Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sneaking a peek on Wlan in airports

from [Manuel Arostegui Ramirez] Network Security [Permanent Link]
Subject: Re: Sneaking a peek on Wlan in airports
Date: Sat, 19 May 2007 08:38:36 +0200 
El Viernes, 18 de Mayo de 2007 21:54, ebk_lists@hotmail.com escribiÃ:

I think everyone is of the same opinion (myself included). Even if this
were legal, it would be a disastrous marketing ploy. It's one thing (and
still suspicious) to point out a vulnerability of some sort, quite another
to try to leverage that into work for yourself. Especially in the case of
actually going so far as to break something (yes, even wep) to do so. Kinda
like sticking a knife into someone's bald tire and then mentioning that
your shop has a sale on tires. Not a good idea.



I actually wonder why he started this thread using his work email account...
What sort of employees that company have? For me is totally unethical to crack 
a WEP pass (which in most cases is illegal) and then offer a security 
services, god, what the hell? If he thought about doing that, he'd attack 
another potentially client website and then email them with something like 
"hey, mate, we got admin in your site, do you want us to securize your site?"

And as some of you guys wrote, I agree and I don't think you run a sniffer by 
accident, no way.
Truth be told, most of us did do arp poisoning attacks on the "public" wifi 
network such as Starbuck's, yeah, at least me, just for a few minutes to see 
what's going on on that network, nothing deeper, and totally for sure not to 
try to sell me/our company services, right?

And finally, to anwser the original poster question...
I think it's pointless to advice him or whoever to change his email password, 
and even more, to go to him and say "hey, listen, i got your password BY 
ACCIDENT, I'm sorry, just change it, but be careful, cause I'm a good guy and 
I will do nothing with your password, but next time you might not be as lucky 
as this one, so try to use a VPN or something", you'd only get into troubles, 
no matter, if he was a "luser" or a "geek", problems would be waiting for you 
and your company since you offer him and his company some kind of security 
solution.

Just my 2 cents...

All the best.
Manuel.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Database pen-testing tools, crazy frog crazy frog
Next by Date:  Re: Legality of WEP Cracking, Chris Travers
Previous by Thread:  Re: Re: Sneaking a peek on Wlan in airports, ebk_lists
Next by Thread:  Legality of WEP Cracking, Richard Brinson
Indexes:  [Date] [Thread] [Top] [All Lists]