Re: Where is the Wireless line?

From: List Spam (listspam@gmail.com)
Date: Wed Sep 05 2007 - 11:20:58 EDT

Perhaps this thread might be instructive:

http://seclists.org/pen-test/2007/Mar/0017.html

I'm not sure that much has changed in the past 6 months with regards
to the ethics side of things - an overriding requirement for a firm
hired to penetrate company assets, no?

Be aware that "anti-hacking" laws are being interpreted in a variety
of ways, but a variety of officials these days:

http://news.zdnet.co.uk/communications/0,1000000085,39288729,00.htm

http://www.adn.com/news/alaska/story/8667098p-8559268c.html

http://www.woodtv.com/Global/story.asp?S=6546307

If someone were to come to me, soliciting their services to fix a
breech they had discovered, I'd toss them out at minimum. I would
also seriously wrestle with having them detained while the police were
called.

No matter how many ways you ask it, the facts won't change. Accessing
someone else's assets without permission is a currently a crime in
most places. You may get someone to philosophically agree that it is
okay to try and drum up business this way, but that does not change
the facts.

That being said, truly public WiFi networks might not take offense to
the type of trespass you are discussing:

http://www.emergentchaos.com/archives/2007/08/trespass_and_forgiveness.html

Just don't expect to get paid for disclosure.

RE

On 9/4/07, Barry Fawthrop <barry@ttienterprises.org> wrote:
> Hi All
>
> Where does the wireless line being and end with regards to "illegal access"
>
> Concept:
>
> If company A has a wireless network (unprotected) No Encryption,
> Broadcasting SSID, Default Acesss point user_name and password.
>
> You know they need security. So is it wrong to
> access the network and print to their printer a document
> saying "You need security, I just accessed your network"
>
> Or would one have to have permission first!.
> I'm not talking about accessing data and files, but using the printer
> and printing on their paper that they need help!!!.
> And then going in and asking for a security contract having proved
> beyond doubt that they need it.
>
> Otherwise before hand it is just your word & experience against theirs
> and obviously they are not going to admit they need help without being
> shown?
>
> Curious to hear your comments, or possible solutions to the same/similar
> problems??
>
> Thanks
> Barry
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:06 EDT