Well this sounds very much to me like 'We know (for example) Windows
security is weak by design, but it's not MS's fault for a crap
system, it's the bad guys fault for actually realising it'. I
disagree, MS have no excuse for not providing sufficient/suitable
security in their products, and may even have a legal obligation to
do so.
Also, whilst I would never condone hacking (cracking), but I believe
in freedom of information, and even a potential security expert must
begin his/her learning somewhere. It is common knowledge, and freely
available on the Internet (http://www.openbsd.org/cgi-bin/man.cgi)
that tcpdump may allow you to watch network traffic on a shared
medium such as WLAN, and also that ifconfig may allow you to change
the MAC address on your network card. Note that if your country
interprets freedom in such a fashion that it would implicate me here,
then this email is intended to improve the ability of a 'good guy'
not encourage a 'bad guy'...
To put it another way, is it my fault for teaching you to drive a
car, if you then use those skills to run down innocent pedestrians ?
/Pete
On 7 Jan 2008, at 8:28 PM, Andreas Maus wrote:
On Mon, Jan 07, 2008 at 12:19:26PM -0500, Dave Anderson wrote:
On Mon, 7 Jan 2008, Pau Amaro-Seoane wrote:
loosen up a bit, you're too tight up... I just want to check my
emails, I don't want to download p0nr movies
Theft of service is theft, regardless of how much or little service
you're stealing. If someone's gone to the trouble of filtering on
MAC
addresses, they've clearly indicated that they're not a public
service
-- and no amount of weasel-wording will get around that.
ACK!
Furthermore, depending on your origin this is considered a criminal
act if you circumvent the MAC filter. E.g. here in germany you will
pay for that crime or go to jail (for up to 5 years)
doing this for a: sniffing the traffic to get a valid IP/MAC
association b: breaking into the system which is protected
(even a MAC filter is considered a protection).
And NO A SYSTEM THAT USES MAC FILTERING IS NOT AN OPEN ACCESSPOINT!
Oh and by the way it may be considered a crime trying to do or giving
you tips how to do this (incitement).
If you have a similar system at work and you will try to figure out
how bad guys may attack this ... well talk to your boss or your IT
security team. Maybe you will be assigned to a penetration test.
But in this case you have to sign an agreement what you should
do, what you shouldn't do and when and how to to such tests.
(and if you are in a position to do penetration test you wouldn't
ask such questions ;) )
So don't expect any answer on this list.
Andreas.
--
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.
