Penetration Testing mailing list archives
Re: Sneaking a peek on Wlan in airports
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 18 May 2007 11:31:32 -0700
Erin,While I agree that one should try to leave conjecture alone and just "answer the question," it's not always that easy to do. Most of the people on this list (well, ones that post anyway) are detail oriented, technical, pedantic people. It comes with the job. So when you see a question that's just "not quite right," you have to ask the obvious "how did you get here from there" questions, particularly when the scenarios smack of white lie.
The simple "what would you do" question brings a lot with it. Personally, it is painfully obvious (or should be) to anyone that people will use unsecured, public networks in insecure ways. Being surprised by seeing a POP3 username/password on a wlan is a "red flag" in itself. To have an apparent pen-tester working for PWC post to a list asking what he should do in such a case is simply suspect (to me, anyway) - so I think it is natural for people to ask WTF? I would much rather see someone say "I was sniffing traffic on a wireless network." If the "my laptop came out of hibernation" scenario is true, then the real lesson should be "if you are a professional pen-tester for PWC, you should not, under any circumstances, have your laptop set to automatically connect to the first unsecured wireless lan it comes across." The OP was (obviously) performing a sniff on another wireless network before, presumably as part of a pen-test, and just put his lappy into hibernation. In such a case, automatically having his laptop connect to an unsecured network could actually have resulted in a breech of the data he was previously testing. The question therefore is not "what do I do when, gasp, I see a pop3 password" but rather "is this the way PWC trains their pen-testers, and is this the way PWC goes about protecting their customer's confidential data?"
To me, *that* is the real "issue at hand."That being said, when you see POP3 password, SMTP mail data, HTTP base64 encoded basic authentication data on an unsecured wlan, the obvious thing to do is see if it gets you free porn somehow.
t----- Original Message ----- From: "Erin Carroll" <amoeba () amoebazone com> To: "'Tremaine Lea'" <pen-test () ddiction com>; "'Eduardo Di Monte'" <eduardo.dimonte () gmail com> Cc: <jasper.o.waale () kh pwc com>; <listbounce () securityfocus com>; <pen-test () securityfocus com>
Sent: Thursday, May 17, 2007 12:57 PM Subject: RE: Sneaking a peek on Wlan in airports All, Tremaine has a point I'd like to tangent from. There are many posts that come across the list that can be interpreted as actions or events which are questionable given the scenario. Unless explicitly stated by someone or obviously illegal, please try to assume that the question or situation is of a benign nature. We could argue about intentions or likelihood until we're blue in the face but it generally devolves to flaming or not-so-nice inferences that I do not want on this list. Yes, there are script kiddies and unethical behavior in our profession... But let's focus on the issue at hand and not the motive: You encounter leaking sensitive data that was not in scope of a job or part of your duties etc. What should you do? -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Tremaine Lea Sent: Thursday, May 17, 2007 10:36 AM To: Eduardo Di Monte Cc: jasper.o.waale () kh pwc com; listbounce () securityfocus com; pen-test () securityfocus com Subject: Re: Sneaking a peek on Wlan in airports Starting a sniffer by error is pretty unlikely. Starting a sniffer and then closing your laptop after having forgotten about it, that's not unlikely. --- Tremaine Lea Network Security Consultant Be in pursuit of equality, but not at the expense of excellence. On 17-May-07, at 4:15 AM, Eduardo Di Monte wrote: > Jasper, > > You don´t run a sniffer by error, so stay away from doing this again. > > Regards, > > Eduardo Di Monte > > > -----Mensaje original----- > De: listbounce () securityfocus com > [mailto:listbounce () securityfocus com] En nombre de > jasper.o.waale () kh pwc com Enviado el: miércoles, 16 de mayo de 2007 > 7:20 > Para: listbounce () securityfocus com; pen-test () securityfocus com > Asunto: Sneaking a peek on Wlan in airports > > I'm sure you as I have many time been in airport with public wlan > access and by error had some kind of sniffer running ? > > well I has Cain open because of a general scan I was making related to > a test, and I picked up a Pop3 account and password, I did try to find > the guy to tell him but did not see anybody with a laptop, so what now > do I email him as asking him to update the password or do I just > ignore it and let he carry on doing this to him self and his firm. > > Regards > > Jasper O Waale > _________________________________________________________________ > The information transmitted is intended only for the person or entity > to which it is addressed and may contain confidential and/or > privileged material. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon, this > information by persons or > entities other than the intended recipient is prohibited. If you > received > this in error, please contact the sender and delete the material from > any computer. > > > ---------------------------------------------------------------------- > -- > This List Sponsored by: Cenzic > > Are you using SPI, Watchfire or WhiteHat? > Consider getting clear vision with Cenzic See HOW Now with our 20/20 > program! > > http://www.cenzic.com/c/2020 > ---------------------------------------------------------------------- > -- > > > ---------------------------------------------------------------------- > -- > This List Sponsored by: Cenzic > > Are you using SPI, Watchfire or WhiteHat? > Consider getting clear vision with Cenzic See HOW Now with our 20/20 > program! > > http://www.cenzic.com/c/2020 > ---------------------------------------------------------------------- > -- > > > -------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Sneaking a peek on Wlan in airports krymson (May 17)
- <Possible follow-ups>
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 17)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: Re: Sneaking a peek on Wlan in airports killy (May 18)
- Re: Sneaking a peek on Wlan in airports Jason Chambers (May 18)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: RE: Sneaking a peek on Wlan in airports ebk_lists (May 17)
- RE: RE: Sneaking a peek on Wlan in airports mystic33 (May 17)
- Re: Sneaking a peek on Wlan in airports Thor (Hammer of God) (May 18)
- RE: Sneaking a peek on Wlan in airports Erin Carroll (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Toby Barrick (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Manuel Arostegui Ramirez (May 19)