pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: Sneaking a peek on Wlan in airports

from [ebk_lists] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: Re: RE: Sneaking a peek on Wlan in airports
From: ebk_lists@hotmail.com
Date: 17 May 2007 22:34:29 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Thu, 17 May 2007 16:59:44 -0600 (MDT)
Resent-from: pen-test-return-1078484161@securityfocus.com
Resent-message-id: <20070517225944.29EE2237CC4@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
I feel that I must interject here. Even at the risk of having my email killed 
by the moderator. 

Here goes:Jasper,For the sake of argument (or non-argument) I'll just assume 
your actions were an accident. Things do happen and we do get busy from time to 
time. It may be possible for the scenario you have outlined to have happened. 
Ok. 

So, for one thing, were your results being saved to the same file constantly? 
Was this the only additional password you picked up aside from the ones from 
the client's network? How are you to know? This may skew your results, no? What 
of any audit trails you may have? What if your client requests them? At the 
very least, you have created additional work for yourself. Secondly, why did 
you feel the need to post this to this mailing list from your work email? I 
think most people, even the most ethical and honest of us included, would have 
deleted the password and pretended it didn't happen (because honestly, in this 
day and age people would rather shoot the messenger than hear the message). But 
you asked the world what you should do, and in so doing, described a admittedly 
questionable scenario. I guess the main problem I have with your post is that 
you sent it from your work email, and I am quite surprised no one else has 
called you out on it, yet. PWC (price waterhouse cooper
 s) has worked really hard to establish itself as one of
the premier pen testing and computer auditing firms in the country,
even the world. Alot of us on this list work for companies that have
paid or will pay your company a tremendous amount of money to come and
conduct either a pen test or an audit (or both) on our networks. Seeing
things like this creates questions on what we are paying for and who we are 
allowing into our networks.I guess I can just sum it up by strongly 
recommending that you get a hotmail account to post to this list. I admit that 
I am far from perfect, but I wouldn't want to embarrass my employer, either.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Sneaking a peek on Wlan in airports, alan
Next by Date:  RE: RE: Sneaking a peek on Wlan in airports, mystic33
Previous by Thread:  Re: Sneaking a peek on Wlan in airports, Jason Chambers
Next by Thread:  RE: RE: Sneaking a peek on Wlan in airports, mystic33
Indexes:  [Date] [Thread] [Top] [All Lists]