lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: Michael.Schmidt at T-Mobile.com (Schmidt, Michael R.)
Subject: Wireless ISPs

In some states it is illegal to intercept any communication without both parties knowledge.  This is true of wired or wireless communications.  Be it a chat session or an online order process.  In the state of Washington (my home state) intercepting this communication could be a felony.  So at least we have that

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of D B
Sent: Tuesday, May 11, 2004 12:21 PM
To: Brian Toovey
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Wireless ISPs

Hi Brian

Sit down sometime inside a wireless ISPs area and run
kismet. You can see someone connect to a service via
SSL, then immediately after they purchase something
they check the email. Guess what ? the Credit card #
and address are in that email.

Doesn't take some 15 year veteran of the internet to
see how this is a bad thing.

Go flame some newb who has no brain.

Dan Becker

--- Brian Toovey <btoovey@...global.com> wrote:
> Dan,
>
> Your post is troubling, if not confusing -
>
> You are talking about two seperate issues - email
> confirmations with companies that you buy goods and
> services from online and wireless data transmission.
>  Most wireless "computer equipment" that is sold now
> by default comes with some kind of encryption,
> completely hackable but "encrypted" - so it becomes
> the end user's responsibility to use the proper
> equipment / software to protect yourself.
>
> The other issue, automatic replies with sensitive
> data, are best directed to the customer service
> department of the company in transgression.
>
> Dan, the internet is an unsafe place for sensitive
> data.  I would suggest some study in different
> encryption methodlogies to educate yourself.
> Education leads to positive, well thought out data
> communication, which leads to peace of mind.
>
> Regards,
> Brian
>
> On May 11, 2004 02:33 PM, D B
> <geggam692000@...oo.com> wrote:
>
> > I'm not real sure how to post this, nor am I sure
> of
> > the scope. I am still learning about computers.
> >
> >
> > All transactions done via secure websites are
> secure,
> > however the auto mailing feature to confirm orders
> > sometimes contains sensitive data. When the
> customer
> > is on a wireless connection, be it ISP or home LAN
> > that data is broadcasted in the clear for anyone
> > within range to eavesdrop. A wired internet
> connection
> > limits the number of people who have access to
> this
> > data simply by the nature of the internet putting
> it
> > within acceptable risk.
> >
> > It is legal according to US law to eavesdrop on
> > wireless connections.
> >
> >
>
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm
> >
> > The only solutions I can offer are one of two
> things.
> >
> > 1. Quit sending auto confirmations with sensitive
> data
> >
> > 2. Encrypt all wireless transmissions at least
> making
> > someone who gains access to this data
> prosecutable.
> >
> > Please direct all flames to /dev/null
> >
> > Dan Becker
> >
> >
> >    
> >            
> > __________________________________
> > Do you Yahoo!?
> > Win a $20,000 Career Makeover at Yahoo! HotJobs 
> >
> http://hotjobs.sweepstakes.yahoo.com/careermakeover
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
>
> Brian Toovey
> igxglobal
> 389 Main Street Suite 206
> Hackensack, NJ 07601
> Ph: 201-498-0555x2225
> btoovey@...global.com
>
> Subscribe to the igxglobal Daily Security Briefing
> http://www.igxglobal.com/dsb/register.html
>
> igxglobal announces Daily Security Briefing
> newsletter
> http://www.prweb.com/releases/2004/5/prweb123759.htm
>
>
> The electronic message that you have received and
> any attachments are solely intended for the use of
> the addressee(s) and may contain information that is
> confidential. If you receive this email in error,
> please advise us by responding to NOC@...global.com.
> You are required to delete the contents and destroy
> any copies immediately.
> igxglobal is not liable for the views expressed in
> this electronic message or for the consequences of
> any computer viruses that may be unknowingly
> transmitted within this message. This electronic
> message is also subject to standard
> copyright/ownership laws. It is not intended to be
> reproduced, or re-transmitted without the consent of
> the originator.
>
>
>
>
>
>
>
>



       
               
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs 
http://hotjobs.sweepstakes.yahoo.com/careermakeover

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