digg

Facebook Connect Join Digg About

New law requires businesses to secure their WiFi networks

arstechnica.com Calling it the first law of its kind, Westchester County Executive Andrew Spano said the new law would cut down on identity theft while allowing businesses to avoid the "public relations disasters" that accompany data breeches.

Who dugg this? Made popular Apr 21, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

56 Comments

show profanity settings
expand all
  • fishbert, on 10/12/2007, -5/+34"So, what's the bank's WPA key?"
    "12345"
    "12345?! That's the kind of key an idiot puts on their luggage!"

    "What did the WPA key turn out to be?"
    "12345"
    "12345?! That's the same key I've got on my luggage!"
  • kowgod, on 10/12/2007, -2/+9Dumbass, if enough people lame it, it get's buried, regardless of how many diggs it has. Stories of digg corruption are lame, and are buried as such, by a ***** more people than the 40 idiots who digg it.

    Just deal with it. Stop whining.
  • ErikPersson, on 07/21/2008, -0/+6Why the hell are companies that deal with financial data even using wifi?
  • tomakun, on 10/12/2007, -1/+4This seems similar to enacting a law requiring all retailers in a city to install burglar alarms in their stores. Nearly everyone will do it because they do not want to get robbed, not because they will face government fines for not doing it. If someone is stupid enough to leave sensetive data on an unsecured network that is their fault and I have no sympathy. There are several problems with this:
    1) It will cause many businesses to make an investment in hardware and in some cases pay for IT support. For example, most coffee shop owners can figure out how to buy a router and plug it into their broadband connection, but few will be able to implement an authentication system on a secured network.

    2) It will cause vulnerability of networks because of the ubiquity of security. Faced with only secured networks, people living in this county will likely work on ways to crack the security on the networks.

    3) It is impossible to enforce. I doubt there is going to be any government-sanctioned wardriving going on. In an urban area, how do you tell that the wifi is coming from the coffee shop and not the apartment above it?

    4) This area of the RF spectrum is open to anyone who wants to use it. Technically all you are doing is broadcasting a signal in the 2.4 GHz range, which is permitted by the FCC. I think this could be easily challenged in court based on this.

  • stokestack, on 10/12/2007, -2/+5They're screwed. No, actually WE'RE screwed as the customer. Who's going to go through this hassle? Gee, I wonder who sponsors, lobbies for, or BUYS laws like this... the same telcos that are suing every city that tries to offer its citizens free wireless, maybe?

    This is actually worse than seatbelt or helmet laws. One could argue that failure to use those things consumes more emergency resources when you get hurt and puts others at risk by making them unavailable. But this law is *****. Where was it in the day of analog cell phones, which could be listened in on by anybody? Somehow we survived.

    Why don't we illegalize public drinking fountains and bathrooms, too?

  • aaarg, on 10/12/2007, -1/+4what a stupid concept....imagine a law where you "have to lock your doors and windows at night" to cut down on burglaries...this is the electronic equivalent
  • inactive, on 10/12/2007, -1/+4And this is the job of the government why? If companies are stupid enough to leave them open, let 'em learn the hard way. This is a useless law that wont protect anything in the end.
  • G00mper, on 10/12/2007, -0/+3WPA2 can be cracked with relative ease?
  • Hubris, on 10/12/2007, -2/+4They suggested it was only companies who kept customer financial information on their network. Generally the coffee shop won't have customer records, just a POS system separate from the network they provide.
  • Electrox3d, on 10/12/2007, -0/+2exactly.... "turn on security settings for their WiFi networks if they are used to access financial information for their customers." How dare they even have it on!! pull the plug i say.
  • thewebguy, on 10/12/2007, -0/+2GOOD

    this way if you want to share your wep, just put it in the SSID
  • stokestack, on 10/12/2007, -0/+2And? The point is that no one went after the cellular PROVIDERS for having "unsecured" networks.
  • CornStarch, on 10/12/2007, -0/+2There are easier low tech means of stealing people's information than hacking into a wifi network.
  • panic, on 10/12/2007, -1/+3"If companies are stupid enough to leave them open, let 'em learn the hard way."

    The problem isn't that companies are having their internet service used by lame-ohs. The problem is that companies have private data on normal people, like you and me, and unfortunately they don't always keep it secure. You could become a victim of identity theft from a simple open wifi connection at some joe-blow corporation. It would just require someone to hop on their network, and view some spreadsheet sitting on a shared drive full of customer information. All from the convenience of their own home or car.
  • nogami, on 10/12/2007, -2/+4That was my first thought too - besides any laudable security interest, it makes me wonder if there's also a hidden agenda to prevent businesses from offering free wifi to customers because it might cut into potential profits for major carriers who sell wifi connectivity.
  • Haywood, on 10/12/2007, -0/+2Because they think it's cool......plain and simple. When end-users see something they think is cool they immediately demand that everything be attached to it. They are the same kind of people that ask their company for a Treo when all they need is a cheap Motorola phone.

    As far as secure wireless....it's so easy to throw WPA and hide your SSID.....why any company would choose otherwise boggles my mind.
  • fishbert, on 10/12/2007, -0/+2If your local coffee shop uses their public wi-fi to access your financial information, I'd suggest finding another coffee shop.

    Did you last two knee-jerk reactionaries even read the bloody article?!
    The law has absolutely nothing to do with free wi-fi access points.
  • fishbert, on 10/12/2007, -1/+2Not such a stupid concept if your doors and windows are on a building that stores the personal possessions of hundreds/thousands of your neighbors in your house (as in the metaphorical case with a business and their customer's financial information).
  • fishbert, on 10/12/2007, -1/+2The "ease" with which your typical wireless network security may be cracked depends on:
    a) what method of security one selects to implement (typically, WEP or WPA variants)
    b) the entropy and length of the pre-shared key

    Given a WPA security implementation and a long, sufficiently random key, ones wireless network may be very challenging to crack.
  • bloodrain, on 10/12/2007, -0/+1those bastard. i want my free wifi.... oh wait that what hacking for.
  • wayjer, on 10/12/2007, -5/+6More challenges for the hackers!
  • Rotkiv, on 10/12/2007, -2/+3is wardriving against the law? is finding an open network against the law?

    but yeah, who's going to test that?
  • munboy, on 10/12/2007, -3/+4How do public WiFi networks work then? Will my local coffee shop be able to have an unsecured WiFi network? And they realize that any wireless encryption method can be broken with relative ease.
  • samdu, on 10/12/2007, -2/+3I couldn't agree more. It is NOT the job of the government to protect people from their own stupidity. Yet we keep allowing them to pass laws that (try to) do just that. This even crosses that line into the realm of restricting the rights of people (after all, businesses are made up of people - another little tidbit that often goes unnoticed) that WANT to share their Internet connections. This'll be a windfall for the trial lawyers, though. If the country keeps going down this path, we're going to end up the biggest country of sissies the world has ever seen. We're well on the way as it is.
  • adml_shake, on 10/12/2007, -2/+3Hell yes! I just signed up for the cisco wireless security class at my college! HELLOOOOO $$$$$$$
  • Aeiri, on 10/12/2007, -0/+1"Not such a stupid concept if your doors and windows are on a building that stores the personal possessions of hundreds/thousands of your neighbors in your house (as in the metaphorical case with a business and their customer's financial information)."

    If they walked in to the house saying "YES MY STUFF WILL BE SAFE!" without checking the windows or looking at certifcation from "Joe's Window and Door Locking Policies Certification", it is their fault for feeling safe, too.

    That's like turning right on a green arrow without looking left. So many people do it, and so many people get their car smacked. If they really cared about their security and safety they would have checked it out first, not expected the rules to be abided, as they will never EVER force people to comply, EVER.

    You have to protect YOURSELF people, not expect rules by threat of gun to work on people. Look at how well the death penalty has done deterring murderers from killing people. There's no such thing as murder in our society any more, is there?
  • cyclotron, on 10/12/2007, -0/+1BS this will not cut down on identity theft. Has there been a case where identities were lifted from wi-fi?
  • Aeiri, on 10/12/2007, -0/+1"The problem is that companies have private data on normal people, like you and me, and unfortunately they don't always keep it secure. You could become a victim of identity theft from a simple open wifi connection at some joe-blow corporation."

    Then the company will have learned a valuable lesson, lost a crazy amount of customers, and learned their lesson because of their mistake.

    And you would have had to call your credit card company and cancelled your credit card. Boo hoo. You learned your lesson from your mistake as well.

    What mistake was that, you ask? You gave them your information to begin with. "But I didn't know they were going to be stupid with my information! I trusted them!" You also didn't ask, and you also forgot a fundemental rule of security. DO NOT GIVE OUT YOUR INFORMATION IF IT IS THAT IMPORTANT TO YOU IN THE FIRST PLACE.

    YOU are in charge of keeping YOUR information secure. Stop handing out your information to every company that asks. Look at their security certifications, and if they don't have any, then DON'T GIVE YOUR INFORMATION TO THEM!

    It's not like these companies are stealing your information when you write it down on the peice of paper. You are choosing to use their service, they aren't forcing you, and you aren't forcing them. You do not have a RIGHT to "good" service in the first place, if you choose to go to a restaurant and they have crappy service, then you leave. Likewise, if these people seem incompetent, LEAVE.

    If you really think you have a right to their services, please look up the definition of the word "service" again.

    7. A facility providing the public with the use of something, such as water or transportation.
    8.
    a. Assistance; help: was of great service to him during his illness.
    b. An act of assistance or benefit; a favor: My friend did me a service in fixing the door.
  • Aeiri, on 10/12/2007, -0/+1Why in the world was this attached to THIS message? I didn't reply to this one....
  • schwit, on 10/12/2007, -0/+1I was under the impression the FCC had exclusive authority over the wifi spectrum and wifi equipment. If so, how does this place expect the law to be enforced.

    If the county really wanted to do something constructive it would prohibit the use of SSNs for anything not required by the feds and would prohibit the sending of SSNs, credit card numbers and passwords via email.
  • thespacepope, on 10/12/2007, -1/+2"Where was it in the day of analog cell phones, which could be listened in on by anybody? Somehow we survived."

    IIRC, it is illegal to listen in on cell phone calls (in the US at least) without a warrent.
  • stokestack, on 10/12/2007, -0/+1"Did you last two knee-jerk reactionaries even read the bloody article?!
    The law has absolutely nothing to do with free wi-fi access points."

    Well, uh, no. But it seemed like a good time to piss and moan about the issue.
  • solarpowered, on 10/12/2007, -0/+0Pants made out of data? Cool!

    Oh... you meant "data breaches"

    Never mind.
  • solarpowered, on 10/12/2007, -0/+0Lawssss? Lawssss? We don't need no steenking lawsss!
  • tommajor, on 10/12/2007, -3/+3how are they going to test that businesses are complying? break the law and go wardriving to find out?
  • zbeast, on 10/12/2007, -2/+2This wont cut down on nothing. If your a internet attacker I'm sure you can beat any "wap" protection provided by
    most access points. i'm sure this is all about trying to prevent free wifi.
    You want to if you just want to break into most companys networks. all you have to do is dress up nice and walk in sit in any conference room and connect to there network directly heck walk in and connect your own access point to there network. There cheap now $45.00 you can just leave it there.



  • bobothn, on 10/12/2007, -1/+1You need to have your security turned on ok i will do it for $500. click click click ok done. god i love the it profetion.
  • gailwin, on 10/12/2007, -0/+0this would be why

    I LOVE NEW YORK!!!

  • TokenUser, on 10/12/2007, -2/+2More coverage ... http://www.msnbc.msn.com/id/12412271/
  • coding, on 10/12/2007, -3/+3What about coffee shops that offer free wifi? If a network uses a shared key, if you are on the network you can still sniff traffic. Also why would this "financial information" be non-ssled?
  • tommajor, on 10/12/2007, -3/+2it's probably not against the law, but it's frowned upon... although it could be argued they left it open on purpose
  • radixus, on 10/12/2007, -3/+2Why do you need a law to force companies to lock down your Wireless network!? Any respected IT administrator that works for any company should lock down their WiFi. It SHOULD be first nature.
  • dani8559, on 10/12/2007, -3/+2it's "breach," kind sir.
  • inactive, on 10/12/2007, -9/+3@johndoe777

    it is against the TOS, so they if they want to do this then they should change the TOS to go with the scam
  • inactive, on 10/12/2007, -10/+4Ok show me where the story is...


    http://digg.com/diggall/cloud/links/diggsdesc

    this is the cloud view of the "links" with the most diggs

    this story was submitted three hours ago has over 30 diggs and is gone!


    digg it at

    http://digg.com/links/New_Wiki_entry_for_Digg_Corruption
  • inactive, on 10/12/2007, -8/+2story is now gone as stated before but,

    http://digg.com/diggall/cloud/links/diggsdesc

    shows the top story in links is a story from 19 hours ago with 20 diggs

    this has over 40 in 3 hours but not displayed

    I have watched digg spy and there havent been any reports on the story

    http://digg.com/links/New_Wiki_entry_for_Digg_Corruption
  • moohamadiscrazy, on 10/12/2007, -8/+1it wasnt buried at the time, but thanks for the concern kowgod
  • inactive, on 10/12/2007, -17/+10It was NEVER said, or even IMPLIED that the number of diggs, or even just teh RATE of diggs is what gets something to the front page.

    Not once.
  • inactive, on 10/12/2007, -12/+5Dont get me wrong, I am against censorship, and hidden agendas and all that good stuff.... Hell I had to make this new SN because my normal account was just term'd cause they thought I was running a digg bot (which I wasn't... but now that I think about it... that should be fun to code) but anyway, back to the topic at hand... its *not* our site, it belongs to the people that sit there coding it. We are merely guests..... if they have an opinion, then they are allowed to do whatever the hell they want to make their opinion seem 'more agreed upon' Just like they are allowed to term my account at will (which kinda irked me, but o well.... not enough to stop using the site)

    Bottom line is.... this site is pro firefox, mixed on apple, Anti IE, anti MS, Considering my entire career is based on MS products (iis, asp, vb, etc) that kinda sucks, but o well... this site is the best I found for my daily fix on nerd news.So quit your whining and be like everyone else.... if anything dares to speak against firefox, bury it to hell, if it says anything good bout firefox digg the ***** out of it. (btw, i hate firefox.... an opinion that isnt looked kindly upon on this site)
  • sneakerelph, on 10/12/2007, -15/+8i love spaceballs!

    LUDICROUS SPEED! GO!!!
  • Fetching more discussions...
    Show 51 - 56 of 56 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.