Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: RE: Legality of WEP Cracking
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Fri, 18 May 2007 12:33:34 -0700

This, and other responses in the same vein, are spot on. Don't do it. It's
opening more liability and cost to your company than the potential revenue
you could generate.

On the other hand, I don't see the problem with contacting said company (no
cracking on your end) and telling them you noticed they are using wireless
and WEP (anyone in range can) and explaining the dangers of relying on such
an easily broken protocol as your sales-pitch-ish way in. Then again, I
avoid the sales aspect of this business like the plague where possible so no
idea if this would even garner a non-hostile response.



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of 
ebk_lists () hotmail com
Sent: Friday, May 18, 2007 12:00 PM
To: pen-test () securityfocus com
Subject: Re: RE: Legality of WEP Cracking

It's a question of the laws of the country you are in, for 
sure. But overall I think that by actively cracking the wep 
or wpa or whatever encryption, you are treading on thin ice, 
if not breaking the law altogether. My brief google didn't 
reveal any specific examples, but based on what I already 
have learned about the law and how it applies (at least in 
the US), I would say that eavesdropping on UNENCRYPTED 
wireless communications is ok. By failing to use encryption, 
the people are, as you say, giving up their expectation of 
privacy. Especially given the fact that wireless 
communications are a bit ubiquitous due to their nature. 

However, the line gets drawn once they are using encryption. 
They have taken a step to provide a measure of privacy (even 
while using something as broken as wep) and by actively 
trying to surpass that, I think you may be in a bit of 
danger. Although I don't know for sure. Hopefully someone 
else can give us more legal reference.

Regardless, this is a bad idea and I would highly recommend 
NOT doing this for/against anyone that isn't paying you and 
has given you a sign "get out of jail" letter. You have 
rightly dismissed this one.
 

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault