|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Netstumbling
From: Joseph W. Shaw II (jshaw
vortex.org)
Date: Wed Mar 05 2003 - 19:21:27 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 5 Mar 2003, stonewall wrote:
> I am interested in the reaction that list members have gotten from various
> government agencies while netstumbling. Is there any clear guidance on the
> legality of 'stumbling? I am talking here about just 'stumbling, not set to
> auto reconfigure the card, just assessment and locating WAPs.
>
> You cannot be in the security business without being able to assess threats.
> In this business, paranoia is not paranoia, it is due diligence. I believe
> that anyone serious about security must be able to assess wireless zones,
> overlapping areas, buildings with multiple WAPs, etc. But have you been
> threatened by LE personnel in the process?
Not personally, no, but I recently consulted for a case that was tried in
Federal Court that might be of interest. The young man was talking with a
reporter from the local newspaper and was walking in downtown Houston with
a Netstumbler equipped laptop. While walking, he happened to come accross
a network owned by a county government entity, which was noted in the
article that followed. After the story was published in the local paper,
he was accused of hacking into their network, compromising a machine, and
loading pornography on it. I'm happy to say he was aquited, but it cost
him a significant amount of time and money.
Personally, I've been party to reporting a very serious flaw, but chose to
do so anonymously through a third party. While I could have used the
credibility that came with finding the flaw, especially in this job
market, I was hesitant to give them my name due to the fact that it
involved large amounts of money and confidential information. I only
wanted them to know the flaw was there and for them to get it fixed, so I
chose to err on the side of caution.
Regards,
--
Joseph
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]