Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: Legality of WEP Cracking

from [Erin Carroll] Network Security [Permanent Link]
Subject: RE: RE: Legality of WEP Cracking
Date: Fri, 18 May 2007 12:33:34 -0700 
This, and other responses in the same vein, are spot on. Don't do it. It's
opening more liability and cost to your company than the potential revenue
you could generate.

On the other hand, I don't see the problem with contacting said company (no
cracking on your end) and telling them you noticed they are using wireless
and WEP (anyone in range can) and explaining the dangers of relying on such
an easily broken protocol as your sales-pitch-ish way in. Then again, I
avoid the sales aspect of this business like the plague where possible so no
idea if this would even garner a non-hostile response.




-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of 
ebk_lists@hotmail.com
Sent: Friday, May 18, 2007 12:00 PM
To: pen-test@securityfocus.com
Subject: Re: RE: Legality of WEP Cracking

It's a question of the laws of the country you are in, for 
sure. But overall I think that by actively cracking the wep 
or wpa or whatever encryption, you are treading on thin ice, 
if not breaking the law altogether. My brief google didn't 
reveal any specific examples, but based on what I already 
have learned about the law and how it applies (at least in 
the US), I would say that eavesdropping on UNENCRYPTED 
wireless communications is ok. By failing to use encryption, 
the people are, as you say, giving up their expectation of 
privacy. Especially given the fact that wireless 
communications are a bit ubiquitous due to their nature. 

However, the line gets drawn once they are using encryption. 
They have taken a step to provide a measure of privacy (even 
while using something as broken as wep) and by actively 
trying to surpass that, I think you may be in a bit of 
danger. Although I don't know for sure. Hopefully someone 
else can give us more legal reference.

Regardless, this is a bad idea and I would highly recommend 
NOT doing this for/against anyone that isn't paying you and 
has given you a sign "get out of jail" letter. You have 
rightly dismissed this one.
 

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with 
our 20/20 program!

http://www.cenzic.com/c/2020
--------------------------------------------------------------
----------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sneaking a peek on Wlan in airports, Toby Barrick
Next by Date:  Re: Legality of WEP Cracking, crazy frog crazy frog
Previous by Thread:  Re: RE: Legality of WEP Cracking, ebk_lists
Next by Thread:  RE:Legality of WEP cracking, scott
Indexes:  [Date] [Thread] [Top] [All Lists]