> * Intent: This is a biggie. If someone trespassed on your > private network through an open wireless access point, then proving > digital trespassing can be very difficult. However, if the user > must bypass your minimalist WEP security, then they clearly show > intent to trespass.
Accessing it is different than listening to it. Assuming I don't do ARP replay or other L2 games because I'm impatient, I've never really "trespassed" since you were blasting your signal into a public area, and it's an unlicensed band. (IANAL .. anyone have a case law link for the above conjecture?) > Consider WEP like a low fence around a swimming pool. Without the > fence, you are in trouble if a neighborhood kid drowns in the pool. > It's an "attractive nuisance". However, with the fence, you should > be covered if a kid climbs the fence and drowns. It's still bad, > but you have a standing to refute blamed since you put up a > barrier, even if the barrier was minimal. Depends .. can they convince the jury that your fence wasn't *really* tall enough? Remember .. here in the US, store owners get sued because a burglar falls through the roof during the course of a break-in. Put another way, if I use a system known to be ineffective (a twist-tie on a gate lock, to use the above "pool" example) it could be plausibly argued that you in effect made no effort at all. Once someone writes a network widget that automates the (capture -> crack -> connect) process, it could probably argued the same way for WEP (again .. IANAL). ~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/