EggXpert

The reason its not secured is probably because they dont know how.

As with others, i would ask first............

---

Updated Utility thread without downloading*online!*

More info

just use it.

just don't do anything illegal on it, and it shouldn't be a problem. 

 the way I see it - if they wanted it to themselves, they would secure it. If they are worried about other people using it, they would secure it. If they didn't want people leaching bandwidth they would secure it. If they really cared, they'd do it.

If they are old, they probably had someone else set it up, and its practically standard procedure to put WPA or WEP encryption. If they did it themselves, most routers have a security step. 

you could also play the role of a friendly neighbor, offer to give them encryption as long as you got to borrow it for a day. Explain there is no harm, other than taking bandwidth that is probably not being utilized by them. 

I asked my friend why he didn't have security on his wireless, and he said "i don't care, if they want to use it, they can" 

and whats the harm in asking, other than the awkwardness?

Something I want to clear up here which is a huge common misconception about using unsecured wireless connections, it is NOT illegal to use it.  Morally you might be in the wrong but legally you have nothing to fear.  There has only been one arrest of someone who was using an unsecured wireless connection without the owner's permission.  This occurred in Florida.  I don't remember the details now, but the law on the books used to arrest the individual wasn't directly pertaining to use of an unsecured wireless connection.  They went about it in a round about fashion with an existing law.  The guy was a dumas as he was camped out in his car in front of the victim's house.  After about a couple of hours with the homeowner watching him plugging away at his laptop, he decided to call the cops.

Laws have not caught up to current technology and thus have not addressed issues of unsecured wireless networks.  But crafting such a law is tough as how do you make provisions for those unsecured networks that are left unsecured intentionally by individuals/groups/businesses that want to give out free connections.  These do exist.  I guess you can require the owner of the access point to put FREE in their SSID or something to that effect.  It's the same thing with wired computer systems especially in the corporate environment.  A security banner has to be setup to notify anyone looking to access your systems that it is illegal to do so without proper authorization.  It's stupid but it's required to be able to prosecute any hackers.  There have been cases where hackers were let go because a security banner wasn't set up.  The hacker just said I didn't know the owner of the network didn't want me on their systems.  The same applies to wireless networks.  Encrypting your network is equivalent to putting up a security banner.  If a hacker goes through the hoops to bust the encryption, then they are now engaging in illegal activity.

LAPTOPGAMER:

It could be argued that he provided a free WIFI hot spot, by not securing it that is what he did, and if you just use it for a day, what is the harm?, now if you used it for a week, well that could become a problem.

It sounds like you're trying to convince us to convince you that it's OK to use your mother-in-law's neighbor's internet access.

Are they going to catch you doing it?  Probably not.
Should you do it?  That depends entirely on who you are.
Would I do it?  Only with permission, and I'd offer to assist them with securing it regardless.

And a bit off topic, if someone lived close enough to me (or my mother-in-law, or whatever other family I was visiting) to get a decent wireless signal from them and I didn't know them...  Um...  Yeah, it may be time to move somewhere a little less urban. 

Actually it is a felony in my state to access any network or computer without consent. People in this thread saying that it's ok to use it if people aren't savy enough to secure it is ridiculous. That's like saying it's ok for a thief to steal from your car if you don't lock your doors.

I read about one guy that was successfully prosecuted for stopping each morning and using a coffee house's wireless network but never going in to buy anything. 

Here's a good article discussing unauthorized use of unsecured wireless networks:

http://www.networkworld.com/columnists/2007/052307backspin.html

I've been searching high and low and have yet to find anything codifying access of unsecured wireless networks as illegal and a felony.  The case in Florida was prosecuted as a theft of services.  The other cases talked about in the above article dealt with hacking which the author pointed out was funny as there wasn't any hacking involved with an unsecured wireless network.

And to make it clear.  I never said I was endorsing or berating people who access unsecured wireless networks.  That's up to the individual to decide with their own moral compass.  But to say generically it is against the law is incorrect as I have yet to see any locality pass a law specificaly addressing unauthorized access to unsecured wireless networks.  I've seen stories about legislatures looking to pass laws but none that have been codified.

Look up California Penal Code section 502.c.7 and 502.c.5. It's against Federal law to have unauthorized access to computers or computer services. Since wireless routers provide a computer service this is illegal everywhere in the US. It's not widely prosecuted yet because so many people can't even secure their wireless networks let alone catch someone using it.

Sorry if you misunderstood me, I wasn't accusing you of endorsing it. Some of the other posts act like it's fine to use it if it's not secured. It's stealing plain and simple there is no gray area about it.

Penal Code 502.c.5:  Knowingly and without permission disrupts or causes the
disruption of computer services or denies or causes the denial of
computer services to an authorized user of a computer, computer
system, or computer network.

Penal Code 502.c.7:  Knowingly and without permission accesses or causes to be
accessed any computer, computer system, or computer network.

