Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Sneaking a peek on Wlan in airports
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 18 May 2007 11:31:32 -0700

Erin,

While I agree that one should try to leave conjecture alone and just "answer the question," it's not always that easy to do. Most of the people on this list (well, ones that post anyway) are detail oriented, technical, pedantic people. It comes with the job. So when you see a question that's just "not quite right," you have to ask the obvious "how did you get here from there" questions, particularly when the scenarios smack of white lie.

The simple "what would you do" question brings a lot with it. Personally, it is painfully obvious (or should be) to anyone that people will use unsecured, public networks in insecure ways. Being surprised by seeing a POP3 username/password on a wlan is a "red flag" in itself. To have an apparent pen-tester working for PWC post to a list asking what he should do in such a case is simply suspect (to me, anyway) - so I think it is natural for people to ask WTF? I would much rather see someone say "I was sniffing traffic on a wireless network." If the "my laptop came out of hibernation" scenario is true, then the real lesson should be "if you are a professional pen-tester for PWC, you should not, under any circumstances, have your laptop set to automatically connect to the first unsecured wireless lan it comes across." The OP was (obviously) performing a sniff on another wireless network before, presumably as part of a pen-test, and just put his lappy into hibernation. In such a case, automatically having his laptop connect to an unsecured network could actually have resulted in a breech of the data he was previously testing. The question therefore is not "what do I do when, gasp, I see a pop3 password" but rather "is this the way PWC trains their pen-testers, and is this the way PWC goes about protecting their customer's confidential data?"

To me, *that* is the real "issue at hand."

That being said, when you see POP3 password, SMTP mail data, HTTP base64 encoded basic authentication data on an unsecured wlan, the obvious thing to do is see if it gets you free porn somehow.

t



----- Original Message ----- From: "Erin Carroll" <amoeba () amoebazone com> To: "'Tremaine Lea'" <pen-test () ddiction com>; "'Eduardo Di Monte'" <eduardo.dimonte () gmail com> Cc: <jasper.o.waale () kh pwc com>; <listbounce () securityfocus com>; <pen-test () securityfocus com>
Sent: Thursday, May 17, 2007 12:57 PM
Subject: RE: Sneaking a peek on Wlan in airports


All,

Tremaine has a point I'd like to tangent from. There are many posts that
come across the list that can be interpreted as actions or events which are
questionable given the scenario. Unless explicitly stated by someone or
obviously illegal, please try to assume that the question or situation is of
a benign nature. We could argue about intentions or likelihood until we're
blue in the face but it generally devolves to flaming or not-so-nice
inferences that I do not want on this list.

Yes, there are script kiddies and unethical behavior in our profession...
But let's focus on the issue at hand and not the motive: You encounter
leaking sensitive data that was not in scope of a job or part of your duties
etc. What should you do?


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Tremaine Lea
Sent: Thursday, May 17, 2007 10:36 AM
To: Eduardo Di Monte
Cc: jasper.o.waale () kh pwc com; listbounce () securityfocus com;
pen-test () securityfocus com
Subject: Re: Sneaking a peek on Wlan in airports

Starting a sniffer by error is pretty unlikely.


Starting a sniffer and then closing your laptop after having
forgotten about it, that's not unlikely.




---

Tremaine Lea
Network Security Consultant

Be in pursuit of equality, but not at the expense of excellence.


On 17-May-07, at 4:15 AM, Eduardo Di Monte wrote:

> Jasper,
>
> You don´t run a sniffer by error, so stay away from doing
this again.
>
> Regards,
>
> Eduardo Di Monte
>
>
> -----Mensaje original-----
> De: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] En nombre de
> jasper.o.waale () kh pwc com Enviado el: miércoles, 16 de mayo de 2007
> 7:20
> Para: listbounce () securityfocus com; pen-test () securityfocus com
> Asunto: Sneaking a peek on Wlan in airports
>
> I'm sure you as I have many time been in airport with public wlan
> access and by error had some kind of sniffer running ?
>
> well I has Cain open because of a general scan I was making
related to
> a test, and I picked up a Pop3 account and password, I did
try to find
> the guy to tell him but did not see anybody with a laptop,
so what now
> do I email him as asking him to update the password or do I just
> ignore it and let he carry on doing this to him self and his firm.
>
> Regards
>
> Jasper O Waale
> _________________________________________________________________
> The information transmitted is intended only for the person
or entity
> to which it is addressed and may contain confidential and/or
> privileged material.  Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon, this
> information by persons or
> entities other than the intended recipient is prohibited.   If you
> received
> this in error, please contact the sender and delete the
material from
> any computer.
>
>
>
----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic See HOW Now with
our 20/20
> program!
>
> http://www.cenzic.com/c/2020
>
----------------------------------------------------------------------
> --
>
>
>
----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic See HOW Now with
our 20/20
> program!
>
> http://www.cenzic.com/c/2020
>
----------------------------------------------------------------------
> --
>
>
>


--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault