Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Legality of WEP Cracking
From: "Richard Brinson" <richard () kanoo-uk com>
Date: Fri, 18 May 2007 21:43:36 +0100

Nice to read all of your thoughts on this matter. I personally have little
doubt that this would be an unethical way to conduct business and is
certainly not the best way forward (hence my "moral issues aside" comment in
the original mail). What I am interested in is educating my engineers to be
able to support our sales guys in the best possible fashion. We are based in
the UK and the attitude to litigation here is relatively passive compared to
that in the US, and it is with this in mind that our sales guys sometimes
think they can 'stretch' the boundaries a bit. 

I totally agree that as an ethical security company, grey areas should be
viewed as black. I will be going over all of these comments in our next bus
dev meeting to highlight the general feeling of the industry from a
technical aspect. No doubt our sales guys will think it is somewhat biased.

Keep the opinions coming...

Regards

Richard

-----Original Message-----
From: Tim Shea [mailto:tim () tshea net] 
Sent: 18 May 2007 21:06
To: crazy frog crazy frog
Cc: Shenk, Jerry A; Richard Brinson; pen-test () securityfocus com
Subject: Re: Legality of WEP Cracking


Agreed - but here is another way to look at it:

If you go after business this way - you are guaranteed that your competitors
will get the gig and not you.  You will just be thrown out. 
I've gotten two gigs to tighten down networks in the last 6 months due to
someone else trying this approach to "educate" and "build business".

Finally, you can argue all you want on the legalities (since the laws are
all over the map) but, IMHO, its unethical.

interesting but i doubt it will give you good impression? can you 
imagine that someone has broken your wep , he comes to you and say 
"look what we have broken your wep,now we can offer you our services 
to secure your networks"

will you accept his service?don't you think its illegal?
---------------------------------------
http://www.secgeeks.com
get a blog on SecGeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secgeeks.com/node/feed

http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------

On 5/19/07, Shenk, Jerry A <jshenk () decommunications com> wrote:
I think the specific frequencies that wifi uses are public 
frequencies without "an expectation of privacy". I'm not sure that's 
a good way to pick up customers and I'm not volunteering to be a test 
case but I think there is some validity to that conclusion.  Now, 
what you do with the data could become an issue and whether you are 
breaking the law or not, they "offended company" could make your life 
MISERABLE and cost you TON of money.  I'd be eager to watch somebody 
else fight that battle and see what happens;)

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com]
On Behalf Of Richard Brinson
Sent: Friday, May 18, 2007 5:32 AM
To: pen-test () securityfocus com
Subject: Legality of WEP Cracking

During an internal business development meeting yesterday we were 
discussing new ways of picking up pen testing clients. One of our 
junior engineers suggested that we go war driving, crack some WEP 
keys and then approach each company offering services to make them 
more secure. The idea was put down straight away on the basis that 
without prior approval we would be breaking the law. However, upon 
further discussion a case was made that (moral issues
aside) provided we only captured traffic passively, and as long as we 
did not try to connect or send any packets to any devices - would the 
law be broken?

Does the law state anywhere that we can not analyse air traffic that 
is broadcast into the public domain? (if so surely we would all be 
breaking the law every time we picked up a network other than our 
own) and is it against the law to know someone else's WEP key when 
they have not made that information available to you?

What are your thoughts on this?

Kind regards,

Richard Brinson
Kanoo Ltd

This message contains confidential information and is intended only 
for the individual named. If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail. Please notify 
the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system. E-mail transmission 
cannot be guaranteed to be secure or error-free as information could 
be intercepted, corrupted, lost, destroyed, arrive late or 
incomplete, or contain viruses. The sender therefore does not accept 
liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




**DISCLAIMER
This e-mail message and any files transmitted with it are intended for
the use of the individual or entity to which they are addressed and may
contain information that is privileged, proprietary and confidential. If
you are not the intended recipient, you may not use, copy or disclose to
anyone the message or any information contained in the message. If you
have received this communication in error, please notify the sender and
delete this e-mail message. The contents do not represent the opinion of
D&E except to the extent that it relates to their official business.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




--

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.467 / Virus Database: 269.7.3/809 - Release Date: 17/05/2007
17:18
 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.467 / Virus Database: 269.7.3/809 - Release Date: 17/05/2007
17:18
 



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault