Wi-Fi Food For Thought 1

[SemperFiDownUnda]

The article makes sense. The biggest issue here is for the people using wi-fi they don't get to choose what network is picked up. Kind of like getting in a cab and say "Take me to the airport" at which the taxi driver drives off. When confronted with taking the normal high way or the electronic metered high way the taxi driver uses the later but does not have the device to allow him/her to drive on that high way. It should not be the passenger that gets the ticket when the passenger has no way of controlling how the driver gets from point A to point B.



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[monkeylizard]

I suppose a good question to ask in this is when do you move from ignorance to negligence? Ignorance (generally) is not criminal, but negligence (generally) is.

I'm sure none of us (since this community is obviously tech-savvy at the very least) would install a wireless access and uninentionally leave it unsecured.

However here's the issue:

SF18C wrote:
WEP is only one layer of defense. Enabling the 802.1x protocol by MAC address is another. For my wireless devices I also put them in their own subnet with DHCP reserver addresses by MAC.

I'd bet dollars to doughnuts that Joebob that just bought a wireless kit at OfficeDepot has no clue what the above statement means.

Is it ignorance or negligence if Joebob hooks up his unsecured access point even though he doesn't actually want to share the bandwidth?

I say it's ignorance on his part and it's negligence on the part of the retailer and the manufacturer if the sale/equipment does not contain good and easy to understand instructions to enable at least some basic security.

think about if your mom or dad bought a wireless system because they saw it on an Intel commercial and thought it would be neat. A slick sales pitch and $150 later and BOOM, mom and dad are providing quick access to everyone nearby. Should mom and dad be tossed in the pokey?


Monkeylizard
-Isaiah 35-

 

[SemperFiDownUnda]

it's negligence on the part of the retailer and the manufacturer if the sale/equipment does not contain good and easy to understand instructions to enable at least some basic security

Define "basic security". Define "good and easy"
There could be many definitions and interpritations on those two statements. I know people that would concider security just short of quantum crypto basic and anything less as not enough.

You'll find that its not the retailers responsibility to provide documentation on a product. It is the responsibility of the manufacturer. Even then I'd say that you'll probably find that most of these manufacturers do provide the documentation. The fact that people don't read or can not understand the documentation should not make the manufacturer liable.

Its like an article I read about how a girl had an egg explode in her face after warming it up in the microwave. People are now calling for microwaves to carry clear warnings of exploding eggs. While they admit that most microwave instructions would warn of this danger and advise to pierce the shell properly before cooking they want it printed on the microwave itself. I can see it now if it passes. 2 years from now your entire manual will be on the microwave.

Lets put in large lettering on your car "Do not speed." "Do not drink and drive" "Not watching where you drive might result in an accident" "Talking on the phone will distract you from driving" "Do not park in a no parking zone"

You might think I'm going to far....but I don't believe I am. This is basically what people are saying. They find a problem that is probably well documented but since THEY got hit with the problem and didn't do the appropriate work to aviod the documented problem they try to shift blame to the manufacturer. If you don't know how to read the manual hire someone to do it. We can not make things idiot proof. The universe will always make better idiots.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[mrdenny]

People in general are inherently stupid. It’s a cold hard fact. Think about this for a moment:

I have a new method of transportation that I am going to start seeing to the general public. The downside is that the fuel that power this method of transportation is flammable, and can explode by simply lighting a match or creating a spark near the fuel. In the vehicle there will be included several devices capable of causing the fuel to explode.

The vehicle can go very fast, but does not stop very quickly, and if it crashes the impact may kill everyone in the vehicle. The safety system to keep you from being killed may make you paralyzed while it is trying to save your life.

If I tried to introduce this item into society today, it would be rejected in a hart beat for being unsafe by all the bleeding hearts that want to protect the people that don’t want to think for them selves. The only problem is that I just described the car you drive to work in every day.


Denny

--Anything is possible. All it takes is a little research. (Me)

 

[OhioBill]

Technical issues aside, there is the practical application to consider. Try calling the police to complain that your neighbor is stealing bandwidth from your wireless network, and you'd like him arrested. Presuming you get past the "huh?" from the not so technically savvy person answering the phone, the police will tell you it's a civil matter (once they stop laughing). Hire a lawyer and go to small claims court, or something.

I suppose you could try reporting this crime to the FBI, then watch as a SWAT team raids your neighbor's home, complete with tear gas, destruction of property and the ceremonial killing of the family dog, all in the name of homeland security. Good job, ace.

Try prosecuting a case like this. The prosecuting attorney has to explain to a group of twelve retirees exactly how this crime took place, then prove the defendent guilty. When was the last time you were able to successfully explain wireless networking to your grandmother?

All the defense has to do is wait for the juror's eyes to glaze over and hammer them with the reasonable doubt clause.

So I guess, no matter what the law is or will be in the US of A, enforcement will be tough at best. Meantime, sales are up.

 

[monkeylizard]

Let me clarify my earlier post as I now realise it was incomplete.

I do not condone stupid people suing manufacturers over the user's own stupidity. I just saw an add for BestBuy with a marrionette pupet. He gets his strings cut and "goes wireless". It's presented as a simple "plug and play" system, which it is not.

As for the analogy to cars and speeding, cars have been a part of the landscape for 100+ years and something everyone owns for at least 50 years. The PC is in its infancy...I think that's why we have questions such as these posted in this forum. I don't see any BBs for "Stop the speeding in car ads" anywhere.

