Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Walmart using WEP

from [Gary Nichols] Network Security [Permanent Link]
Subject: Re: Walmart using WEP
Date: Fri, 28 Jul 2006 13:13:25 -0700 
Perhaps I'm missing something here, but how exactly were these posts
reckless?  

Examples:

Is this reckless?: OMG Walmart had an open access point and I hax0red their
POS sysytem and dropped the price on all Britney Spears CDs to 25 cents! The
new WEP key is '0wn3d!'.

Yes.  That would be reckless, but I didn't see that in this thread.

Is this reckless?: It would appear that Walmart is using 802.11 networking
and WEP on their inventory scanners.  This could be bad if someone cracked
the WEP key.  Not a very good security practice.

No.  I don't see it.  Looks like a good discussion topic to me.

Is this reckless?: I saw an 802.11 WAP on top of a door at Walmart.  I
wonder if it's an open network.  The next time I war drive the neighborhood
I should check.

No.  The poster never made mention of connecting to the network.  Checking
the presence of a broadcasted SSID and its encryption method/status is *NOT
ILLEGAL*.  Most commercial entities appreciate it when you alert them that
they have an open access point on their network.  Of course, with everyone
screaming "HACKER! TERRORIST!" nowadays, white and grey hats alike are
paranoid to advise anyone of anything.

Now, if the poster connected to the network, grabbed an IP and started
snooping around... Well, then I'd be flaming him too.

Sorry to beat the horse to death, but I hear this argument all too
frequently and it just gets tiring.



From: "Hawkins, Ray (721)" <Ray.Hawkins@protiviti.com>
Date: Thu, 27 Jul 2006 19:27:20 -0700
To: Gary Nichols <gnichols@phx1.bcbsaz.com>, <pen-test@securityfocus.com>
Conversation: Walmart using WEP
Subject: RE: Walmart using WEP

the community that the retired granny three doors down has a broken lock on
her backdoor rather than just telling her directly.  No amount of
pontificating over responsibility legitimizes reckless posts.

-----Original Message-----
From: Gary Nichols [mailto:gnichols@phx1.bcbsaz.com]
Sent: Thursday, July 27, 2006 9:07 PM
To: pen-test@securityfocus.com
Subject: Re: Walmart using WEP

Yes, this forum is for professionals to learn and share.  As a matter of
fact, many of us actually learn from the mistakes of others.  I don't see
anyone here advocating wardriving for the purpose of mischief.  I see a
couple of people talking about how irresponsible some commercial entities
are in deploying their wireless architectures, and one individual that was
going to drive around and see if his theory held water.

I had a chuckle when I read that "...war driving should be confined to
legally permitted isolated networks...".  Wardriving doesn't lend itself to
your suggestion by its very definition:

http://en.wikipedia.org/wiki/Wardriving

Don't apologize for not being impressed.  Most of us dressed-down for the
list today.





The information in this E-mail message is confidential and for 
the sole use of the intended recipient.  If you are not the 
intended recipient, you are hereby notified that any 
dissemination, distribution, copying or use of this information 
is strictly prohibited.  If you received this communication in 
error, please notify the sender immediately.  Blue Cross and 
Blue Shield of Arizona, Inc. and its subsidiaries and affiliates 
are not responsible for errors, omissions or personal comments 
in this E-mail message.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: What is being a pen tester really like?, Paul Melson
Next by Date:  RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE), David Cross
Previous by Thread:  RE: Walmart using WEP, Miguel Valentin
Next by Thread:  Re: Walmart using WEP, s-williams
Indexes:  [Date] [Thread] [Top] [All Lists]