[ISN] Safe and insecure

From: InfoSec News (isn@private)
Date: Wed May 19 2004 - 05:20:30 PDT

  • Next message: InfoSec News: "[ISN] Police probe Sasser informant"

    http://www.salon.com/tech/feature/2004/05/18/safe_and_insecure/index.html
    
    By Micah Joel
    May 18, 2004  
    
    Last week, I turned off all the security features of my wireless
    router. I removed WEP encryption, disabled MAC address filtering and
    made sure the SSID was being broadcast loud and clear. Now, anyone
    with a wireless card and a sniffer who happens by can use my
    connection to access the Internet. And with DHCP logging turned off,
    there's really no way to know who's using it.
    
    What's wrong with me? Haven't I heard about how malicious wardrivers
    can use my connection from across the street to stage their hacking
    operations? How my neighbors can steal my bandwidth so they don't have
    to pay for their own? How I'm exposing my home network to attacks from
    the inside? Yup.
    
    So why am I doing this? In a word, privacy. By making my Internet
    connection available to any and all who happen upon it, I have no way
    to be certain what kinds of songs, movies and pictures will be
    downloaded by other people using my IP address. And more important, my
    ISP has no way to be certain if it's me.
    
    In mid-April, Comcast sent letters to some of its subscribers claiming
    that their IP addresses had been used to download copyrighted movies.  
    Since Comcast is not likely to improve customer satisfaction and
    retention with this strategy, it's probable the letter was a result of
    pressure from the Motion Picture Association of America or one of its
    members. And to Comcast's credit, it stopped short of direct
    accusation; instead it gives users an out. Says the letter, "If you
    believe in good faith that the allegedly infringing works have been
    removed or blocked by mistake or misidentification, then you may send
    a counter notification to Comcast."
    
    That's good enough for me. I've already composed my reply in case I
    receive one of these letters someday. "Dear Comcast, I am so sorry. I
    had no idea that copyrighted works were being downloaded via my IP
    address; I have a wireless router at home and it's possible that
    someone may have been using my connection at the time. I will do my
    best to secure this notoriously vulnerable technology, but I can make
    no guarantee that hackers will not exploit my network in the future."
    
    If it ever comes down to a lawsuit, who can be certain that I was the
    offender? And can the victim of hacking be held responsible for the
    hacker's crimes? If that were the case, we'd all be liable for the
    Blaster worm's denial of service attacks against Microsoft last year.
    
    Don't get me wrong. I'm not deliberately opening my network to hackers
    and miscreants bent on downloading copyrighted material. I'm simply
    choosing not to secure it. That's no different from the millions of
    people who haven't installed anti-virus software and the millions more
    who don't keep theirs up to date. Yes, their vulnerabilities allow
    viruses to spread more quickly, but that's their choice, right?
    
    What about the security of my home network? A determined hacker may be
    able to crack my passwords or exploit weaknesses in the operating
    system that I never even thought of, but how is that different from
    before? There's no system that's completely secure, so whether hackers
    are inside or outside my firewall will make little difference. I'm
    willing to trade a little security for privacy.
    
    It feels strange to be opening up my network after years of vigorously
    protecting it, and it's not without a tinge of anxiety that I do so.  
    But there's also a sense of liberation, of sticking it to the Man,
    that's undeniable, as well as an odd sense of community. It seems
    there's safety in numbers after all, even among strangers.
    
    
    - - - - - - - - - - - -
    
    About the writer Micah Joel is a systems engineer for a software
    company, an award-winning tech presenter and an early adopter of home
    wireless.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed May 19 2004 - 07:40:14 PDT