I don't think Intel/Best Buy should be sued because a user is not savvy enough to configure the technology properly, but it's important to remember that technology is still something we are trying to get a handle on in society.

I do think that the technology industry (manufacturers and us) has a responsibility to help out the less inclined. We will all be better for it.

Monkeylizard
-Isaiah 35-

 

[SemperFiDownUnda]

what do you prepose the manufactures do that they are not currently doing?


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[ecobb]

Perhaps consumers should be given a test to determine if they are smart enough to purchase electronics...you know, their test scores determine what level of technology they can posses. ;-)

I can hear it now:

I'm sorry sir, but according to your test scores we will not be able to sell you anything from our computer, home audio, or video games departments. Perhaps we could interest you in an electric toothbrush?

Hope This Helps!

Ecobb

"My work is a game, a very serious game." - M.C. Escher

 

[sha76]

Great plan Ecobb, but are the salespeople going to have to do the same test? There could be a few jobs going!

 

[Grenage]

Ah but how many technically capable are going to want to be salespeople?

 

[Tarwn]

Well, I know our main salesman didn't pass the test

_{01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111}
The never-completed website:

http://www.tiernok.com/

 

[monkeylizard]

I guess my last post was a bit of a question too.

A car dealership/salesperson is not responsible to determine if a buyer knows how to drive, but cars are ubiquitous in our society.

What about other, less common things? I know that I can not rent SCUBA equipment without showing proper certification and/or signing a waiver.

Should new technologies be treated the same way? Should there be a very clear message on the packaging that warns of the security implications of misconfiguring the device? Should sales of such equipment be accompanied by an offer for professional installation?



Monkeylizard
-Isaiah 35-

 

[monkeylizard]

In response to the original post though, anyone who grabs an unsecured connection is not violating anything in my opinion. Especially as the number of Public hotspots grows, there is will be no reasonable way for a user to know they are on a connection that the owner does not wish to be public.

Monkeylizard
-Isaiah 35-

 

[SemperFiDownUnda]

What about other, less common things? I know that I can not rent SCUBA equipment without showing proper certification and/or signing a waiver.

The issue there is life threatening. I'm not fully sure you can go in and buy a car without a licence. Because of registration etc I'm pretty sure you'll have to produce a license at some point in time.

With scuba you have to have certification. Agian this is for your safety. I don't see this as issue with normal SOHO network gear as they are not life threatening via normal use.

Agian I would be surpised if the documentation doesn't already go into detail about these issues.

When we start going down the road of "a very clear message on the packaging that warns of the security implications of misconfiguring the device" where do you draw the line? you'll end up with half the manual in 3 inch letters printed on the packaging....kind of difficult with a box that is 6x1x10 inches.

I'd be for a big RTFM put in bold on the boxes but people still would ignore it and complain.

We can't make things idiot proof...a better idiot is created every minute.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[sleipnir214]

Actually, it is more than possible to buy a car or SCUBA without licenses or certifications. Corporations buy cars for their people to drive, and that dive shop had to buy the dive equipment from someone.






Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[zebratech]

"With scuba you have to have certification. Agian this is for your safety. I don't see this as issue with normal SOHO network gear as they are not life threatening via normal use."

True misuse of network gear/security is NOT life threatening, but, Identity Theft brought about by improper securiy measures can sure ruin someones life.

I'm not a believer in big brother tactics or federal mandates to protect people from themselves. I've watched our industry change from only technical people using our tools to the masses having access to technology they don't understand. The development of "Wizards" and PnP to simplify configuration issues, while making our jobs easier also removes a lot of the necessity for the understanding of what is really happening behind the scenes. Its a double edged sword. Maybe the requirement for "proffessional installation" wouldn't be such a bad idea.




Unix IS user friendly... It's just selective about who its friends are.

 

[SemperFiDownUnda]

sleipnir214 - while I appreciate this fact it is then the corporation buying the cars responsibility that those they let drive the vehicles have proper licences.

...but, Identity Theft brought about by improper securiy measures can sure ruin someones life.

Show we put big bold signs on all purses wallets, luggage, mail boxes, desks and other places where we might possibly store personal information?

If you limit it to "professional installations" that means you limit who can use it all together. What about a person that only surfs the web reading normal web pages but uses a laptop. Should they have to pay $50+ more to have one of these items installed when for their purpose just plugging the item in is good enough? Why force everyone to pay for something they do not need?

With the topic of wizards....heck I've seen people mess up even the simplist of wizards.

Can someone actually come up with a product that doesn't actually have the information in the documentation or explains how to get it for the normal operations?


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

 

[MikeLacey]

you are entitled to any apples that fall on your side of the fence.

In the US - perhaps that's the case, I don't know. In the UK I believe that you are required to offer the fruit back.

Mike

"Deliver me from the bane of civilised life; teddy bear envy."

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

 

[Dimandja]

In the UK I believe that you are required to offer the fruit back.

How gentlemanly. Do you offer the fallen leaves back too?

 

[MikeLacey]

Hmmm. Remember that the saying is "An Englishman is never unintentionally rude."

No - we just shovel the leaves over the fence where they belong.

Mike

"Deliver me from the bane of civilised life; teddy bear envy."

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884