A new law passed today by County Executive Andy Spano, makes Westchester, NY the first county to fine businesses for running open, Wi-Fi networks. The law, which takes effect in October, requires businesses who offer public Internet access and / or maintain personal information on a wireless networks to take ???minimum security measures," to protect those networks. These measures include installing a network firewall, changing the system???s default SSID (network name) or disabling SSID broadcasting.
First time offenders will receive a warning to correct the problem within thirty days. A second violation will result in a $250 fine and any further violations will mean a $500 fine. The death penalty is not being considered.
Westchester should be commended for requiring companies to provide responsible, Wi-Fi access, but the legislation could do more harm than good.
Changing the SSID will do little to protect users and at best engenders a false sense of security. Users may well think that there sessions are secured for valuable information when in fact they would likely remain as vulnerable as before.
Finding SSID with different names is a cinch. Just with XP, for example, users can list all nearby wireless networks. What's more, none of the proposed measures will stop a hacker from sitting in the outside parking lot and capturing and decoding WiFI packets using a protocol analyzer.