Re: Is this for real?

[Stefano Zanero <s.zanero () securenetwork it>]

phil.johnson () mdp com wrote:

> http://www.dontsteal.net

> For example, if someone used a rainbow table to get into your dummy
> but WPA'ed router, and if you had this system set up, and if the
> intruder logged to certain accounts (say yahoo mail, for instance),
> *every* stored message is downloaded and a database created, for
> identification purposes.  Same thing with other kinds of connections.

Firstly, it's a totally dumb system for INTRUDERS. At most it will work
against your careless neighbor or run-of-the-mill wardriver.

Secondly, it is probably illegal to do anything like that. Intercepting
communications of someone else, getting his passwords and his email, in
Italy would lead to prosecution under at least 3-4 different titles of
our penal code. IN PARTICULAR if you do it routinely against people who
mean you no harm (e.g. I sit down in a Starbucks, and pick up YOUR
wireless LAN instead of the shop's one... and you log all of my accounts ?!)

All in all, I think that this is almost as bad as "strike back
technology", and has almost the same stink of snake oil to it.

Stefano


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------