This first penal code assumes a person accessing an unsecured wireless network is doing so with the intent of causing malicious harm to the person's network and attached computers.  It doesn't address the situation where the person is only looking to use the internet connection to do something tame like check email.

The second penal code assumes the person does know the intent of the owner of the wireless network.  Laws in general are not prosecuted by assumptions...well at least most of the time.  A person attaching to an unsecured wireless network has no indication their presense is unwelcomed.  You can make the assumption but it isn't spelled out clearly in black and white.  By securing your wireless connection, you have given notice you do not want anyone who doesn't have the appropriate credentials to access your network.  If the person still goes through extra steps to bypass this measure, then even though there wasn't a security banner putting the person on notice that unauthorized access to your network was prohibited, in the eyes of the court the encryption is sufficient notice.  Ignorance of the tools available to you to secure your IT systems is not an excuse for not holding the owner of such systems liable or contributory towards an consequences that may occur.  An analogy that is used often is the situation of leaving a car unlocked and the keys in it.  The expectation everyone knows is that no one just leaves their car out for anyone to use it.  So the assumption the owner of the car is allowing anyone to use it is false.  But the fact the owner had the means to lock the car and take the keys with him/her leads to contributory negligence.  In many localities, the police have often cited car owners for leaving their cars unattended with the keys in their car and engine running.

With Federal law about unauthorized access to computers or computer services, the security banner is what enforces the law or means by exhibiting the network is not to be used by anyone in the public.  In setting up computer systems for both government and commercial installations, a security banner is one of the first things we do to meet legal prosecution requirements putting a hacker on notice.  This was discussed at lengthe when I attended a SANS conference a while back dealing with legalities in information security.  Now the angle that many prosecutors are using which is theft of services is an interesting one.  But the burden to prove the person 1) knew their access was not reasonable and 2) the person did access internet services not meant for public consumption is an interesting one.  The first bullet goes back to my previous points.  The second assumes the person has proper logging and can prove the person used any part of their internet service.

The big issue lies in how the wireless protocol is set up.  By default a wireless client is operating in promiscuous mode.  There can be a situation where a person meant to attach to a certain network but inadvertantly hopped on to another network.  It happened to me by accident once.  I was in the middle of trying to troubleshoot my wireless router and thought my PC was still attached to my wireless router which I left unsecured at the moment due to losing the connection when I enforced encryption.  I was trying to download some driver updates from Netgear and realized halfway through the download I was on someone else's network.  After I got done, I immediately jumped off the network and ensured I was on my own network.  So in this case, should I be arrested and prosecuted for an honest mistake?

No problem.  Glad you made yourself clear that you didn't intend on implying I was endorsing the access of unsecured wireless networks.  I try to stay neutral with this issue as the way the manufacturers and the government have this set up it's not easy in making a black and white assignment of guilt.  What network device manufacturers should do is to set wireless encryption on by default and only allow connections when the owner goes in and assigns their own passphrase.  The problem for the manufacturers by doing this is that it complicates their call support model.  They can't have a drone just sit there on the phone reading scripted responses.  They would have to at least hire support staff with half a clue.

I agree totally that the manufacturers are really slack with wireless routers. There is no reason they can't design a setup that requires security. Here is an interesting article on the legal argument over WiFi access you might like.

 http://www.dba-oracle.com/t_unauthorized_access_computer_network_crime.htm

Good article.

And something I forgot to mention that the article mentions is the "evil twin" attack.  I still view this as the network equivalent of a honey pot.  But people who indescriminently connect to unsecured wireless networks need to realize they are taking a chance that they are actually the subject of an attack or hack.

My SOP with wireless networks.  I will never connect to a wireless network I don't know the particulars of.  If I'm using a wireless network at a hotel or place like Starbucks, I will ensure I have proper security on my laptop like a software firewall and Deep Freeze running.  I will also limit the type of network sessions I initiate through it.  Most of the time I use my own mobile internet service via Sprint's 3G EVDO network.

Here is the article with the guy at a coffee house that was charged with unauthorized wifi access even though it was a open access point.

 http://www.networkworld.com/news/2007/052307-fine-using-free-wifi.html

Interesting.  Reading through the article and the comments that follow was pretty entertaining.  Like what some of the commenters have said, the law as I can infer from the article isn't cut and dry.  I'd like to see the exact verbage of the law.  I'll do some searching to see if I can find the exact wording.  This is a classic example of lawyers writing laws pertaining to technology they don't understand.  As you probably know, by the very nature of WiFi it's a very promiscuous type system.  Wireless clients will latch on to the very first open network it sees.  I can understand a bit more if the shop owner took a only a token step in an attempt to secure their network by turning off SSID broadcasting.  The shop owner could just put up a sign inside the shop stating if you want to access the free WiFi then use this SSID.  At least there is a foundation on establishing the network is only for patrons and people who are accessing the network had to take an extra step scanning for a network.

I'm curious whether the accused is going to fight the charges.  I bet if he gets a good lawyer he's going to get off.  And if one of the commenters in that article is right, the state has now business going forward with pressing charges as the shop owner of the WiFi network said they were not interested in pressing charges and didn't care he was using their network.

LAPTOPGAMER:

It could be argued that he provided a free WIFI hot spot, by not securing it that is what he did, and if you just use it for a day, what is the harm?, now if you used it for a week, well that could become a problem.

Wow, that is so flawed in so many ways... And the fact that people don't see why it's flawed is terrifying..  I think maybe I should go around and take flags and signs from people's lawns.. After that, I'll go to the public playground and dig up the slide and bring it home with me and take a few swings with me too...  After that, I'll start stealing cars from the parking lots.. If people didn't want their cars stolen, they would have paid a few dollars for some security on their car..... So I guess it's just fine and dandy for me to take whatever I want? Any car without a car alarm should be legal to steal?

I mean, they're just sitting there! If they really wanted whatever it was, they should have put down a layer of concrete or at least put the base at least  20 feet into the ground..  I guess since they just left it there so it's possible to take, anybody can... Right?  Heck, I should walk on down to the schoolyard and steal all the little children's bicycles everytime they forgot their locks at home.. I mean, if they really wanted their bicycles, they would have gone back home to get one so they can lock it up right? So I can just steal them because they're not locked up? Obviously not.. And stealing bandwidth because it isn't locked up is a huge no-no also and should end you up in jail..

 For those who can justify stealing bandwidth because it's easy to get away with is just totally ridiculous.. Just because it's EASY to steal something and get away with it doesn't mean that it's not illegal..    If I park my car in the parking lot.. Perhaps I bought one of those cars that is incredibly easy to break into or perhaps I left the keys on top of the roof..  Does that mean it's legal for somebody to steal my car? Heck, if I really didn't want them to steal my car, then I shouldn't left my keys on the car..  So they have the right to steal the car and keep it, without any legal prosecution?

I guess that's just an invitation to make it legal for somebody to steal my car right? Because I didn't pay the extra money for a better car? So it's alright for people to steal my car?  That's totally BS and some of you people really scare me!

Just because someone didn't pay the extra money for securing their network doesn't mean that you can steal their bandwidth..  It's illegal and wrong.. 

Tombstone:

just use it.

 

just don't do anything illegal on it, and it shouldn't be a problem. 

 

 the way I see it - if they wanted it to themselves, they would secure it. If they are worried about other people using it, they would secure it. If they didn't want people leaching bandwidth they would secure it. If they really cared, they'd do it.

I seriously hope you're being sarcastic... Simply using it is illegal.. It's theft of services, and doing it intentionally can get you jail time in many states..  Same thing with stealing towels, blankets, Bibles, silverware,  etc. from Hotels.. Just because they leave them out doesn't mean their yours or that you can take them home or use them without permission..

There is a HUGE difference between a hotspot and a home unsecured network.. One you have permission to use, and the other you don't.. Same thing with sex..  If you don't have permission to have sex, it's rape..  Just because somebody else has sex with that person on a regular basis doesn't mean you can. Just because a hotspot is open and you have permission to use it doesn't mean the same applies to home unsecured networks..

LAPTOPGAMER:

It could be argued that he provided a free WIFI hot spot, by not securing it that is what he did, and if you just use it for a day, what is the harm?, now if you used it for a week, well that could become a problem.

and you would lose that argument in court.

Jayflex:

Look up California Penal Code section 502.c.7 and 502.c.5. It's against Federal law to have unauthorized access to computers or computer services. Since wireless routers provide a computer service this is illegal everywhere in the US. It's not widely prosecuted yet because so many people can't even secure their wireless networks let alone catch someone using it.

then that will be challenged and lose in court.  Having an unsecured wireless network is no different "access-wise" to having your car in your driveway unlocked with the keys in it.  It is stupid, but being stupid is not criminal. 

If you knowingly attach-to and use your neighbors signal, then you stole his signal.....and you KNEW it.

Granted stealing a car is much different in $$$ value than stealing some bandwidth, (don't say borrow, it's NOT borrowing,) but the intent is the same.  the Neighbor had something you wanted, and you took it without asking. 

---

Federal Criminal Code Related to Computer Intrusions

• 18 U.S.C. § 1029.  Fraud and Related Activity in Connection with Access Devices
• 18 U.S.C. § 1030.  Fraud and Related Activity in Connection with Computers
• 18 U.S.C. § 1362.  Communication Lines, Stations, or Systems
• 18 U.S.C. § 2510 et seq.  Wire and Electronic Communications Interception and Interception of Oral Communications
• 18 U.S.C. § 2701 et seq.  Stored Wire and Electronic Communications and Transactional Records Access
• 18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information

This is updated for U.S.C Title 18.

---