Penetration Testing mailing list archives
RE: Sneaking a peek on Wlan in airports
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 18 May 2007 12:04:56 -0700
Thor, Some comments below inline
While I agree that one should try to leave conjecture alone and just "answer the question," it's not always that easy to do. Most of the people on this list (well, ones that post anyway) are detail oriented, technical, pedantic people. It comes with the job. So when you see a question that's just "not quite right," you have to ask the obvious "how did you get here from there" questions, particularly when the scenarios smack of white lie.
I'm not disagreeing with your viewpoint, I personally agree. You do have to bear in mind however that as the list moderator my main focus is to foster new and interesting discussions and keep the flaming to a minimum. So you'll see me let through even one-line responses or repeats of information because at least they took the time (however small) to respond. With somewhere above 15k subscribers to pen-test there are a *lot* of different ways one could answer what seems a simple question and I'm hoping that the lurkers out there will chime in. Besides, there are only so many times I can see another "how do I do X" without groaning when a simple list archive search or 5 minutes on google would have answered. But, since the answers may be new info to list newcomers I let those go through. I've been in the industry a long time but every now and then someone points out a tool/method/view that is illuminating or intriguing in response to a question that had been asked and answered many times before.
The simple "what would you do" question brings a lot with it. Personally, it is painfully obvious (or should be) to anyone that people will use unsecured, public networks in insecure ways. Being surprised by seeing a POP3 username/password on a wlan is a "red flag" in itself. To have an apparent pen-tester working for PWC post to a list asking what he should do in such a case is simply suspect (to me, anyway) - so I think it is natural for people to ask WTF?
True. But my effort is to have WTF addressed constructively and avoid responses which consist of only the WTF ;)
I would much rather see someone say "I was sniffing traffic on a wireless network." If the "my laptop came out of hibernation" scenario is true, then the real lesson should be "if you are a professional pen-tester for PWC, you should not, under any circumstances, have your laptop set to automatically connect to the first unsecured wireless lan it comes across." The OP was (obviously) performing a sniff on another wireless network before, presumably as part of a pen-test, and just put his lappy into hibernation. In such a case, automatically having his laptop connect to an unsecured network could actually have resulted in a breech of the data he was previously testing. The question therefore is not "what do I do when, gasp, I see a pop3 password" but rather "is this the way PWC trains their pen-testers, and is this the way PWC goes about protecting their customer's confidential data?"
And the above is a great response and example of going beyond the WTF. Other list member may now have a "oh, that's a good point. I should pay attention and not do this in the future because of those reasons". These are things people with a lot of experience take for granted as obvious but as you know, sometimes you have to point out the pink elephant in the room... Or in this case provide a diagram of what a pink elephant looks like.
That being said, when you see POP3 password, SMTP mail data, HTTP base64 encoded basic authentication data on an unsecured wlan, the obvious thing to do is see if it gets you free porn somehow.
Heh. I thought that was standard operating procedure in the pen-tester manual listed right after "Find nearest source of caffeine and hook up the IV." -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball" ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Sneaking a peek on Wlan in airports krymson (May 17)
- <Possible follow-ups>
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 17)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: Re: Sneaking a peek on Wlan in airports killy (May 18)
- Re: Sneaking a peek on Wlan in airports Jason Chambers (May 18)
- Re: Re: Sneaking a peek on Wlan in airports alan (May 17)
- Re: RE: Sneaking a peek on Wlan in airports ebk_lists (May 17)
- RE: RE: Sneaking a peek on Wlan in airports mystic33 (May 17)
- Re: Sneaking a peek on Wlan in airports Thor (Hammer of God) (May 18)
- RE: Sneaking a peek on Wlan in airports Erin Carroll (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Toby Barrick (May 18)
- Re: Re: Sneaking a peek on Wlan in airports ebk_lists (May 18)
- Re: Sneaking a peek on Wlan in airports Manuel Arostegui Ramirez (May 19)