that businesses, and
individuals, have decided to intentionally open their networks are well
known. Maybe it's not that way in the U.K., but it is in the U.S..
Because the norm is free access, and because the user's equipment will
often connect to an open network unbeknownst to the user, the network
owner must take at least a tiny amount of responsibilty if they do not
want others using their network.
There are many good analogies if you are talking only about businesses,
but I can think of no other service that both businesses, and
individuals, routinely provide to anyone that wants to use it, at no cost.
On Thu, 04 Aug 2005 14:33:33 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Roderick Stewart wrote:
>
>> but the relevant point is
>> the morality of deliberately and knowingly taking or using something that
>> belongs to someone else, while assuming you have the right to do this if the
>> owner has not adequately protected it (or perhaps doesn't know how to).
>
>This point is not relevant for many reasons:
>
>First and foremost, you are talking about something that is very, very,
>often intended to be used for free,
That is completely irrelevant.
If the user does not establish that it *is* being offered for free,
then they should not be using it. If it turns out not to be, then they
will be liable to criminal prosecution.
>
>Because the norm is free access, and because the user's equipment will
>often connect to an open network unbeknownst to the user, the network
>owner must take at least a tiny amount of responsibilty if they do not
>want others using their network.
>
Nobody has ever suggested otherwise. The fact that the owner has a
responsibility to take care of their goods does not mean it is
acceptable to just take them if the owner doesn't do that.
If I had left my connection open, and somebody used it for something
illegal, that was traceable somehow to them, then the possible
outcomes are:
1. I lose my account, because under the T&C of my ISP, I am
responsible for usage of my account.
2. I sue the culprit for damages cause by that loss of account. I
*would* win, but would probably have the damages reduced because of my
carelessness.
3. If the CPS (Crown Prosecution Service - I think in your
jurisdiction it is the DA who decides to prosecute or not?) decide to
prosecute, then he will probably be found guilty without the fact that
I had left it to default settings having any relevance.
--
Alex Heney, Global Villager
I tried being reasonable once. I didn't like it.
To reply by email, my address is alexATheneyDOTplusDOTcom
On Wed, 03 Aug 2005 19:56:02 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Jeff Liebermann wrote:
>
>> Let's see if I understand you. It's difficult for a manufacture to
>> supply the router pre-configured, but it's "trivial" for the user to
>> do the same? Methinks that's a bit hypocritical.
>>Not at all. The manufactures produces lots of the same item, the end
>user is the one who is the differentiator. And the usual installation
>procedure on network equipment is to first get it working, and then do
>any additional tweaks for security. I would not have wanted my routers
>to come pre-configured, since I would not use the pre-configuration
>anyway, and it would be one more step in the installation.
2wire routers come pre-configured for the major ISP's: http://www.2wire.com/?p=268
Once setup, you can easily screw up the config by logging in and
tweaking. There's even a manual generic config (at bottom of page).
I don't care if they come pre-configured, as long as I can change
everything.
You can probably handle configuring your own wireless router.
However, you are NOT Joe Sixpack, who wants plug-n-play operation and
a painless out of box experience. Here's a working and proven
solution to the default insecure open router problem, and you claim
that it's somehow an inconvenience for you. For your purposes, it
doesn't matter if the router is shipped secured or insecured, you're
going to play with the settings anyway. That would be:
1. router password
2. SSID
3. WEP enabled
4. WEP key
That's all of 4 things that are different between the currently
insecure by default router and the way 2wire ships them. Somehow, I
don't think that's a major inconvenience for you.
I'll stand on my claim that you're being slightly hypocritical.
>Most people have never heard of 2wire, I suspect that their volumes are
>so low that it's not an issue for them to ship with the unit secured.
How's 3 million routers since Jan 2004? http://www.2wire.com/?p=95&pid=128
I'm not sure about the mix of models, but I would suggest that a
substantial percentage are wireless. Also, the wired versions are
alse shipped secured with pre-assigned passwords. Major customers are
SBC, Telmex, and BT.
Paul Harper <paul@harper.net> wrote:
>On Wed, 03 Aug 2005 13:30:38 +0100, Roderick Stewart
><rjfs@escapetime.nospam.plus.com> wrote:
>
>>In article <87slxr4sek.fld@barrow.com>, Floyd L. Davidson wrote:
>>> There are a lot of people who get the idea that "broadcast" means
>>> you can do what you like with it, but the legal facts are that
>>> it is not true.
>>
>>Exactly. This even applies to radio and television broadcasts, which
>>are only offered to the public under specific terms and conditions for
>>specific purposes. They are *not* public property, and you may *not* do
>>what you like with them.
>
>You're confusing medium and media.
Radio is a medium, and so is television, as is a newspaper.
You can use such media as you see fit... the newspaper makes
good fishwrap, or covers the bottom of the bird cage, but none
of them provides enough heat to keep your house warm.
He meant the content, the "broadcast". Don't try selling that,
because the owners will get really testy about it.
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
> You can probably handle configuring your own wireless router.
> However, you are NOT Joe Sixpack, who wants plug-n-play operation and
> a painless out of box experience.
You may be insulting the intelligence of Joe Six-Pack, seriously.
The strongest wireless network I pick up at my house, is my neighbor's,
a totally non-techie who nevertheless managed to follow the quick-set-up
instructions and secure his network. He's a cop, and maybe he understood
more than most people why he should secure it.
I am an EE, not a CSE. Networking is not my specialty. Yet I was able to
set up security in just a couple of minutes by <gasp> following the
instructions.
> This is precisely the point. If the SSID is broadcast, then it's an
> open wireless network. If the network is not intended for open access
> then either the SSID is not broadcast, and/or the network is secured by
Open in what sense?
Open and closed here are definitions of the configuration of the
*device* NOT necessarily the intentions to which it is being put.
Creative definitions and interpretations to justify an aim are
pointless.
On Thu, 04 Aug 2005 17:59:00 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Jeff Liebermann wrote:
>
>> You can probably handle configuring your own wireless router.
>> However, you are NOT Joe Sixpack, who wants plug-n-play operation and
>> a painless out of box experience.
>You may be insulting the intelligence of Joe Six-Pack, seriously.
I deal with Joe Sixpack on a daily basis. The good news is that the
minimum acceptable level of intelligence and knowledge required to
operate a computah is slowly decreasing. Much of todays hardware is
literally otto the box ready to run. One local DSL ISP uses DHCP for
delivering IP's to the router. That's the default for most routers.
So, when there's a connection problem, the brilliant tech support
people just have the customer stomp on the reset button returning the
router back to its default settings. See how easy it can be?
I consider a customer to be someone that has me do work on their
system more than once. One time quick fixes don't count. An amazing
number of these quick fixes are from Joe Sixpack type users that only
want to use the computer to find hot dates, gamble online, download
porno, or get TIVO updates. Never mind all the fancy intellectual
stuff, just get my computah running.
>The strongest wireless network I pick up at my house, is my neighbor's,
>a totally non-techie who nevertheless managed to follow the quick-set-up
>instructions and secure his network. He's a cop, and maybe he understood
>more than most people why he should secure it.
Well, that would be the very last home system I would try to hack. I
can see about 6 wireless boxes from my house. 3 are not secured. One
is intentionally not secured as it runs another neighborhood WLAN.
The 3 that are secured are all 2wire boxes (obvious from the SSID)
purchased as part of an SBC "home networking" deal. I only know the
owner of one of the unsecured networks and he qualifies as a part time
Joe Sixpack with very limited computah knowledge.
>I am an EE, not a CSE. Networking is not my specialty. Yet I was able to
>set up security in just a couple of minutes by <gasp> following the
>instructions.
Well, I'm also a EE (Cal Poly, Pomona 1971) and I never read the
instructions until I'm stuck. If the product were any good, it
wouldn't need instructions. Kinda like the 2wire box. Plug it in and
run the setup wizard to get the SBC PPPoE login and password.
Otherwise, with DHCP it would just be plug-n-play with no setup
wizard. Either way, no instructions required. I think it's a fair
assumption that we are both the exception to the rule for the typical
home wireless network customer. My guess is for every techy type,
there are many hundreds of Joe Sixpack's.
Incidentally, I install or re-install about 2-3 wireless routers per
week. Lots of business from Joe Sixpack type users that just wannit
to work and don't wanna know nuttin about no funny acronyms. Despite
substantial experience with routers, I still have problems with
incompatible WEP keys, buggy drivers, flakey wireless firmware,
bizzare setup wizards (Netgear WGR614), getting customers to manage
passwords, and all the other type of problems found in this newsgroup.
It would be so easy for the ISP to deliver a startup setup, even
without a login. Most cable set-top boxes do exactly that via DHCP.
Oh, I forgot you want to change all the settings and tinker. Never
mind.
On 3-Aug-2005, Roderick Stewart <rjfs@escapetime.nospam.plus.com> wrote:
> Please explain why you think so. You've used the "bad analogy" line
> several
> times now without qualification in response to a carefully considered and
> presented argument. Without any argument at all in their support, those
> words don't really mean anything.
>
> We are talking about the rightness or wrongness of taking someone else's
> property without their permission. Specifically, the "property" is the use
>
> of a wireless internet service, and various people (including myself) have
>
> suggested examples where the "property" is something more familiar and
> tangible, in the hope that it will make the situation easier to
> understand.
>
> I suggest that the morality of taking what isn't yours is the same
> regardless of what the thing you take actually is, or how careless the
> owner has been in neglecting to protect it to what you might consider an
> appropriate standard, because it is simply the fact that it belongs to
> someone else that makes it wrong to take it. This is certainly the concept
>
> of "ownership" that I was brought up to recognise, though maybe you have
> acquired a different one.
>
> If you think it is acceptable to take some items of other people's
> property
> without their permission, while not acceptable to take other items, which
> is to say that the *nature* of someone's property is what determines
> whether thay have exclusive ownership of it, then please explain your
> understanding of what it means to own something.
>
> Rod.
What part of Rod's analogy is hard to understand and/or accept? Despite the
item in question, using someone else's property without their permission is
wrong by any society's standards.
Re: Hijacking a broadband connection 
Linear Mode
