Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Sneaking a peek on Wlan in airports
From: "Chris Kuethe" <chris.kuethe () gmail com>
Date: Wed, 16 May 2007 12:37:40 -0600

On 5/15/07, jasper.o.waale () kh pwc com <jasper.o.waale () kh pwc com> wrote:
I'm sure you as I have many time been in airport with public wlan access
and by error had some kind of sniffer running ?

well I has Cain open because of a general scan I was making related to a
test, and I picked up a Pop3 account and password,
I did try to find the guy to tell him but did not see anybody with a
laptop, so what now do I email him as asking him to update the password
or do I just ignore it and let he carry on doing this to him self and his

ObHighHorse: you really should know better than to even ask. ;)

I guess the time of baggy-pantsing is long past... when people who
didn't lock their terminals would find that somehow they had sent a
message to everyone proclaiming that they had baggy pants. A gently
mocking reminder to lock the terminal.

I'm pretty sure that it would not be taken well if you were to mail
them a note to say that their password was exposed. It would cause
even more distress if you log in to their email as them and send them
a note to not use such a silly webmail system... even if you did wait
for them to go offline and then use their IP/ethernet address.

My suggestion: check tcpdump to be sure you're not leaking unencrypted
stuff, and then don't worry about it unless you're getting paid to
worry about it.


GDB has a 'break' feature; why doesn't it have 'fix' too?

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]