From: Manuel Arostegui Ramirez (manuel@todo-linux.com)
Date: Sat May 19 2007 - 02:38:36 EDT
El Viernes, 18 de Mayo de 2007 21:54, ebk_lists@hotmail.com escribió:
> I think everyone is of the same opinion (myself included). Even if this
> were legal, it would be a disastrous marketing ploy. It's one thing (and
> still suspicious) to point out a vulnerability of some sort, quite another
> to try to leverage that into work for yourself. Especially in the case of
> actually going so far as to break something (yes, even wep) to do so. Kinda
> like sticking a knife into someone's bald tire and then mentioning that
> your shop has a sale on tires. Not a good idea.
>
I actually wonder why he started this thread using his work email account...
What sort of employees that company have? For me is totally unethical to crack
a WEP pass (which in most cases is illegal) and then offer a security
services, god, what the hell? If he thought about doing that, he'd attack
another potentially client website and then email them with something like
"hey, mate, we got admin in your site, do you want us to securize your site?"
And as some of you guys wrote, I agree and I don't think you run a sniffer by
accident, no way.
Truth be told, most of us did do arp poisoning attacks on the "public" wifi
network such as Starbuck's, yeah, at least me, just for a few minutes to see
what's going on on that network, nothing deeper, and totally for sure not to
try to sell me/our company services, right?
And finally, to anwser the original poster question...
I think it's pointless to advice him or whoever to change his email password,
and even more, to go to him and say "hey, listen, i got your password BY
ACCIDENT, I'm sorry, just change it, but be careful, cause I'm a good guy and
I will do nothing with your password, but next time you might not be as lucky
as this one, so try to use a VPN or something", you'd only get into troubles,
no matter, if he was a "luser" or a "geek", problems would be waiting for you
and your company since you offer him and his company some kind of security
solution.
Just my 2 cents...
All the best.
Manuel.
-- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT