Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Sneaking a peek on Wlan in airports
From: Manuel Arostegui Ramirez <manuel () todo-linux com>
Date: Sat, 19 May 2007 08:38:36 +0200

El Viernes, 18 de Mayo de 2007 21:54, ebk_lists () hotmail com escribió:
I think everyone is of the same opinion (myself included). Even if this
were legal, it would be a disastrous marketing ploy. It's one thing (and
still suspicious) to point out a vulnerability of some sort, quite another
to try to leverage that into work for yourself. Especially in the case of
actually going so far as to break something (yes, even wep) to do so. Kinda
like sticking a knife into someone's bald tire and then mentioning that
your shop has a sale on tires. Not a good idea.

I actually wonder why he started this thread using his work email account...
What sort of employees that company have? For me is totally unethical to crack 
a WEP pass (which in most cases is illegal) and then offer a security 
services, god, what the hell? If he thought about doing that, he'd attack 
another potentially client website and then email them with something like 
"hey, mate, we got admin in your site, do you want us to securize your site?"

And as some of you guys wrote, I agree and I don't think you run a sniffer by 
accident, no way.
Truth be told, most of us did do arp poisoning attacks on the "public" wifi 
network such as Starbuck's, yeah, at least me, just for a few minutes to see 
what's going on on that network, nothing deeper, and totally for sure not to 
try to sell me/our company services, right?

And finally, to anwser the original poster question...
I think it's pointless to advice him or whoever to change his email password, 
and even more, to go to him and say "hey, listen, i got your password BY 
ACCIDENT, I'm sorry, just change it, but be careful, cause I'm a good guy and 
I will do nothing with your password, but next time you might not be as lucky 
as this one, so try to use a VPN or something", you'd only get into troubles, 
no matter, if he was a "luser" or a "geek", problems would be waiting for you 
and your company since you offer him and his company some kind of security 

Just my 2 cents...

All the best.

Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]