Penetration Testing mailing list archives
Re: Sneaking a peek on Wlan in airports
From: Manuel Arostegui Ramirez <manuel () todo-linux com>
Date: Sat, 19 May 2007 08:38:36 +0200
El Viernes, 18 de Mayo de 2007 21:54, ebk_lists () hotmail com escribió:
I think everyone is of the same opinion (myself included). Even if this were legal, it would be a disastrous marketing ploy. It's one thing (and still suspicious) to point out a vulnerability of some sort, quite another to try to leverage that into work for yourself. Especially in the case of actually going so far as to break something (yes, even wep) to do so. Kinda like sticking a knife into someone's bald tire and then mentioning that your shop has a sale on tires. Not a good idea.
I actually wonder why he started this thread using his work email account... What sort of employees that company have? For me is totally unethical to crack a WEP pass (which in most cases is illegal) and then offer a security services, god, what the hell? If he thought about doing that, he'd attack another potentially client website and then email them with something like "hey, mate, we got admin in your site, do you want us to securize your site?" And as some of you guys wrote, I agree and I don't think you run a sniffer by accident, no way. Truth be told, most of us did do arp poisoning attacks on the "public" wifi network such as Starbuck's, yeah, at least me, just for a few minutes to see what's going on on that network, nothing deeper, and totally for sure not to try to sell me/our company services, right? And finally, to anwser the original poster question... I think it's pointless to advice him or whoever to change his email password, and even more, to go to him and say "hey, listen, i got your password BY ACCIDENT, I'm sorry, just change it, but be careful, cause I'm a good guy and I will do nothing with your password, but next time you might not be as lucky as this one, so try to use a VPN or something", you'd only get into troubles, no matter, if he was a "luser" or a "geek", problems would be waiting for you and your company since you offer him and his company some kind of security solution. Just my 2 cents... All the best. Manuel. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Re: Sneaking a peek on Wlan in airports, (continued)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: Re: Sneaking a peek on Wlan in airports killy (May 18)
- Re: Sneaking a peek on Wlan in airports Jason Chambers (May 18)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: RE: Sneaking a peek on Wlan in airports ebk_lists (May 17)
- RE: RE: Sneaking a peek on Wlan in airports mystic33 (May 17)
- Re: Sneaking a peek on Wlan in airports Thor (Hammer of God) (May 18)
- RE: Sneaking a peek on Wlan in airports Erin Carroll (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Toby Barrick (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Manuel Arostegui Ramirez (May 19)