With the proliferation of wireless computing technology (aka “wi-fi ethernet”) and people freely using other people’s open wireless networks — I have a hard time calling it “stealing” but it is — I started asking myself: is it morally wrong to set up a transparent HTTP proxy that injected malicious scripts into the HTTP response to exploit people’s computers who are using your wi-fi? My gut says that knowingly destroying other people’s computers is wrong, always wrong, even if they’re illegally trespassing on your wireless network and stealing your bandwidth without your permission. But, then I wonder if it’s a framing or context problem. Is it so obviously wrong because it’s happening in an intangible space and all highly theoretical? So, I tried to redescribe the problem in more mundane terms.

What if you were a candy store, and you had a serious shoplifting problem: where people would randomly walk into your store and help themselves to some of your candy without paying for it? Would it be wrong to poison a subset of candy and mark the poisoned goods in such a way that only you could identify them? If a real customer came along and wanted to purchase the candy, you’d recognize it as being poisoned and replace it with a clean version. But, if someone just came along and grabbed it and walked off with it, if they proceeded to eat it, then they got what they deserved? If they didn’t get permission to take your candy, you have no obligation or responsibility as to what happens to them if they steal it, right?

Are the two situations (unauthorized use of wi-fi vs. owning a candy store) really different? Is the aggressive defense mechanism acceptable in one situation but not the other? Are both unacceptable? Should the entire burden of securing a wireless network rest on the shoulders of the owner of the network, or should there be some responsibility and etiquette for people not to just assume that because a wi-fi network is unrestricted that it doesn’t make it open for public use? If I set up open wi-fi and want to signal that it’s open for public use, I’ll include “public” in the SSID to signal it as such.

What do you do with your wi-fi networks? Do you secure yours, or leave it wide open, or what? If you leave yours open, do you have a problem with people jumping onto it and using it? Have you ever had someone use your wireless network and send spam using it, or anything else you’d not want them to do, but you still want to leave it open so that other good people can use it when they need to?

For the past ten months, I’ve been reposting entries from my blog at dossy.org to this blog here at Blogger. I did this to see if it would encourage folks to post comments if they already had Blogger accounts, since due to a large volume of blog comment spam I decided to require sign-in in order to comment. However, there’s been hardly any comments being posted to the Blogger blog, so I wonder how useful it is for me to keep reposting the entries.

Unfortunately, Blogger doesn’t give me any stats about who’s subscribed to my blog’s feeds, so I really have no idea who’s even reading it over there. If you’re reading this over at my Blogger blog, please let me know by either emailing me or leaving a comment either here or in my own blog. I’d like to know why you’re reading it, if you are. If you’re subscribing to its feeds, I’d like to ask you to instead subscribe to my blog’s feeds: RSS 1.0, RSS 2.0, RSS 2.0 comments feed.

If it seems that nobody’s reading the Blogger blog or its feeds, I’ll likely stop reposting stuff there just to save me a bit of time, so if there’s a reason you read it instead of my blog at dossy.org, please let me know.

This article at eWEEK.com is the reason why I’ve switched to using the Mozilla Firefox web browser for everything except a few web applications at work which only work with MSIE.

Read the article, but the gist of it is that a fully up-to-date Windows system, if browsing a malicious site containing the exploit, can be made to execute arbitrary code that the attacker has intended on your system. Quoting from the article:

The proof-of-concept exploit, which is available from the FrSirt site, currently launched the Windows Calculator (calc.exe) but can be easily modified by malicious hackers.

What I’d really like to see is someone modifying the proof-of-concept exploit to instead fetch a copy of Firefox, perform an unattended install of it, then rename IEXPLORE.EXE (the MSIE executable) to something else and replacing it with a copy of FIREFOX.EXE. Of course, I’m sure anyone who did such a thing could go to jail because there’s no distinction made between “good hacking” and “bad hacking” in our lovely legal system. You know, the same legal system that lets killers walk free but makes hackers go to jail.