|
Security Basics
mailing list archives
Re: Telling prospective wi-fi customers they are open to hacking
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Fri, 11 Mar 2005 16:50:15 -0800 (PST)
hi ya
Unless they name their SSID the same as their company name, how will you
know who to call on? If you intend to maybe break into their network
through electronic means (monitor their traffic to see who they are) then I
would say you might cross and ethical line there.
you know their email addy if you are in their wireless network
- "monitoring them" is probably a clear case of a bad thing to do ..
- just happen to pick them up while driving by in a moving
car for a few seconds is a different issue ??
- when you take action based on something you were not supposed to
see becomes a legal issue, depending on their attitude and lawyers
- it doesn't matter that they left their doors and windows
open and left $1M accessiblef or you in the house or car ...
- you're in deep kaka if you touch the "valuables" or do something
- if you want to do auditing or fixing their "locks and window", than
liability insurance and a good lawyer is worth a few bucks to pay
to have a "get out of jail" card handy
- 50% of most wireless networks are NOT wep-enabled
- just drive around the residential or commercial areas
- they are even kind enough to give you, free access to the web
and let you sniff all their confidential emails
- for those wireless that are wep or wpa enabled, you can try to
guess their wep keys or brute force it
- wep is broken
- wpa is trickier but people will tend to use simple keys
( "my name is wireless smith" )
- there is nothing special about ssid ... and is trivial to see
- for more wireless sniffers and crackers
http://Linux-Wireless.org/Sniffers
c ya
alvin
 By Date 
By Thread
Current thread:
|
Intro
