Re: Legality of WEP Cracking

To:	DaKahuna <da.kahuna@gmail.com>, pen-test@securityfocus.com
Subject:	Re: Legality of WEP Cracking
From:	Carl Livitt <carllivitt@yahoo.com>
Date:	Sat, 19 May 2007 21:34:21 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding; b=xVVcJrrosDq2O2pB0fzDhtrqbaRtfKcQK6kmWI1gVD0UP/+gTGfOkSZNQkMVHKpq8adU+01Yo+wJHux3j7bIebbk/U0ZN3s1D/Fliewy1KFtM33CjnzQNqzHCzjccDm40OkuKUKgXqbMLmdpXdAc19IAUjUYQSqgMe+zw/1DINA= ;
In-reply-to:	<91E18088-C77E-4910-B40D-E2F97A700D0D@gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA+QrJM2ZtvkGw8Q52cxvSusKAAAAQAAAAsHC7awQCw0eNjHkJX0gt7QEAAAAA@kanoo-uk.com> <464E3004.9040204@yahoo.com> <BAY124-DAV125844CF6E6E14E6011176D9320@phx.gbl> <91E18088-C77E-4910-B40D-E2F97A700D0D@gmail.com>
Resent-date:	Sun, 20 May 2007 13:49:14 -0600 (MDT)
Resent-from:	pen-test-return-1078484206@securityfocus.com
Resent-message-id:	<20070520194914.D93DB236FE8@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
User-agent:	Thunderbird 1.5.0.10 (X11/20070403)

>
> On May 18, 2007, at 7:47 PM, Morning Wood wrote:
>
>>> The UK law is clear, I quote from the UK Computer Misuse Act 1990
>>> (http://www.opsi.gov.uk/ACTS/acts1990/Ukpga_19900018_en_2.htm):
>>>
>>
>> from what I understand here in the US...
>>
>> "sniffing the air"        is legal
>> "connecting to an AP you do not have explicit permission"       is
>> illegal
>> "possession of an access restriction device" eg: WEP key
>> that you are not explicitly allowed
>> permission                           is illegal
>>
>> capturing airborne packets "may" be legal, but the moment you begin to
>> "try" to "crack" a WEP key, you would be entering access restriction
>> device
>> realm instantly. ( do not pass GO! ) , as well, simply connecting to
>> your
>> target AP is illegal from the get-go ( gimme your dice! )
>>
>> but my understanding is only a perspective, which may or not be
>> completely
>> askew...
>>
>
>  How about this scenario.
>
> I am sitting in a Starbuck$ and am connected to the T-Mobile Wireless
> service.
> I start Wireshark and capture all the packets I am seeing from the WAP.
> Is this legal or illegal?

There are 2 answers:

1) Legal, because your wifi card has already captured the packets
regardless of whether you're using software to save/process/display
them. This applies to all wifi transmissions, encrypted or otherwise.
It's the firmware/drivers/software that decide what happens to traffic
that you have already intercepted whether you intended to or not. If you
think about it, wifi networks couldn't work without this 'receive all
frames/traffic by default' behaviour!

2) Illegal, for the exact same reasons as (1), above!

Tricky ground, eh? Does anyone know of case law regarding this?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Legality of WEP Cracking, Richard Brinson RE: Legality of WEP Cracking, Shenk, Jerry A Re: Legality of WEP Cracking, crazy frog crazy frog Re: Legality of WEP Cracking, Tim Shea RE: Legality of WEP Cracking, Richard Brinson Re: Legality of WEP Cracking, crazy frog crazy frog RE: Legality of WEP Cracking, Edgar Romero Re: Legality of WEP Cracking, Carl Livitt Re: Legality of WEP Cracking, Morning Wood Re: Legality of WEP Cracking, DaKahuna Re: Legality of WEP Cracking, Carl Livitt <= Re: Legality of WEP Cracking, Justin Ferguson Re: Legality of WEP Cracking, George Dragusin Re: Legality of WEP Cracking, Chris Travers Re: Legality of WEP Cracking, John Mason Jr Re: Legality of WEP Cracking, Paul Dickens RE: Legality of WEP Cracking, Richard Brinson Re: Legality of WEP Cracking, Nick Selby Re: Legality of WEP Cracking, Nicholas Chapel Re: RE: Legality of WEP Cracking, ebk_lists RE: RE: Legality of WEP Cracking, Erin Carroll

Previous by Date:	Re: Legality of WEP Cracking, DaKahuna
Next by Date:	Re: Legality of WEP Cracking, Justin Ferguson
Previous by Thread:	Re: Legality of WEP Cracking, DaKahuna
Next by Thread:	Re: Legality of WEP Cracking, Justin Ferguson
Indexes:	[Date] [Thread] [Top] [All Lists]