Forwarded from: Chad W. Didier <cdidier@private> I think this would fall under the category of "willful neglect". No one can be held responsible for the abuse of a technology that is flawed. But, to publically state you're not going to make reasonable attempts to secure it is "willful neglect". One could be held liable. Perhaps not criminally but, in a civil trial one may find themselves held responsible and liable for damages for the abuses of another. -----Original Message----- From: isn-bounces@private [mailto:isn-bounces@private] On Behalf Of InfoSec News Sent: Wednesday, May 19, 2004 8:21 AM To: isn@private Subject: [ISN] Safe and insecure http://www.salon.com/tech/feature/2004/05/18/safe_and_insecure/index.html By Micah Joel May 18, 2004 Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it. What's wrong with me? Haven't I heard about how malicious wardrivers can use my connection from across the street to stage their hacking operations? How my neighbors can steal my bandwidth so they don't have to pay for their own? How I'm exposing my home network to attacks from the inside? Yup. So why am I doing this? In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me. In mid-April, Comcast sent letters to some of its subscribers claiming that their IP addresses had been used to download copyrighted movies. Since Comcast is not likely to improve customer satisfaction and retention with this strategy, it's probable the letter was a result of pressure from the Motion Picture Association of America or one of its members. And to Comcast's credit, it stopped short of direct accusation; instead it gives users an out. Says the letter, "If you believe in good faith that the allegedly infringing works have been removed or blocked by mistake or misidentification, then you may send a counter notification to Comcast." That's good enough for me. I've already composed my reply in case I receive one of these letters someday. "Dear Comcast, I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it's possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future." If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes? If that were the case, we'd all be liable for the Blaster worm's denial of service attacks against Microsoft last year. [...] _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Mon May 24 2004 - 00:54:59 PDT