Re: Legality of WEP Cracking

From: crazy frog crazy frog (i.m.crazy.frog@gmail.com)
Date: Sat May 19 2007 - 01:59:36 EDT


richard keep us posted with wht u decide then.

On 5/19/07, Richard Brinson <richard@kanoo-uk.com> wrote:
> Nice to read all of your thoughts on this matter. I personally have little
> doubt that this would be an unethical way to conduct business and is
> certainly not the best way forward (hence my "moral issues aside" comment in
> the original mail). What I am interested in is educating my engineers to be
> able to support our sales guys in the best possible fashion. We are based in
> the UK and the attitude to litigation here is relatively passive compared to
> that in the US, and it is with this in mind that our sales guys sometimes
> think they can 'stretch' the boundaries a bit.
>
> I totally agree that as an ethical security company, grey areas should be
> viewed as black. I will be going over all of these comments in our next bus
> dev meeting to highlight the general feeling of the industry from a
> technical aspect. No doubt our sales guys will think it is somewhat biased.
>
> Keep the opinions coming...
>
> Regards
>
> Richard
>
> -----Original Message-----
> From: Tim Shea [mailto:tim@tshea.net]
> Sent: 18 May 2007 21:06
> To: crazy frog crazy frog
> Cc: Shenk, Jerry A; Richard Brinson; pen-test@securityfocus.com
> Subject: Re: Legality of WEP Cracking
>
>
> Agreed - but here is another way to look at it:
>
> If you go after business this way - you are guaranteed that your competitors
> will get the gig and not you. You will just be thrown out.
> I've gotten two gigs to tighten down networks in the last 6 months due to
> someone else trying this approach to "educate" and "build business".
>
> Finally, you can argue all you want on the legalities (since the laws are
> all over the map) but, IMHO, its unethical.
>
> > interesting but i doubt it will give you good impression? can you
> > imagine that someone has broken your wep , he comes to you and say
> > "look what we have broken your wep,now we can offer you our services
> > to secure your networks"
> >
> > will you accept his service?don't you think its illegal?
> > ---------------------------------------
> > http://www.secgeeks.com
> > get a blog on SecGeeks :)
> > register here:-
> > http://secgeeks.com/user/register
> > rss feeds :-
> > http://secgeeks.com/node/feed
> >
> > http://www.newskicks.com
> > Submit and kick for new stories from all around the world.
> > ---------------------------------------
> >
> > On 5/19/07, Shenk, Jerry A <jshenk@decommunications.com> wrote:
> >> I think the specific frequencies that wifi uses are public
> >> frequencies without "an expectation of privacy". I'm not sure that's
> >> a good way to pick up customers and I'm not volunteering to be a test
> >> case but I think there is some validity to that conclusion. Now,
> >> what you do with the data could become an issue and whether you are
> >> breaking the law or not, they "offended company" could make your life
> >> MISERABLE and cost you TON of money. I'd be eager to watch somebody
> >> else fight that battle and see what happens;)
> >>
> >> -----Original Message-----
> >> From: listbounce@securityfocus.com
> >> [mailto:listbounce@securityfocus.com]
> >> On Behalf Of Richard Brinson
> >> Sent: Friday, May 18, 2007 5:32 AM
> >> To: pen-test@securityfocus.com
> >> Subject: Legality of WEP Cracking
> >>
> >> During an internal business development meeting yesterday we were
> >> discussing new ways of picking up pen testing clients. One of our
> >> junior engineers suggested that we go war driving, crack some WEP
> >> keys and then approach each company offering services to make them
> >> more secure. The idea was put down straight away on the basis that
> >> without prior approval we would be breaking the law. However, upon
> >> further discussion a case was made that (moral issues
> >> aside) provided we only captured traffic passively, and as long as we
> >> did not try to connect or send any packets to any devices - would the
> >> law be broken?
> >>
> >> Does the law state anywhere that we can not analyse air traffic that
> >> is broadcast into the public domain? (if so surely we would all be
> >> breaking the law every time we picked up a network other than our
> >> own) and is it against the law to know someone else's WEP key when
> >> they have not made that information available to you?
> >>
> >> What are your thoughts on this?
> >>
> >> Kind regards,
> >>
> >> Richard Brinson
> >> Kanoo Ltd
> >>
> >> This message contains confidential information and is intended only
> >> for the individual named. If you are not the named addressee you
> >> should not disseminate, distribute or copy this e-mail. Please notify
> >> the sender immediately by e-mail if you have received this e-mail by
> >> mistake and delete this e-mail from your system. E-mail transmission
> >> cannot be guaranteed to be secure or error-free as information could
> >> be intercepted, corrupted, lost, destroyed, arrive late or
> >> incomplete, or contain viruses. The sender therefore does not accept
> >> liability for any errors or omissions in the contents of this
> >> message, which arise as a result of e-mail transmission.
> >>
> >>
> >> ------------------------------------------------------------------------
> >> This List Sponsored by: Cenzic
> >>
> >> Are you using SPI, Watchfire or WhiteHat?
> >> Consider getting clear vision with Cenzic
> >> See HOW Now with our 20/20 program!
> >>
> >> http://www.cenzic.com/c/2020
> >> ------------------------------------------------------------------------
> >>
> >>
> >>
> >>
> >> **DISCLAIMER
> >> This e-mail message and any files transmitted with it are intended for
> >> the use of the individual or entity to which they are addressed and may
> >> contain information that is privileged, proprietary and confidential. If
> >> you are not the intended recipient, you may not use, copy or disclose to
> >> anyone the message or any information contained in the message. If you
> >> have received this communication in error, please notify the sender and
> >> delete this e-mail message. The contents do not represent the opinion of
> >> D&E except to the extent that it relates to their official business.
> >>
> >>
> >> ------------------------------------------------------------------------
> >> This List Sponsored by: Cenzic
> >>
> >> Are you using SPI, Watchfire or WhiteHat?
> >> Consider getting clear vision with Cenzic
> >> See HOW Now with our 20/20 program!
> >>
> >> http://www.cenzic.com/c/2020
> >> ------------------------------------------------------------------------
> >>
> >>
> >
> >
> > --
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic
> > See HOW Now with our 20/20 program!
> >
> > http://www.cenzic.com/c/2020
> > ------------------------------------------------------------------------
> >
> >
>
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.467 / Virus Database: 269.7.3/809 - Release Date: 17/05/2007
> 17:18
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.467 / Virus Database: 269.7.3/809 - Release Date: 17/05/2007
> 17:18
>
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>

-- 
---------------------------------------
http://www.secgeeks.com
get a blog on SecGeeks :)
register here:-
http://secgeeks.com/user/register
rss feeds :-
http://secradar.com/node/feed
http://www.newskicks.com
Submit and kick for new stories from all around the world.
---------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:48 EDT