Westchester County passes WiFi security law

I live in westchester, this doesn't seem like that big a deal. Its probably a godo thing considering there are alot of big bunsinesses with alot of people's personal info in the area.

That's actually not a bad idea. While I detest the idea of applying laws to who can and cannot have a network and broadcast it to their hearts desire, this isn't really regulating data or access.. it's just a law to defend people against a lack of common sense.

I don't "wardrive" (And I don't know anyone who's still so awed by the concept of wireless internet that they indulge in such novelties) but I did happen to have my laptop on the ride home a few nights ago. Travelling a mile down a fairly built up stretch of road here in Ft Lauderdale, I found ~250 networks using NetStumbler. I didn't connect to any of them mind you, I zipped by too quickly even if I wanted to try - I did want to see, however, how many showed up with default SSIDs or without any encryption whatsoever. Startlingly enough, I found that about %75 of them were insecure, and likely easily exploited.

Granted, the security that is available is ultimately paltry and easily cracked, at least this might keep people from blindly setting up a network upon which secure information may be stored, and leave it wide open for any snot-nosed script kiddie who learned a new trick, reading 2600 at the book store. My only concern is this - just how are they going to determine who is violating this? Who will report it? Will the police actively search for open networks and then determine who the offending party is with a signal strength detector? Will they/should they obtain warrants to do this? Or will they just sniff packets until they find the relevant information?

Westchester has almost no hotspots. just starbucks.

Just for kicks, when I'm in the car I'll turn on my PocketPC and open WiFiFoFum. We can drive a mile and find fifty access points, almost all of which are open, and a lot with the default names. Once I found an access point renamed to "SECURE ME!". Fun stuff.

Oh yeah, leave it to Westchester County to enact something like this. We have probably some of the dumbest laws in the book, sometimes I just wished I didn't live in this place!

The house over the road from me has unsecure wireless network....i tried to teach them to secure it by changing the name to SECURE TO STOP HACKERS and then added basic security so that they would actualy secure it. The next day i check if they had and no, they had just simpely reseted the router. Some people will never learn

If they don't learn, then don't bother trying to teach them, they never will.

"Oh yeah, leave it to Westchester County to enact something like this. We have probably some of the dumbest laws in the book, sometimes I just wished I didn't live in this place!"


The law actually sounds like a good one. What is your problem with it?

It will indeed be quite problematic to 'enforce' this law. But, that may not be the point. Very few of the laws in this contry have anything to do with crime prevention and everything to do with prosocution. If a hacker/malcontent/terrorist/spammer jumps on someones unsecured wifi and does their dirty internet deeds, the owner/manager of the wifi network can just shrug their shoulders and say "I didn't want that person on my network. I'm just as much a victim in this as anyone else..."...this has happened before.

This law probably is designed to make that territory/situation a little less ambiguous in the courtroom. Now it's in writing that you ARE responsible for your network, and you ARE OBLIGATED to secure it (in the corporate sector anyway)...no more of this "I didn't know how to...". You are required to know, and to do. End of story.

Kinda sad that people (and since this is focussed on businesses, we're talking about PROFFESSIONALS) need to be threatened with a criminal record and monetary fines to take 10 minutes to read their user manual and do something that they should do for their own protection anyway...

Here's a question, I thought the FCC was the only one that could regulate and mandate how anything wireless operates? Are they applying authority where they have none? If they are so concerned about security, why not mandate that companies switch to a more proprietary wireless method? Better yet, will the local government be providing funds to assist in securing the networks, since they are mandating it? And even better, what defines the minimum level of security? Its too ambiguous - if you're going to make an law it has to be exact (i.e. noon to 2PM no watering of your lawns not don't water your lawns during midday).

If an company wished to put an open ethernet port outside of their building would this law prevent it? A company is a private entity that will have to answer to its customers (and ultimetly to the government) if confidential information is leaked, but honestly, you're more likely to have your identity stolen by the sales person who takes your CC info over the phone or from employees in a store that still uses that good ole carbon paper swipe method.

My next question is: So where is the law mandating that cookies be removed from the computer every minute to ensure that confidential user information is not stolen?

What are the dangers of having an open WiFi network?

Meaning, I have a D-Link 802.11b wireless network in my condo that I leave open and it has a signal range to across the street to a park (not heavily populated, I live in a smaller town). I've always done this so that others in the neighborhood can use by bandwidth when I'm not using is because I pay for the DSL either way. Kind of a way to promote more WiFi coverage. A lot of my neighbors do the same, but, I guess, I've never really looked into what the dangers are. So, what are the dangers? I'm running Windows XP on a Dell and it is a personal computer - i.e. has some of my personal data on it, but not a repository for lots of highly sensitive info. Should I clamp down and shut off the open access?

@Marty:
I think it is good what you are doing and that you don't let scare tactics about hackers frighten you from sharing your internet access.

Honestly I think the chance of an experienced enough hacker happening to hop onto YOUR hotspot and begin to hack YOUR personal computer are a lot slimmer than an experienced hacker coming across your computer on the internet and doing the same.

As long as you take the same basic precautions you should be taking anyway just because you are on any network -- not having shared drives with no passwords, using a basic firewall, making sure extra uneeded ports aren't open) you are quite safe.

Anyone that thinks I am incorrect is free to post their opinion.

I live in Westchester. This is classic Westchester nonsense to make it look like they know what they are doing. Trust me, the legislators have NO clue what they were really voting on, whether it was even POSSIBLE to enforce this regularly. It just looks good for the evening news. Now I have to deal with the damn log in issues in my office as we run wifi routers instead of paying the union to run cables when we moved in. Thanks Mr. County Exec Andy Spano, you just lost my vote. Try asking some people who really knows something instead of checking in with your political consultants. Ha ha!

Well thats a little better news, but having to put warnings about wi-fi security is about as dumb as having to put cautions on a coffe cup when you ordered it hot to begin with.

Marty to answer your question sharing your wifi connections can cause your service to slow down in speed because other are using your bandwidth. Also when some one is connected to your router that means they are connected to your network which can lead to others seeing files they are not suppose to see. I have acctually received a couple of computer service calls since this this law was announced. Having an encrypted wireless connections is very important and very easy to setup. If any one has questions or needs advice feel free to visit my website and drop me an email.

Regards,
John R.
http://www.pctechz.com