Penetration Testing mailing list archives
Re: Where is the Wireless line?
From: "List Spam" <listspam () gmail com>
Date: Wed, 5 Sep 2007 08:20:58 -0700
Perhaps this thread might be instructive: http://seclists.org/pen-test/2007/Mar/0017.html I'm not sure that much has changed in the past 6 months with regards to the ethics side of things - an overriding requirement for a firm hired to penetrate company assets, no? Be aware that "anti-hacking" laws are being interpreted in a variety of ways, but a variety of officials these days: http://news.zdnet.co.uk/communications/0,1000000085,39288729,00.htm http://www.adn.com/news/alaska/story/8667098p-8559268c.html http://www.woodtv.com/Global/story.asp?S=6546307 If someone were to come to me, soliciting their services to fix a breech they had discovered, I'd toss them out at minimum. I would also seriously wrestle with having them detained while the police were called. No matter how many ways you ask it, the facts won't change. Accessing someone else's assets without permission is a currently a crime in most places. You may get someone to philosophically agree that it is okay to try and drum up business this way, but that does not change the facts. That being said, truly public WiFi networks might not take offense to the type of trespass you are discussing: http://www.emergentchaos.com/archives/2007/08/trespass_and_forgiveness.html Just don't expect to get paid for disclosure. RE On 9/4/07, Barry Fawthrop <barry () ttienterprises org> wrote:
Hi All Where does the wireless line being and end with regards to "illegal access" Concept: If company A has a wireless network (unprotected) No Encryption, Broadcasting SSID, Default Acesss point user_name and password. You know they need security. So is it wrong to access the network and print to their printer a document saying "You need security, I just accessed your network" Or would one have to have permission first!. I'm not talking about accessing data and files, but using the printer and printing on their paper that they need help!!!. And then going in and asking for a security contract having proved beyond doubt that they need it. Otherwise before hand it is just your word & experience against theirs and obviously they are not going to admit they need help without being shown? Curious to hear your comments, or possible solutions to the same/similar problems?? Thanks Barry ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Where is the Wireless line? Barry Fawthrop (Sep 05)
- RE: Where is the Wireless line? Matt Steer (Sep 05)
- RE: Where is the Wireless line? adam.slader (Sep 05)
- Re: Where is the Wireless line? Harry Hoffman (Sep 05)
- Re: Where is the Wireless line? Juergen Fiedler (Sep 05)
- Re: Where is the Wireless line? List Spam (Sep 05)
- Re: Where is the Wireless line? Noah (Sep 05)
- Re: Where is the Wireless line? DaKahuna (Sep 05)
- <Possible follow-ups>
- Re: Where is the Wireless line? swinginscott (Sep 05)
- Re: Where is the Wireless line? Timothy Shea (Sep 05)
- Re: Where is the Wireless line? Morning Wood (Sep 05)
- Re: Where is the Wireless line? swinginscott (Sep 05)
- Re: Where is the Wireless line? Barry Fawthrop (Sep 05)
- RE: Where is the Wireless line? Matt Steer (Sep 05)