Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sneaking a peek on Wlan in airports

From: Jason Chambers <jchambers () ucla edu>
Date: Wed, 16 May 2007 15:58:18 -0700
Your best off forgetting about it and deleting the data if you still have it. Insecure communications are all over the place and there are laws to act as a deterrent to their interception. You'd be putting yourself at risk to pursue educating this user.
At http://www.securityfocus.com/infocus/1885/2 , Read the section under "Legal considerations". 


From the link above...
"""
In general, it is illegal in both the U.S. and most European countries to intercept wireless traffic without the consent of at least one (and sometimes both/all) of the parties to a communication, subject to certain exceptions provided by the applicable law, such as interception by law enforcement with a warrant under a court order, or interception by the network operator or service provider in order to manage its business.
Monitoring or scanning wireless traffic simply to identify networks in the area, due to the fact it is an activity that does not involve capture of the message content or traffic data for specific communications (an area where the legal restrictions become really strict), could well be legal in most countries.
The traffic acquisition activities must be accomplished after receiving proper authorization, typically in the form of a search warrant (or other legal process), and are mainly regulated in the U.S. by the Communications Assistance for Law Enforcement Act (CALEA) of 1995 [ref 22 <http://www.securityfocus.com/infocus/1885/2#ref22>] and in Europe by the European Council Resolution of 17 January 1995 on the Lawful Interception of Telecommunications (Official Journal C 329) [ref 23 <http://www.securityfocus.com/infocus/1885/2#ref23>]. 

"""


Regards,

--Jason



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jasper.o.waale () kh pwc com
Sent: Wednesday, May 16, 2007 1:20 AM
To: listbounce () securityfocus com; pen-test () securityfocus com
Subject: Sneaking a peek on Wlan in airports 
I'm sure you as I have many time been in airport with public wlan access
and by error had some kind of sniffer running ?

well I has Cain open because of a general scan I was making related to a
test, and I picked up a Pop3 account and password,
I did try to find the guy to tell him but did not see anybody with a
laptop, so what now do I email him as asking him to update the password
or do I just ignore it and let he carry on doing this to him self and his
firm.

Regards

Jasper O Waale
_________________________________________________________________



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: