On Wed, 5 Mar 2003, stonewall wrote: > I am interested in the reaction that list members have gotten from various > government agencies while netstumbling. Is there any clear guidance on the > legality of 'stumbling? I am talking here about just 'stumbling, not set to > auto reconfigure the card, just assessment and locating WAPs. > > You cannot be in the security business without being able to assess threats. > In this business, paranoia is not paranoia, it is due diligence. I believe > that anyone serious about security must be able to assess wireless zones, > overlapping areas, buildings with multiple WAPs, etc. But have you been > threatened by LE personnel in the process?
Not personally, no, but I recently consulted for a case that was tried in Federal Court that might be of interest. The young man was talking with a reporter from the local newspaper and was walking in downtown Houston with a Netstumbler equipped laptop. While walking, he happened to come accross a network owned by a county government entity, which was noted in the article that followed. After the story was published in the local paper, he was accused of hacking into their network, compromising a machine, and loading pornography on it. I'm happy to say he was aquited, but it cost him a significant amount of time and money. Personally, I've been party to reporting a very serious flaw, but chose to do so anonymously through a third party. While I could have used the credibility that came with finding the flaw, especially in this job market, I was hesitant to give them my name due to the fact that it involved large amounts of money and confidential information. I only wanted them to know the flaw was there and for them to get it fixed, so I chose to err on the side of caution. Regards, -- Joseph ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
