There's a Crack For That
Need to crack the security on the wireless networks of 250,000 - that's almost two-thirds! - of Eircom's broadband customers so you can share copyrighted content without falling afoul of Eircom/IRMA's private HADOPI law? There's an App for that.
Technically the Dessid app is marketed as a "password recovery tool" though the author admits it could, like the vast majority of networking software and hardware, be used for nefarious purposes. The app uses a vulnerability in the way default SSIDs, passwords and encryption keys were set up on the Netopia routers supplied to the majority of Eircom's customers. This is hardly a newly discovered weakness, the Eircom SSID Thinger and the code it's based on have been around for about three years.
What this situation is really demonstrating is how hopelessly unfit Eircom/IRMA's Three-Strikes rule is for the broadband environment it's entering. How can you cut off customers for file sharing when more than half of your customers are using the insecure default configuration that you supplied them, a configuration that allows anyone to access their internet connection? How can you punish customers for breaking a rule with absolutely no way to prove who actually broke that rule? Is it now against Eircom's terms of service to not understand wireless security protocols? Naturally, once the animated corpse of the recording industry gets involved, logic no longer applies.
As with an increasing number of IT related stories, there's an XKCD strip for that.
Technically the Dessid app is marketed as a "password recovery tool" though the author admits it could, like the vast majority of networking software and hardware, be used for nefarious purposes. The app uses a vulnerability in the way default SSIDs, passwords and encryption keys were set up on the Netopia routers supplied to the majority of Eircom's customers. This is hardly a newly discovered weakness, the Eircom SSID Thinger and the code it's based on have been around for about three years.
What this situation is really demonstrating is how hopelessly unfit Eircom/IRMA's Three-Strikes rule is for the broadband environment it's entering. How can you cut off customers for file sharing when more than half of your customers are using the insecure default configuration that you supplied them, a configuration that allows anyone to access their internet connection? How can you punish customers for breaking a rule with absolutely no way to prove who actually broke that rule? Is it now against Eircom's terms of service to not understand wireless security protocols? Naturally, once the animated corpse of the recording industry gets involved, logic no longer applies.
As with an increasing number of IT related stories, there's an XKCD strip for that.