Penetration Testing mailing list archives
Re: Walmart using WEP
From: Gary Nichols <gnichols () phx1 bcbsaz com>
Date: Fri, 28 Jul 2006 13:13:25 -0700
Perhaps I'm missing something here, but how exactly were these posts reckless? Examples: Is this reckless?: OMG Walmart had an open access point and I hax0red their POS sysytem and dropped the price on all Britney Spears CDs to 25 cents! The new WEP key is '0wn3d!'. Yes. That would be reckless, but I didn't see that in this thread. Is this reckless?: It would appear that Walmart is using 802.11 networking and WEP on their inventory scanners. This could be bad if someone cracked the WEP key. Not a very good security practice. No. I don't see it. Looks like a good discussion topic to me. Is this reckless?: I saw an 802.11 WAP on top of a door at Walmart. I wonder if it's an open network. The next time I war drive the neighborhood I should check. No. The poster never made mention of connecting to the network. Checking the presence of a broadcasted SSID and its encryption method/status is *NOT ILLEGAL*. Most commercial entities appreciate it when you alert them that they have an open access point on their network. Of course, with everyone screaming "HACKER! TERRORIST!" nowadays, white and grey hats alike are paranoid to advise anyone of anything. Now, if the poster connected to the network, grabbed an IP and started snooping around... Well, then I'd be flaming him too. Sorry to beat the horse to death, but I hear this argument all too frequently and it just gets tiring.
From: "Hawkins, Ray (721)" <Ray.Hawkins () protiviti com> Date: Thu, 27 Jul 2006 19:27:20 -0700 To: Gary Nichols <gnichols () phx1 bcbsaz com>, <pen-test () securityfocus com> Conversation: Walmart using WEP Subject: RE: Walmart using WEP the community that the retired granny three doors down has a broken lock on her backdoor rather than just telling her directly. No amount of pontificating over responsibility legitimizes reckless posts. -----Original Message----- From: Gary Nichols [mailto:gnichols () phx1 bcbsaz com] Sent: Thursday, July 27, 2006 9:07 PM To: pen-test () securityfocus com Subject: Re: Walmart using WEP Yes, this forum is for professionals to learn and share. As a matter of fact, many of us actually learn from the mistakes of others. I don't see anyone here advocating wardriving for the purpose of mischief. I see a couple of people talking about how irresponsible some commercial entities are in deploying their wireless architectures, and one individual that was going to drive around and see if his theory held water. I had a chuckle when I read that "...war driving should be confined to legally permitted isolated networks...". Wardriving doesn't lend itself to your suggestion by its very definition: http://en.wikipedia.org/wiki/Wardriving Don't apologize for not being impressed. Most of us dressed-down for the list today.
The information in this E-mail message is confidential and for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this information is strictly prohibited. If you received this communication in error, please notify the sender immediately. Blue Cross and Blue Shield of Arizona, Inc. and its subsidiaries and affiliates are not responsible for errors, omissions or personal comments in this E-mail message. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Walmart using WEP cracked (Jul 12)
- RE: Walmart using WEP M. Shirk (Jul 25)
- Re: Walmart using WEP Phil Frederick (Jul 27)
- RE: Walmart using WEP terry (Jul 27)
- RE: Walmart using WEP Angelacci, Anna M CTR SPAWAR, J616 (Jul 27)
- Re: Walmart using WEP Gary Nichols (Jul 27)
- RE: Walmart using WEP Miguel Valentin (Jul 29)
- Re: Walmart using WEP Phil Frederick (Jul 27)
- RE: Walmart using WEP M. Shirk (Jul 25)
- <Possible follow-ups>
- Re: Walmart using WEP Gary Nichols (Jul 29)
- Re: Walmart using WEP s-williams (Jul 30)
- Re: Walmart using WEP jeff (Jul 30)
- Re: Walmart using WEP Craig Van Tassle (Jul 31)