At 3:21 PM -0400 6/25/02, Stephen Manuel wrote: >Tom, > >I'm not speaking jest, I have used netstumbler to find wireless networks >that are wide open, some >are in major companies. > >However, I turn off my client manager before I go wardriving, that way I >don't accidentially connect >to someone's network without authorization. I can't see how this is >considered hacking.
In general, the US Communications Act of 1934, as amended, makes illegal the disclosure to a third party of any electromagnetic traffic you have received, assuming the transmission is not intended for the public. Obviously, it gets a little blurry when you are disclosing the communication to its originator, but I still would be very careful here. > >When I initially approached the 3 companies I mentioned earlier, I had a >developed a 3-page document >on the ease of implementation of wireless networks and the inherit security >risks associated with wireless networks. I >didn't mention to any of the 3 that I had already detected their networks >and how wide open they really were. > >I am toying with the idea of sending specific information to them about >their wireless networks, like the MAC address of the AP, the SSID, the >network name, the exact location on a map of the AP, the manufacturer of the >AP, if WEP is turned on, plus if I really want to get serious I could tell >them if the AP is issuing IP addresses via DHCP and their network settings >if it is. I could see this part, fairly easily, as something an aggressive member of law enforcement considering a violation. The law is less than ideally clear here. People certainly have sued successfully for invasion of privacy when someone gets on a ladder and photographs over a fence, but the courts have also stated that the role of "celebrity" waives some parts of an expectation of privacy. Nevertheless, I wouldn't even think of doing this without getting legal advice, and also possibly discussing it first with local law enforcement (including the nearest FBI office with a technical group). > >The question I have is, would the company be happy to know that they have >security holes and were alerted to it, would they threaten me by calling law >enforcement, or would they ignore me as a nut or go and fix the problem >without hiring me to do it for them. It's a tossup. In the present concern over both surveillance and terrorism, I wouldn't want to deal with explaining it to less than technically significant law enforcement. > >I was simply amazed at the shear number of AP's out there and how many were >in businesses wide open. > >Stephen Manuel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47438&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
