Re: Re: Legality of WEP Cracking

From: Matthew Webster (awakenings@mindspring.com)
Date: Sat May 19 2007 - 08:26:27 EDT

• Next message: David M. Zendzian: "Re: Consulting License Offer"
• Previous message: Bob Radvanovsky: "Re: Legality of WEP Cracking"
• Maybe in reply to: Nick Selby: "Re: Legality of WEP Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Craig,

    Thanks for that information. I have an additional question that is purely hypothetical
which also tangentially related to the WEP cracking in airports. In the space around
where I work, there are approximately 200 different access points that are visible
from within the space I work that are not owned by us. Presently I only use netstumbler
/ kismet to ensure that the devices are not present in our environment. If we had
a device that was in ad hoc mode, then it could potentially indicate a breach.
If I wanted to capture packers to investigate our network further, there would be
a high degree of probability that I would inadvertently capture packets from one
of the other 200 different networks invading our space. It sounds like, because
those wireless networks invade our space, that I would not be permitted to do so
because I would be in awareness that I would also pick up other wireless networks.
Luckily, even with the audit follow-ups, I've never needed to do so, but I could
imagine an incident occurring where I may need to capture traffic (authorized relating
to our own network), but I may even inadvertently capture plain-text passwords.
This may be a good opportunity to update my forensic procedures to include wireless
breaches and update incident response surrounding wireless networks. Any thoughts?

Matt

-----Original Message-----
>From: cwright@bdosyd.com.au
>Sent: May 18, 2007 11:46 PM
>To: pen-test@securityfocus.com
>Subject: Re: Re: Legality of WEP Cracking
>
>>"sniffing the air" is legal
>
>Well actually, if this is sniffing as in intentially capturing an electronic transmission, than this is illegal and also criminal.
>
>Interecption + telcomunications - permission = criminal act
>this is true in the US, CA, UK, AU etc
>
>So actually even capturing packets is illegal, proof is difficult though.
>
>Regards
>Craig
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Are you using SPI, Watchfire or WhiteHat?
>Consider getting clear vision with Cenzic
>See HOW Now with our 20/20 program!
>
>http://www.cenzic.com/c/2020
>------------------------------------------------------------------------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: David M. Zendzian: "Re: Consulting License Offer"
• Previous message: Bob Radvanovsky: "Re: Legality of WEP Cracking"
• Maybe in reply to: Nick Selby: "Re: Legality of WEP Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT