PDA

View Full Version : Digital Economy Bill and Ethical Hacking



Helkaluin
April 12th, 2010, 12:19 PM
The discussion I'm trying to bring up is two-fold, so bear with me.

First, if you haven't noticed yet, the Digital Economy Bill is passed 'rather quickly' in the UK House of Commons after the announcement of general election. Let us, for the sake of the tone on this board, steer off the political implications and focus on the technical implications.

So, precedent-setting and parliamentary-sovereignty issues disregarding: The main short-term fear most opposers of the Bill (now Act) is that free wireless services found in, say, cafes will soon disappear, as the duty to regulate illegal internet traffic seems to lie on the 'provider.'

That alone worths discussion, but the second part is that:

And how does this tie in with ethical hacking? Well, it's Easter holidays now (still a schoolboy here) and it happens that my mother's house does have wireless set up. When this holiday started it became clear to me that she might have fallen to some ARP spoofing attacks whilst I was at school (boarding, so I was well away), and luckily she clicked 'decline' to those bogus SSL certificates.

After changing the encryption to WPA (somehow the telecom thinks WEP is enough for default; compatibility issues, I guess) and setting the key to an almost-random 20+ passphrase, I thought it's ridiculous how easily that we can still find WEP or even insecure wireless networks around the house.

Now that this Bill is passed, I fear the number of people who simply connect to their neighbour's networks will certainly increase, for whatever reason. Unfortunately, the wireless network next door is still WEP, and within minutes the passphrase is revealed to be the neighbour's name with two extra numbers appended to it, what's worse is that the router can be telneted with the default password. Fortunately, the neighbour next door is the fencing teacher at school, and a quick knock on the door cleared things up.

So, do you think that you have the obligation to, at least, advise your neighbours on securing their networks, especially when this Bill is passed? Or is it the responsibility of the user, for whatever legal implications there are for the responsibility of controlling your own network? I personally cannot bear the thought that the number of script kiddies will possibly get a major boost after this bill that supposedly deters illegal traffic gets passed. But then again, let's steer away from the politics.

koshatnik
April 12th, 2010, 12:29 PM
The discussion I'm trying to bring up is two-fold, so bear with me.

First, if you haven't noticed yet, the Digital Economy Bill is passed 'rather quickly' in the UK House of Commons after the announcement of general election. Let us, for the sake of the tone on this board, steer off the political implications and focus on the technical implications.

So, precedent-setting and parliamentary-sovereignty issues disregarding: The main short-term fear most opposers of the Bill (now Act) is that free wireless services found in, say, cafes will soon disappear, as the duty to regulate illegal internet traffic seems to lie on the 'provider.'

That alone worths discussion, but the second part is that:

And how does this tie in with ethical hacking? Well, it's Easter holidays now (still a schoolboy here) and it happens that my mother's house does have wireless set up. When this holiday started it became clear to me that she might have fallen to some ARP spoofing attacks whilst I was at school (boarding, so I was well away), and luckily she clicked 'decline' to those bogus SSL certificates.

After changing the encryption to WPA (somehow the telecom thinks WEP is enough for default; compatibility issues, I guess) and setting the key to an almost-random 20+ passphrase, I thought it's ridiculous how easily that we can still find WEP or even insecure wireless networks around the house.

Now that this Bill is passed, I fear the number of people who simply connect to their neighbour's networks will certainly increase, for whatever reason. Unfortunately, the wireless network next door is still WEP, and within minutes the passphrase is revealed to be the neighbour's name with two extra numbers appended to it, what's worse is that the router can be telneted with the default password. Fortunately, the neighbour next door is the fencing teacher at school, and a quick knock on the door cleared things up.

So, do you think that you have the obligation to, at least, advise your neighbours on securing their networks, especially when this Bill is passed? Or is it the responsibility of the user, for whatever legal implications there are for the responsibility of controlling your own network? I personally cannot bear the thought that the number of script kiddies will possibly get a major boost after this bill that supposedly deters illegal traffic gets passed. But then again, let's steer away from the politics.

1) the bill is an *** and will be revoke pretty quickly
2) responsibility for securing your connection is down to you the user. Ignorance of such matters is no defense. If you don't know how to secure a connection and don't bother to read up on it, then take the consequences.

Swagman
April 12th, 2010, 12:30 PM
When the majority of the nation gets burned then the politicians will have to amend or scrap the bill.

Bring it on.

Helkaluin
April 12th, 2010, 01:22 PM
When the majority of the nation gets burned then the politicians will have to amend or scrap the bill.

Bring it on.
Irregardless of what will happen, the thing is this Bill is law now. This is sanction by mere accusation we're talking about. And it's legal.

koshatnik
April 12th, 2010, 02:39 PM
Irregardless of what will happen, the thing is this Bill is law now. This is sanction by mere accusation we're talking about. And it's legal.

You still have to catch people, and who is going to police it? Unworkable, impractical, not worth worrying about.

There are plenty of dumb, unworkable, unforceable laws, this joins that pile. It will be revoked and I bet before the year is out.

MattBD
April 23rd, 2010, 05:03 PM
Of the major parties only the Liberal Democrats seem to have actually understood the implications of the Digital Economy Bill and they've promised to revoke it if they get into power. As a result, they've got my vote.

In practical terms more robust and stealthier means of sharing files are bound to come along - even now I think downloading via Usenet is virtually impossible to detect, and darknets would also be a possibility. For that matter it's easy to share files with people you know IRL via sneakernet thanks to high-capacity USB flash drives and external hard drives.

fidelandche
April 23rd, 2010, 05:18 PM
If you want to see member of the "celebrity" class talking about this bill and what it means for us, watch this video. Mark Thomas also on his site informs people if they want to see any of his work to download via a torrent.

http://www.youtube.com/watch?v=l4S4siQAfY4

Helkaluin
April 23rd, 2010, 06:20 PM
http://www.youtube.com/watch?v=l4S4siQAfY4Interesting.


even now I think downloading via Usenet is virtually impossible to detect, and darknets would also be a possibility. For that matter it's easy to share files with people you know IRL via sneakernet thanks to high-capacity USB flash drives and external hard drives.

This Act is actually what convinced me to run a Tor relay 24/7 beside my ongoing Rosetta@home. Somehow I just don't want my ISP to read my internet usage logs.

helliewm
April 23rd, 2010, 06:39 PM
Does TOR slow down your internet connection?

Helkaluin
April 23rd, 2010, 09:34 PM
That depends on the number of nodes contributing bandwidth and your normal connection speed in relative. Currently the answer is yes.