Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Re: Legality of WEP Cracking
From: ebk_lists () hotmail com
Date: 21 May 2007 13:03:09 -0000

This is good information, thanks. I think this will help all of us develop a better picture of the thin ice we skate on 
every day. 

It's good to know that these laws exist, but does anyone have any case law (preferably recent) to go with them? Knowing 
the law is good, knowing how it is being applied is even better.

I think alot of it will boil down to intent and purpose. If I audit one of my company's office downtown, it is 
guaranteed that I will pickup more than just my company's traffic, just because of the density of the office building. 
But I don't intend to do that, nor is it my purpose. I ignore any data that I know to _not_ belong to my company. I 
also carry a signed letter from my CISO when I do these audits. 

The laws are primarily going to come into play, IMHO, when there is criminal intent. For instance, when two kids are 
sitting in their car listening to a major home improvement stores wireless traffic for the sole purpose of stealing 
credit card numbers, I'd say that is criminal intent- pretty blatant, and easy to prove. But here in the US that burden 
of proof is on the prosecution. So, in cases where the intent isn't as cut and dried, it may not make it to court, 
depending on the circumstances. 

Computer law is getting better, but it still has a long way to go. A great deal of these cases still get tried on other 
laws such as trespassing, loitering and theft of service. 

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]