Certified secure



  • Just remembered this incident from a couple of years back.


    A friend of mine is looking for some wifi, he's found a neighbour using WEP and very quickly aircracked it with the help of some ARP.

    He wants to setup a box to torrent some films on it, when he does this he likes to open the web interface for his torrent client to the world so that he can see how the downloads are doing from his phone.

    There is no UPNP so he has to manually add a port forward on the router, so he looks up the default username and password combination for this particular make and model on the interwebs.

    Unfortunately the default password is the serial number of the device, a wise security precaution indeed.


    Fortunately for him this router has TWO web interfaces, one on port 80 as usual and a HTTPS variety. The HTTPS interface also prompts for authentication of course but the HTTPS variety also supplies its own certificate and can anybody guess what the router identifies itself by in the certificate? Why, the serial number of course!



  • You need a password! Here.



  • I don't know what country your "friend" lives in, but if it's one where you can get jailed for illegal downloading or uploading, he's just made life for his neighbours potentially difficult. That would not be something to brag about.



  • Is there democratic country that jail the owner of a network for illegal downloading ?


  • Discourse touched me in a no-no place

    @TheLazyHase said:

    Is there democratic country that jail the owner of a network for illegal downloading ?

    Apparently so@RIAA said:
    Criminal charges may leave you with a felony record, accompanied by up to five years of jail time and fines up to $250,000.



  • http://www.geek.com/articles/news/15-year-old-facing-jail-time-for-downloading-24-movies-20110824/

    And in case you're feeling relieved, a "torrent box" usually uploads as well, so

    http://thecelebritycafe.com/feature/man-sentenced-jail-illegally-uploading-wolverine-online-12-20-2011



  • @PJH said:

    @TheLazyHase said:

    Is there democratic country that jail the owner of a network for illegal downloading ?

    Apparently so@RIAA said:
    Criminal charges may leave you with a felony record, accompanied by up to five years of jail time and fines up to $250,000.

    Notice the bolded part



  • @serguey123 said:

    Notice the bolded part

    Lame.



  •  Your friend is an irresponsible, cheap leech. Does his mama still cut his toenails or something?



  • @EncoreSpod said:

    A friend of mine is looking for some wifi, he's found a neighbour using WEP and very quickly aircracked it with the help of some ARP.

    You're an asshole. Why didn't you just knock on the door and just fucking ASK them, you dick?

    @EncoreSpod said:

    He wants to setup a box to torrent some films on it,

    You're the king of all assholes. Fuck you.



  • Not sure about other countries (but sure most Western ones have similar):

    QUOTE User="Computer Misuse Act 1990"A person is guilty of an offence if—
    (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured ;
    (b)the access he intends to secure, or to enable to be secured, is unauthorised; and
    (c)he knows at the time when he causes the computer to perform the function that that is the case.
    ...

    (3)A person guilty of an offence under this section shall be liable—
    (a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
    (b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
    (c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.[/QUOTE]

    And just for fun:

    QUOTE USER="Criminal Law Act 1967"Where a person has committed an arrestable offence, any other person who, knowing or believing him to be guilty of the offence or of some other arrestable offence, does without lawful authority or reasonable excuse any act with intent to impede his apprehension or prosecution shall be guilty of an offence.
    [F1(1A)In this section and section 5 below “arrestable offence” has the meaning assigned to it by section 24 of the Police and Criminal Evidence Act 1984.]
    (2)If on the trial of an indictment for an arrestable offence the jury are satisfied that the offence charged (or some other offence of which the accused might on that charge be found guilty) was committed, but find the accused not guilty of it, they may find him guilty of any offence under subsection (1) above of which they are satisfied that he is guilty in relation to the offence charged (or that other offence).
    (3)A person committing an offence under subsection (1) above with intent to impede another person’s apprehension or prosecution shall on conviction on indictment be liable to imprisonment according to the gravity of the other person’s offence, as follows:—
    ...

    (d)in any other case, he shall be liable to imprisonment for not more than three years.[/QUOTE]

    So if this had happened in the UK then anyone who committed the act would be liable for up to two years in prison, and anyone who deliberately helped that person evade justice (say for example by witholding their name when recounting the story) would actually be liable for up to three yers in prison!



  • @GettinSadda said:

    So if this had happened in the UK then anyone who committed the act would be liable for up to two years in prison, and anyone who deliberately helped that person evade justice (say for example by witholding their name when recounting the story) would actually be liable for up to three yers in prison!

    "Not actively assist" != "impede".  You are not obliged to immediately grass anyone you know who has ever committed any kind of offence.



  • @blakeyrat said:

    @EncoreSpod said:
    A friend of mine is looking for some wifi, he's found a neighbour using WEP and very quickly aircracked it with the help of some ARP.
    You're an asshole. Why didn't you just knock on the door and just fucking ASK them, you dick? @EncoreSpod said:
    He wants to setup a box to torrent some films on it,
    You're the king of all assholes. Fuck you.
    Stop giving him a hard time, guys.  He's a FREEDOM FIGHTER!11!@!  Or something...



  • @EncoreSpod said:

    Just remembered this incident from a couple of years back.


    A friend of mine is looking for some wifi, he's found a neighbour using WEP and very quickly aircracked it with the help of some ARP.

    This is why non-IT people should ask knowledgable IT people to set up their wireless network.



  • @blakeyrat said:

    [You're the king of all assholes. Fuck you.
     

    Whilst this is probably true, I'd rather get to know you before I get fucked by you cus I'm sensitive like that.

    And if witnessing my friend do this makes me an asshole, well WTF (more common meaning) do you want me to do, grass up my friend?

    I thought this was just a place we discussed IT related fuck ups in a light hearted way, this was an example of an IT fuck up

    P.S. Thank you for promoting me to king of something, I'm looking into a crown, possibly one constructed out of homemade cantennas.

    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.

     

     



  • @EncoreSpod said:

    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.

    Running away and hiding doesn't change your responsability. Take it.



  • @TGV said:

    @EncoreSpod said:

    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.

    Running away and hiding doesn't change your responsability. Take it.

    My thought exactly.  Sure, maybe it wasn't *you* who did it, but standing there and saying "hey, that's cool" would, in the eye of the law, make you an accessory to the crime.  I'm not calling you an asshole (although your friend sure is), but you are a weak-willed individual.  I think I'd rather be an asshole.


  • In France at least, if someone downloads on someone else's connection, it's considered the responsibility of the connection owner for failing to secure their connection. [1]

    Courts in the US, for now, have ruled that open networks aren't a factor for criminal liability [2], but the "six strikes" scheme doesn't care. [3]



  • @C-Octothorpe said:

    @TGV said:

    @EncoreSpod said:

    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.

    Running away and hiding doesn't change your responsability. Take it.

    My thought exactly.  Sure, maybe it wasn't *you* who did it, but standing there and saying "hey, that's cool" would, in the eye of the law, make you an accessory to the crime.  I'm not calling you an asshole (although your friend sure is), but you are a weak-willed individual.  I think I'd rather be an asshole.
     

     

    +1. If my friend had done something like that, I'd be pretty pissed. If he didn't stop, I'd threaten to call the police. Which I would do. [i]Of course[/i]. He'd then be an idiot anyway, a waste of friendship and a liability for my future career.

    Seriously, I can't get over the fact that you even try to convince yourself or others that it's not your business. Wow.

     



  • @MiffTheFox said:

    In France at least, if someone downloads on someone else's connection, it's considered the responsibility of the connection owner for failing to secure their connection. [1]

    Courts in the US, for now, have ruled that open networks aren't a factor for criminal liability [2], but the "six strikes" scheme doesn't care. [3]

    I'm too lazy to check, but I'm fairly confident that points 1 and 2 both apply to open networks.  I don't think they would see breaking WEP the same way.



  • @serguey123 said:

    @PJH said:
    @TheLazyHase said:

    Is there democratic country that jail the owner of a network for illegal downloading ?

    Apparently so@RIAA said:
    Criminal charges may leave you with a felony record, accompanied by up to five years of jail time and fines up to $250,000.

    Notice the bolded part

    Juche! The word Democratic is right there in the name of the country!



  • @EncoreSpod said:

    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.

    I stop this sort of torrent hackery with adblockers in my browser.



  • @boomzilla said:

    @EncoreSpod said:
    I will leave this thread alone now, cus its obviously stired up a lot of flame/troll energy and I can't be doing with this political stuff.
    I stop this sort of torrent hackery with adblockers in my browser.
    Are you mad? What happens if the two flame wars fuse together?  The resulting energy release would be over 9000.  There is no way this forum can handle that much power.



  • @Anketam said:

    There is no way this forum can handle that much power.

    It's OK. Community Server wasn't meant to be used.



  • @C-Octothorpe said:

    @MiffTheFox said:

    In France at least, if someone downloads on someone else's connection, it's considered the responsibility of the connection owner for failing to secure their connection. [1]

    Courts in the US, for now, have ruled that open networks aren't a factor for criminal liability [2], but the "six strikes" scheme doesn't care. [3]

    I'm too lazy to check, but I'm fairly confident that points 1 and 2 both apply to open networks.  I don't think they would see breaking WEP the same way.

    It's the responsibility of the owner to secure their network, which includes following best security practices.



  • @Anketam said:

    There is no way this forum can handle that much power.
    There is another theory which states that this has already happened.



  • @MiffTheFox said:

    @C-Octothorpe said:

    @MiffTheFox said:

    In France at least, if someone downloads on someone else's connection, it's considered the responsibility of the connection owner for failing to secure their connection. [1]

    Courts in the US, for now, have ruled that open networks aren't a factor for criminal liability [2], but the "six strikes" scheme doesn't care. [3]

    I'm too lazy to check, but I'm fairly confident that points 1 and 2 both apply to open networks.  I don't think they would see breaking WEP the same way.

    It's the responsibility of the owner to secure their network, which includes following best security practices.

    So, if I steal your car to rob a bank, it's actually *your* fault for not leaving your car in a concrete bunker, far out of the reach of my grubby hands?

    The person took whatever steps they (and any reasonable non-IT professional) would think were necessary to secure their network.  If his friend is going out of his way to break into the neighbours network solely to commit a crime, I don't see how that absolves him of any blame.



  • @C-Octothorpe said:

    So, if I steal your car to rob a bank, it's actually your fault for not leaving your car in a concrete bunker, far out of the reach of my grubby hands?

    The person took whatever steps they (and any reasonable non-IT professional) would think were necessary to secure their network.  If his friend is going out of his way to break into the neighbours network solely to commit a crime, I don't see how that absolves him of any blame.

    If you stole my car to rob a bank there's be physical evidence. I'm not saying it's just, I'm saying that the *IAAs are greedy and will take money from whomever they feel like inconviencing, but since they can't prove conclusively who on a network downloaded, they got blame to be shifted to the network operator.



  •  @C-Octothorpe said:

    So, if I steal your car to rob a bank, it's actually your fault for
    not leaving your car in a concrete bunker, far out of the reach of my
    grubby hands?

    In many countries in Europe, if you left your car unlocked with the keys in the ignition and someone stole it and then used it in a bank robbery, you certainly could be sucessfully prosecuted if the cops were asshole enough...same principle as leaving your wireless network unsecured I guess...although in this case it wouldn't apply since the owner of the router had applied a WEP key and therefore had taken "all reasonable precautions" available to him. (Doesn't absolve the thief of responsibility for their crime in any way either, I certainly wouldn't want a "friend" like that).



  •  The problem is, if you do set some security, it gets broken, and a member of the content industry treatens to sue you, it's evidence that it must have been yourself that did it, since noone else had access. Even though all it means is that noone else had authorized access.

     While if it's wide open, you have the 'anyone could have done it' defense available...

     Is no security better than poor security?



  • You could not break the law.



  • @MiffTheFox said:

    It's the responsibility of the owner to secure their network, which includes following best security practices.

    Disable Wifi?



  • I have to agree that this is a dick move on the part of the "friend". Not only is he wasting someone's bandwidth, which they paid for and may have a cap on, but he's also using it for illegal torrents. Great.



  • @Soviut said:

    but he's also using it for illegal torrents.
     

    How do you know that?



  • @Cassidy said:

    How do you know that?
     

    Innocent until proven guilty? Come on, how many legal torrents are there. Two? Three? Do you need to set up a box using your neighbour's wifi for that?



  • @TGV said:

    Do you need to set up a box using your neighbour's wifi for that?
     

    I understood he was using the neighbour's WiFi to bytescrump internet access, irrespective of what he was uploading/downloading.

    Perhaps I shouldn't have replied so soon after reading the thread about making assumptions....



  • @blakeyrat said:

    You could not break the law.

    Maybe you could not, but what when your neighbor couldn't not?



  • @Kittemon said:

    @blakeyrat said:
    You could not break the law.

    Maybe you could not, but what when your neighbor couldn't not?

    I couldn't not misunderstand this post.



  • @Kittemon said:

    @blakeyrat said:
    You could not break the law.

    Maybe you could not, but what when your neighbor couldn't not?

    How about you handle your own shit and let your neighbor handle his own shit? Or are you in one of those "nanny-state" countries where everybody shoves their nose into everybody else's business?

    Unless you're talking about your neighbor hacking into your wifi to download torrents, in which case I would reply: that's why we universally rejected the OP of this topic as a fucking asshat who is a shithead in jerksville.



  •  The OP and his friend are douchebags of the highest order. There are dozens of cases where cases have been brought against the bill payers of an Internet connection all because some ass-hat was leaching the connection and downloading things of the less-than-legal variety. Sadly, common sense doesn't always prevail, and plenty of the cases are lost by the defendants.

    If you're gonna be this stupid and inconsiderate, do it on your own damn connection.



  • @ASheridan said:

     The OP and his friend are douchebags of the highest order. There are dozens of cases where cases have been brought against the bill payers of an Internet connection all because some ass-hat was leaching the connection and downloading things of the less-than-legal variety. Sadly, common sense doesn't always prevail, and plenty of the cases are lost by the defendants.

    If you're gonna be this stupid and inconsiderate, do it on your own damn connection.

    It is rather smart to successfully shift responsibility for an illegal action onto someone else.



  • @blakeyrat said:

    @Kittemon said:
    @blakeyrat said:
    You could not break the law.

    Maybe you could not, but what when your neighbor couldn't not?

    Unless you're talking about your neighbor hacking into your wifi

    Which was, of course, precisely the question mooted in the post to which you initially replied, making your response seem... peculiar.



  • @Anketam said:

    It is rather smart to successfully shift responsibility for an illegal action onto someone else.
    I think you mean "put the blame on someone else". But it's not just smart, it's also amoral.



  • @TGV said:

    @Cassidy said:

    How do you know that?
     

    Innocent until proven guilty? Come on, how many legal torrents are there. Two? Three?

    Try 'hundreds of thousands'.

     



  • TRWTF is that torrents need to be explicitly labelled "legal".



  • @pkmnfrk said:

    TRWTF is that torrents need to be explicitly labelled "legal".
     

    Only because the "other" category aren't labelled accordingly.



  • @arh said:

    If my friend had done something like that, I'd be pretty pissed. If he didn't stop, I'd threaten to call the police. Which I would do. Of course. He'd then be an idiot anyway, a waste of friendship and a liability for my future career.

    Cultural differences are interesting. In my country, ilegally downloading music, movies and TV series is the norm. Most CD stores are almost always empty. I'd consider hard finding someone so offended for piracy, it's considered so "natural" people don't say "this record I bought" but rather "downloaded" (and it never mens digitally bought, believe me). On the other hand, people have at least the "decency" of using their own connection.



  • @atipico said:

    In my country, ilegally downloading music, movies and TV series is the norm. Most CD stores are almost always empty.
     

    .. and people don't relate cause and effect there?

    @atipico said:

    I'd consider hard finding someone so offended for piracy, it's considered so "natural"

    It's still wrong.

    It may be widespread, but that doesn't make it right - just tolerated and commonplace. But it's still wrong.



  • @Cassidy said:

    It may be widespread, but that doesn't make it right - just tolerated and commonplace. But it's still wrong.
    How about buying digital content only to have it remotely deleted and not even being given an explanation why? Is that right?



  • @ender said:

    How about buying digital content only to have it remotely deleted and not even being given an explanation why? Is that right?
     

    Depends on what the agreement said.

    Were you buying it outright, or were you buying a licence to use it (renting it from the owner) and thus subject to their conditions?

    Need a bit more context there - possibly an example or two - Ender, ol' chum.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.