Re: Sneaking a peek on Wlan in airports


In a situation where you have operated outside contractual bounds, the perceived legal risk is non-trivial. The results of sharing your findings are extremely difficult to gauge, and can vary from the users appreciation for your honesty and integrity to a large corporate entity pursuing you relentlessly in court to make a point about 'hackers'.

While it may be tempting to provide assistance to the person or corporation involved, I think the risk is simply too high to be acceptable. It is not in our best interests professionally to operate outside the bounds of business and play white hat cowboy.



---

Tremaine Lea
Network Security Consultant

Be in pursuit of equality, but not at the expense of excellence.


On 17-May-07, at 1:57 PM, Erin Carroll wrote:

All,

Tremaine has a point I'd like to tangent from. There are many posts that
come across the list that can be interpreted as actions or events which are
questionable given the scenario. Unless explicitly stated by someone or
obviously illegal, please try to assume that the question or situation is of
a benign nature. We could argue about intentions or likelihood until we're
blue in the face but it generally devolves to flaming or not-so-nice
inferences that I do not want on this list.

Yes, there are script kiddies and unethical behavior in our profession...
But let's focus on the issue at hand and not the motive: You encounter
leaking sensitive data that was not in scope of a job or part of your duties
etc. What should you do?


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Tremaine Lea
Sent: Thursday, May 17, 2007 10:36 AM
To: Eduardo Di Monte
Cc: jasper.o.waale@xxxxxxxxxx; listbounce@xxxxxxxxxxxxxxxxx;
pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: Sneaking a peek on Wlan in airports

Starting a sniffer by error is pretty unlikely.


Starting a sniffer and then closing your laptop after having
forgotten about it, that's not unlikely.




---

Tremaine Lea
Network Security Consultant

Be in pursuit of equality, but not at the expense of excellence.


On 17-May-07, at 4:15 AM, Eduardo Di Monte wrote:

Jasper,

You don´t run a sniffer by error, so stay away from doing
this again.

Regards,

Eduardo Di Monte


-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] En nombre de
jasper.o.waale@xxxxxxxxxx Enviado el: miércoles, 16 de mayo de 2007
7:20
Para: listbounce@xxxxxxxxxxxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx
Asunto: Sneaking a peek on Wlan in airports

I'm sure you as I have many time been in airport with public wlan
access and by error had some kind of sniffer running ?

well I has Cain open because of a general scan I was making
related to
a test, and I picked up a Pop3 account and password, I did
try to find
the guy to tell him but did not see anybody with a laptop,
so what now
do I email him as asking him to update the password or do I just
ignore it and let he carry on doing this to him self and his firm.

Regards

Jasper O Waale
_________________________________________________________________
The information transmitted is intended only for the person
or entity
to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination or
other use of, or taking of any action in reliance upon, this
information by persons or
entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the
material from
any computer.



--------------------------------------------------------------------- -
--
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with
our 20/20
program!

http://www.cenzic.com/c/2020

--------------------------------------------------------------------- -
--



--------------------------------------------------------------------- -
--
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with
our 20/20
program!

http://www.cenzic.com/c/2020

--------------------------------------------------------------------- -
--





--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------






------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Relevant Pages