This is fun to think about..

First, a true hacker will get in.. get out.. and never harm others info. It is the kiddies out here that just got a computer that try to devastate peoples resources that make a bad name for the rest of the real people who love to jack. Useless go-nowhere idiots!

If you go to a site and your card locks onto a network that gives you an IP (DHCP) to let you surf the web then how can that be against the law? You have been invited onto their network to use the bandwidth as you see fit. A public freq. (2.4) with a DHCP service (IP) and no lockdowns (WEP off).. hhhmmm. Sounds like an invitation to me. It is not like you are in their workgroup so you can gain access to their hard drives.. Hell if anyone wanted access to hard drives just get on any cable modem, and BAM! surf all the hard drives you want - what a waste of time.Wow you can read grandmas letter to aunt betty. Get a life!

There are tons of open networks all over that are grassroot efforts to try to supply people with enough bandwidth to check email, read websites, and download files from your own servers. Would I ever use someone's network without a secure link myself.. NO! I always use safeweb, or SSH to surf into mail.yahoo.com, or telnet into a box on a secure link. Wireless is fun, but I am not stupid.

What I think is funny are those who leave their sites open and supply people with DHCP just to grab info as the unsuspecting lanjacker uses their networks.. Thats funny.. So it works both ways. There are people who are lanjacking and get onto the web in the middle of a parking lot. Then there are those allowing the lanjack to happen so they can grab info that comes across their newly lanjacked network.. Run script kiddies.. Run!

MOREL: Watch who's jacking who... ;-)

SIDENOTE: My place is in the heart of San Francisco.. Come by and use my network.. I won't be sniffing packets as you lanjack my world.. hahahahaha

LAW BREAKING:

If you go to a site and they have applied WEP, or other security measures to keep you out, and you break them to gain access you have just broken the law... Enjoy becoming bubba's new girlfriend!

Other then that I only keep track of open DHCP nets. The others are not worth the trouble, or the possible time to be corn holed. Someone else can fight that battle. I enjoy my freedom... ;-)

ehrr
yes and no
I pretty sure there is some law that says something about
"illegally consuming bandwidth" without a contract from the network owner...
So DCHP in place and lack of WEPor other security measures would probably not be viewed upon I a court of law as
"I should get out of jail -free card"
-cause the didn't have any security in place your honour.
-That's why I used up all there bandwidth to upload and download my ripped DVD movies...

Reason ? Corp X co-workers was probably "tricked" by the slick WLAN salesmen (just look at the ads) most probably without the knowledge of what they were doing, and the authorization from proper responsibilities from corp X.
-ehr Bob, haven't we got a FW I place so we are secure...?
-Yes Joe, lets play with this new WLAN stuff...

We all know that average Joe at Corp X cant probably spell to security...But there is still laws that most probably will protect that stupidity.

So you have a WLAN honey pot -any interesting findings that you want to share ?

BH, I am very familiar with that train of thought, but it will NOT stand up in court. It's been tried and it has failed. Simple as that.

The parallel that an attorney used to explain it to me went something like this....

If you were walking down the street in a neighborhood and saw two houses, one had the front door and opem windows (not the Microsoft type) and the other had a fence, bars on the windows and a locked front door; would it be leagle for you to enter either house? No.

I'm not interested in arguing whether this is right or wrong. I just want to make sure that people who do use wireless to gain unauthorized access to a network understand the potential consequences of their actions.

If you're going to play the game, know the rules.

I have to agree with Delta Farce on this. If you read up on the laws surrounding "computer trespass" and "computer eavesdropping", they are written to favor the owner of the network - even if he is a complete idiot.

Put another way - if the LMNO Corporation hooks up a T-1 *directly* to their office LAN .... no firewall, no nothing .... do you think it's legal to start poking around on their internal network? Whether you like the answer or not, I can tell you what the legal perspective is -- NO.

Even something as simple as a port scan can be deemed as illegal depending on how you interpret the current laws. Trust me, I work in the ISP industry - we're quite familiar with this stuff.

We could debate forever the semantics of this forever (i.e. "But if they have a web server they're inviting people to access their network in some way") but the laws are clear - they are written to favor the network owners, because some network owners will be idiots and won't know how to secure things. So the law must favor them (the owner) over you (an unwelcome outsider).

Delta is definitely right -- if you're going to play the game, know the rules...

-Toomer

I couldn't hold back... BH you are an utter moron.

Your line of reasoning is such that I would believe it to overhear you one day saying: "But officer! He had a doorknob, that's like an invitation to walk in his house! Then of course I can use his water and electricity and..."

Just because you are able to get somewhere does not make it legal. COME ON!

"If you were walking down the street in a neighborhood and saw two houses, one had the front door and open windows (not the Microsoft type) and the other had a fence, bars on the windows and a locked front door; would it be legal for you to enter either house? No. "

I don't think this is quite the same. This is PUBLIC airwaves. If you are broadcasting out on public channels, with DHCP and no WEP, not only would it really be hard to make a case against someone just 'using' the network, but I would think the person could almost have as strong of a case going the other way saying "I was reverse hacked because your AP invaded my settings". An example of this:

A friend of mine installed a Linksys WAP11 and left everything default (SSID = linksys). One day he was browsing around onine and then went into the room where his AP and cable modem were. Funny thing is they were both turned off (and accident one of his kids did)!

A neighbor of his has the EXACT same setup (cable modem with WAP11) using all defaults. My friend had unknowingly been using the wrong network all day!

The "2 house" analogy fails because houses are not by defintion "public".

It's more like you seting up a video camera to show your private corporation's goings ons to a Big screen TV sitting outside your building on a public sidewalk... Don't complain about other people's ability to see you when you leave yourself wide open, protect yourself.

From my side, I either choose to look at it or not.... but there is little you can say or do about it. Move the TV (if iy is yours to move), scramble the signal or stop sending the a signal feed. Just changing the channel you are sending to the TV isn't good enough. I can always channel surf till I tune back in to your program. Calling the cops because i'm standing on a public sidewalk looking at your TV showing us private corporate secrets is also stupid.

stumbling... (due to the nature of beast) is like walking into a public building.... No you may not do "anything" you want and you must leave when asked. But if you are there and the bathroom is available, then you are free to make use of it. As long as it is not locked or marked as private. You are also free to look around as long as your actions don't cause harm.

Stumbling is niether breaking in nor is it treapassing. I don't see netstubling any less legal than RF scanning. Cracking WEP security and then lanjaking.... now that is certainly ilegal.

I also think the CB radio/wireless telephone/cell phone analogy also works.

I feel sorry for individules and companies that resort to pushing for legal protection rather then make proper use of technology. It serves any idoit right to use WLAN technology and broadcast their most private secrets just to find out everyone knows them because their on the news.

The media make it look like a crime and that is why most everyone see it as that. The crime that is being commited is truth and logic are being legally redefined as more and more idiots make use of dangerous (network) technology.

Ill say amen to that. You have some good thoughts.

In my previous analogy, I think I failed to get across the point of "behaving yourself" or "the requirement for self control". You may use the bathroom but you are not free to plug in and use their electrity for your use.

Another analogy that works is where "Company A" decides to have a picnic at some shelter in "City Park B". "Company A" will only be using a portion of the shelter. Other companies are also making use of the shelter (as are individules). It's a public place and people may come and go.

In this analogy, you are not totally free to do as you wish. You may make use of the public bathroom and grills attached to the shelter but the food that others have sitting out is hands off unless they invite you to take some.

The glass house/office analogy is also fitting.

There are 2 points that I wanted to be brought out...

1) when in a public or public viewable area, don't walk around naked unless you want people to look at you or at least don't mind being gocked at or having your picture taken. (hint... cover up, close the blinds, where a disguise, or move to a place you can't be viewed) In other words, It's not ilegal to see the nude but it is ilegal to expose yourself (or someone else) in public.

2) not everything at a public place is yours to make use of.
you can have the cops calle on you if you try toi steal food from someone else's table.

Common sense is none to common anyome....

I need to invest in spell checking..... so many typos. so much embarassment.

Just in case I was still unclear:

The point about nudes was an analogy for companies to not leave themselves at risk by doing the WLAN version of walking around with nothing on.

The other point was more obvious. making use of bandwidth that you don't own/lease/have-rights-to (and other network pranks) is a "no-no" even if there is no way to catch you.
But merely connecting, getting an IP and (descreatly) looking around is not something I would consider any different than turning on a TV and getting to watch a private M$ meeting that no one in the meeting knew was being broadcast. (aint no crime)
</Pulpit>

You ARE using their resources when you grab an IP through DHCP. It takes processor power to register that ip.

If you really wanna stay in the clear, it's best to use a sniffer and pull things out of the air, as opposed to connecting to anyone's machine. They can always get you that way (legally).

Then you can make the argument about whether breaking someone's encryption (wep, or whatever) is illegal. Then you're not using their resources, but could be violating their intellectual property rights. But then who knows. Of course you can always argue that all your doing is passively pulling down the airwaves.

More to think about.

Not that this analogy has any real meaning anyway, but it's not illegal to enter an unlocked house. That's why the crime is called "breaking and entering". Entering in and of itself is not a crime. There was a burglar who, before actually taking anything, was caught. He actually was acquited because the mat said "Welcome" and his argument was that he was just wandering by and no one responded to his knock. Some or most localities have ordinances about peeping toms and such but they may or may not be relevant to this particular act and it may not actually be illegal to enter the house. Entering the house and turning on the TV, though might be. I agree, though, with the other respondents: these are public airwaves and you certainly can't proceed with any expectation of privacy.

Just another 2c...

Walking in to an unlocked house is at the very least Trespassing.

When companies give DHCP addresses to WLAN connections it's as good as you get as for as being an open invite. Here you go, have an IP address on the house.

If companies don't want you on their WLAN, then they should be at minimum blocking MAC addresses that don't belong. They should also be using 128bit WEP.

Here is another thing to consider, there are lots of "free" WLAN hot spots going on-line every week and these groups/individules want you to "stumble" across them and make use of them. Some people just get a kick out of providing free service. (mind you, read your ISP's service agreement and see if they frown on the pratice before doing so)

So, with this in mind. Who am I to say that the Pentigon's (for instance) open and non-WEP WLAN is not for general consumption. If they are dumb enough to leave it open and unencrypted, then it goes back to my ealier analogy.

BTW, I view getting an IP address via DHCP in the same class of actions in a public building as flushing a toilet and washing ones hands, making use of the warm/cool air on a cold/hot day or being able to see because they left the lights on for you.

Mind you, it may not be a company's intentions to act as a public service but by not taking steps to not be one, they are one by default. My assertation is that WLAN, by default, is a public service that you have the right to privatize to various degrees. Taking steps to curcumvent those privatizations is what constitutes a criminal act.

I think this analogy works the best so far:

For example, I own a couple of FMS radios. If I choose not to set it to use privicy codes, then my conversations are not safe and I know this. But my conversations are never safe from those FMS radios that don't make use of privacy codes and I know this as well. My only recourse to obtain private communications is to purchase FMS radios that also do encryption (if those are available).

Let's add to the scenario a phone interface. It will listen to touch tone codes and place 2-way calls for you. If I connect that to an FMS base station then expect those that know about it not use use it then I'm dumber than I look.

Would it be ilegal for you to make use of my phone that I connected to the FMS radio? Would I win a law-suit(sp?) against you for the long distance and international calls you made? Could I have you arrested for wire tapping or trespassing? What if all you did was make local calls?

Would it not be in my best interest to use security codes, encryption and other technology to make sure I'm the only one that can make use of the phone I connected to the FMS radio?