Re: Sneaking a peek on Wlan in airports

["Ryan Meyer" <lists () youthinkitweprintit com>]

It seems to me that this would be a fantastic way for an upstart to pick up
clients.

Sit in an airport, catch passwords, e-mail them to users with an offer for
your pentest services.

Except for the illegality...

Ryan


----- Original Message ----- 
From: "Erin Carroll" <amoeba () amoebazone com>
To: "'Tremaine Lea'" <pen-test () ddiction com>; "'Eduardo Di Monte'" 
<eduardo.dimonte () gmail com>
Cc: <jasper.o.waale () kh pwc com>; <listbounce () securityfocus com>; 
<pen-test () securityfocus com>
Sent: Thursday, May 17, 2007 2:57 PM
Subject: RE: Sneaking a peek on Wlan in airports


All,

Tremaine has a point I'd like to tangent from. There are many posts that
come across the list that can be interpreted as actions or events which are
questionable given the scenario. Unless explicitly stated by someone or
obviously illegal, please try to assume that the question or situation is of
a benign nature. We could argue about intentions or likelihood until we're
blue in the face but it generally devolves to flaming or not-so-nice
inferences that I do not want on this list.

Yes, there are script kiddies and unethical behavior in our profession...
But let's focus on the issue at hand and not the motive: You encounter
leaking sensitive data that was not in scope of a job or part of your duties
etc. What should you do?


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of Tremaine Lea
> Sent: Thursday, May 17, 2007 10:36 AM
> To: Eduardo Di Monte
> Cc: jasper.o.waale () kh pwc com; listbounce () securityfocus com;
> pen-test () securityfocus com
> Subject: Re: Sneaking a peek on Wlan in airports
>
> Starting a sniffer by error is pretty unlikely.
>
>
> Starting a sniffer and then closing your laptop after having
> forgotten about it, that's not unlikely.
>
>
>
>
> ---
>
> Tremaine Lea
> Network Security Consultant
>
> Be in pursuit of equality, but not at the expense of excellence.
>
>
> On 17-May-07, at 4:15 AM, Eduardo Di Monte wrote:
>
> > Jasper,
> >
> > You don´t run a sniffer by error, so stay away from doing
> this again.
> >
> > Regards,
> >
> > Eduardo Di Monte
> >
> >
> > -----Mensaje original-----
> > De: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] En nombre de
> > jasper.o.waale () kh pwc com Enviado el: miércoles, 16 de mayo de 2007
> > 7:20
> > Para: listbounce () securityfocus com; pen-test () securityfocus com
> > Asunto: Sneaking a peek on Wlan in airports
> >
> > I'm sure you as I have many time been in airport with public wlan
> > access and by error had some kind of sniffer running ?
> >
> > well I has Cain open because of a general scan I was making
> related to
> > a test, and I picked up a Pop3 account and password, I did
> try to find
> > the guy to tell him but did not see anybody with a laptop,
> so what now
> > do I email him as asking him to update the password or do I just
> > ignore it and let he carry on doing this to him self and his firm.
> >
> > Regards
> >
> > Jasper O Waale
> > _________________________________________________________________
> > The information transmitted is intended only for the person
> or entity
> > to which it is addressed and may contain confidential and/or
> > privileged material.  Any review, retransmission, dissemination or
> > other use of, or taking of any action in reliance upon, this
> > information by persons or
> > entities other than the intended recipient is prohibited.   If you
> > received
> > this in error, please contact the sender and delete the
> material from
> > any computer.
> >
> >
> >
> ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic See HOW Now with
> our 20/20
> > program!
> >
> > http://www.cenzic.com/c/2020
> >
> ----------------------------------------------------------------------
> > --
> >
> >
> >
> ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic See HOW Now with
> our 20/20
> > program!
> >
> > http://www.cenzic.com/c/2020
> >
> ----------------------------------------------------------------------
> > --
> >
> >
> >
>
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic See HOW Now with
> our 20/20 program!
>
> http://www.cenzic.com/c/2020
> --------------------------------------------------------------
> ----------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



__________ NOD32 2266 (20070514) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------