Full Disclosure mailing list archives
Re: WEEPING FOR WEP
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 06 Apr 2007 16:07:53 -0400
* Intent: This is a biggie. If someone trespassed on your private network through an open wireless access point, then proving digital trespassing can be very difficult. However, if the user must bypass your minimalist WEP security, then they clearly show intent to trespass.
Accessing it is different than listening to it. Assuming I don't do ARP replay or other L2 games because I'm impatient, I've never really "trespassed" since you were blasting your signal into a public area, and it's an unlicensed band. (IANAL .. anyone have a case law link for the above conjecture?)
Consider WEP like a low fence around a swimming pool. Without the fence, you are in trouble if a neighborhood kid drowns in the pool. It's an "attractive nuisance". However, with the fence, you should be covered if a kid climbs the fence and drowns. It's still bad, but you have a standing to refute blamed since you put up a barrier, even if the barrier was minimal.
Depends .. can they convince the jury that your fence wasn't *really* tall enough? Remember .. here in the US, store owners get sued because a burglar falls through the roof during the course of a break-in. Put another way, if I use a system known to be ineffective (a twist-tie on a gate lock, to use the above "pool" example) it could be plausibly argued that you in effect made no effort at all. Once someone writes a network widget that automates the (capture -> crack -> connect) process, it could probably argued the same way for WEP (again .. IANAL). ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WEEPING FOR WEP neal.krawetz (Apr 06)
- Re: WEEPING FOR WEP Troy Cregger (Apr 06)
- Re: WEEPING FOR WEP Valdis . Kletnieks (Apr 06)
- Re: WEEPING FOR WEP Michael Holstein (Apr 06)
- Re: WEEPING FOR WEP Troy Cregger (Apr 06)
- Re: WEEPING FOR WEP Kevin Finisterre (lists) (Apr 06)
- Re: WEEPING FOR WEP Steven Adair (Apr 06)
- Re: WEEPING FOR WEP Troy Cregger (Apr 06)
- Re: WEEPING FOR WEP Bruce Ediger (Apr 06)
- Re: WEEPING FOR WEP Valdis . Kletnieks (Apr 06)
- Re: WEEPING FOR WEP Robert Allinson (Apr 06)
- Re: WEEPING FOR WEP Michael Holstein (Apr 06)
- Re: WEEPING FOR WEP Gary Warner (Apr 06)
- Re: WEEPING FOR WEP James (njan) Eaton-Lee (Apr 06)
- <Possible follow-ups>
- Re: WEEPING FOR WEP george_ou (Apr 06)
- Re: WEEPING FOR WEP Mike Vasquez (Apr 06)
- Re: WEEPING FOR WEP george_ou (Apr 06)
- Re: WEEPING FOR WEP Mike Vasquez (Apr 06)
- Re: WEEPING FOR WEP Troy Cregger (Apr 09)
- Re: WEEPING FOR WEP Mike Vasquez (Apr 06)