Re: Legality of WEP Cracking

["Tim Shea" <tim () tshea net>]

Agreed - but here is another way to look at it:

If you go after business this way - you are guaranteed that your
competitors will get the gig and not you.  You will just be thrown out. 
I've gotten two gigs to tighten down networks in the last 6 months due to
someone else trying this approach to "educate" and "build business".

Finally, you can argue all you want on the legalities (since the laws are
all over the map) but, IMHO, its unethical.

> interesting but i doubt it will give you good impression? can you
> imagine that someone has broken your wep , he comes to you and say
> "look what we have broken your wep,now we can offer you our services
> to secure your networks"
>
> will you accept his service?don't you think its illegal?
> ---------------------------------------
> http://www.secgeeks.com
> get a blog on SecGeeks :)
> register here:-
> http://secgeeks.com/user/register
> rss feeds :-
> http://secgeeks.com/node/feed
>
> http://www.newskicks.com
> Submit and kick for new stories from all around the world.
> ---------------------------------------
>
> On 5/19/07, Shenk, Jerry A <jshenk () decommunications com> wrote:
> > I think the specific frequencies that wifi uses are public frequencies
> > without "an expectation of privacy". I'm not sure that's a good way to
> > pick up customers and I'm not volunteering to be a test case but I think
> > there is some validity to that conclusion.  Now, what you do with the
> > data could become an issue and whether you are breaking the law or not,
> > they "offended company" could make your life MISERABLE and cost you TON
> > of money.  I'd be eager to watch somebody else fight that battle and see
> > what happens;)
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Richard Brinson
> > Sent: Friday, May 18, 2007 5:32 AM
> > To: pen-test () securityfocus com
> > Subject: Legality of WEP Cracking
> >
> > During an internal business development meeting yesterday we were
> > discussing
> > new ways of picking up pen testing clients. One of our junior engineers
> > suggested that we go war driving, crack some WEP keys and then approach
> > each
> > company offering services to make them more secure. The idea was put
> > down
> > straight away on the basis that without prior approval we would be
> > breaking
> > the law. However, upon further discussion a case was made that (moral
> > issues
> > aside) provided we only captured traffic passively, and as long as we
> > did
> > not try to connect or send any packets to any devices - would the law be
> > broken?
> >
> > Does the law state anywhere that we can not analyse air traffic that is
> > broadcast into the public domain? (if so surely we would all be breaking
> > the
> > law every time we picked up a network other than our own) and is it
> > against
> > the law to know someone else's WEP key when they have not made that
> > information available to you?
> >
> > What are your thoughts on this?
> >
> > Kind regards,
> >
> > Richard Brinson
> > Kanoo Ltd
> >
> > This message contains confidential information and is intended only for
> > the
> > individual named. If you are not the named addressee you should not
> > disseminate, distribute or copy this e-mail. Please notify the sender
> > immediately by e-mail if you have received this e-mail by mistake and
> > delete
> > this e-mail from your system. E-mail transmission cannot be guaranteed
> > to be
> > secure or error-free as information could be intercepted, corrupted,
> > lost,
> > destroyed, arrive late or incomplete, or contain viruses. The sender
> > therefore does not accept liability for any errors or omissions in the
> > contents of this message, which arise as a result of e-mail
> > transmission.
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic
> > See HOW Now with our 20/20 program!
> >
> > http://www.cenzic.com/c/2020
> > ------------------------------------------------------------------------
> >
> >
> >
> >
> > **DISCLAIMER
> > This e-mail message and any files transmitted with it are intended for
> > the use of the individual or entity to which they are addressed and may
> > contain information that is privileged, proprietary and confidential. If
> > you are not the intended recipient, you may not use, copy or disclose to
> > anyone the message or any information contained in the message. If you
> > have received this communication in error, please notify the sender and
> > delete this e-mail message. The contents do not represent the opinion of
> > D&E except to the extent that it relates to their official business.
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic
> > See HOW Now with our 20/20 program!
> >
> > http://www.cenzic.com/c/2020
> > ------------------------------------------------------------------------
>
>
> --
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------