Hosting Provided By

Re: ethics of approaching vulnerable prospective clients

From: Darren Van Booven <darren(at)fni-stl.com>
Date: Tue Nov 12 2002 - 17:53:56 EST

I know people differ quite a bit on this topic. My personal opinion is that once you intentionally associate with a wireless access point that isn't yours without permission (emphasis on intentionally...if you're just sniffing it's possible to do this unintentionally), you have just performed a system penetration and that is not ethical. This is regardless of whether you can actually see or do anything with that association. Yes it is true, and unfortunate, that so many people leave their systems wide open, but that doesn't make it any more "right" for you to go around and access their networks to verify their SSID or use of WEP. If you leave your car door open on the street, is it ok for me to open the door and sit down just because your car was insecure? What if I tried pulling out your stereo to see if it's locked in or not (analogy..verifying use of WEP). Yes my car was out in public (like the wireless traffic going through the air) and highly insecure (available to anyone nearby, just like wireless traffic), but that doesn't make a difference.

Just because you can do something like this, and it's so easy to do it, doesn't mean you should do it. Keep in mind that when companies buy security services, they want to make sure the people they're hiring are ethical. Before you even slip your card in the mailbox, you've already proven you're not.

Original Message ----- From: "Zach Forsyth" <zach.forsyth@kiandra.com> To: <pen-test@securityfocus.com> Sent: Monday, November 11, 2002 9:38 PM Subject: ethics of approaching vulnerable prospective clients

> Been lurking for quite some time now but thought I might pose a question

--

> This list is provided by the SecurityFocus Security Intelligence Alert

(SIA)

> Service. For more information on SecurityFocus' SIA service which

> automatically alerts you to the latest security vulnerabilities please

see:

> https://alerts.securityfocus.com/

>

>



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Received on Wed Nov 13 06:01:37 2002

This message: [ Message body ]
Next message: Brooke, O'neil (EXP): "RE: ethics of approaching vulnerable prospective clients"
Previous message: Brian Hatch: "Re: Cracking Base64 Passwords Perl Script."
In reply to: Zach Forsyth: "ethics of approaching vulnerable prospective clients"
In reply to Gareth: "Re: ethics of approaching vulnerable prospective clients"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT