RE: RE: Legality of WEP Cracking

From: Erin Carroll (amoeba@amoebazone.com)
Date: Fri May 18 2007 - 15:33:34 EDT

• Next message: Toby Barrick: "Re: Sneaking a peek on Wlan in airports"
• Previous message: Matthew Webster: "Re: Legality of WEP Cracking"
• In reply to: ebk_lists@hotmail.com: "Re: RE: Legality of WEP Cracking"
• Next in thread: Nick Selby: "Re: Legality of WEP Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This, and other responses in the same vein, are spot on. Don't do it. It's
opening more liability and cost to your company than the potential revenue
you could generate.

On the other hand, I don't see the problem with contacting said company (no
cracking on your end) and telling them you noticed they are using wireless
and WEP (anyone in range can) and explaining the dangers of relying on such
an easily broken protocol as your sales-pitch-ish way in. Then again, I
avoid the sales aspect of this business like the plague where possible so no
idea if this would even garner a non-hostile response.

> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of
> ebk_lists@hotmail.com
> Sent: Friday, May 18, 2007 12:00 PM
> To: pen-test@securityfocus.com
> Subject: Re: RE: Legality of WEP Cracking
>
> It's a question of the laws of the country you are in, for
> sure. But overall I think that by actively cracking the wep
> or wpa or whatever encryption, you are treading on thin ice,
> if not breaking the law altogether. My brief google didn't
> reveal any specific examples, but based on what I already
> have learned about the law and how it applies (at least in
> the US), I would say that eavesdropping on UNENCRYPTED
> wireless communications is ok. By failing to use encryption,
> the people are, as you say, giving up their expectation of
> privacy. Especially given the fact that wireless
> communications are a bit ubiquitous due to their nature.
>
> However, the line gets drawn once they are using encryption.
> They have taken a step to provide a measure of privacy (even
> while using something as broken as wep) and by actively
> trying to surpass that, I think you may be in a bit of
> danger. Although I don't know for sure. Hopefully someone
> else can give us more legal reference.
>
> Regardless, this is a bad idea and I would highly recommend
> NOT doing this for/against anyone that isn't paying you and
> has given you a sign "get out of jail" letter. You have
> rightly dismissed this one.
>
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic See HOW Now with
> our 20/20 program!
>
> http://www.cenzic.com/c/2020
> --------------------------------------------------------------
> ----------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: Toby Barrick: "Re: Sneaking a peek on Wlan in airports"
• Previous message: Matthew Webster: "Re: Legality of WEP Cracking"
• In reply to: ebk_lists@hotmail.com: "Re: RE: Legality of WEP Cracking"
• Next in thread: Nick Selby: "Re: Legality of WEP Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT