Skip to main content

Techno-idiots (Part 3)

As some of you may know I do work involving IT Security for a living. To make my life easy I often use BackTrack. BackTrack is a Linux LiveCD that includes a whole load of IT Security tools (nmap, kismet, nikto...100s of tools). As with many online communities these days they offer forums for their users to ask questions etc.

What amazes me is the sheer idiocy of some of the people we get on the forums. I can completely understand that lots of people want to been a l33t h4x0rs. But SERIOUSLY...WTF PEOPLE!

For every good post (someone with a decent technical question or someone that wants to share something cool) there are 20 posts from truly clueless individuals, like:
"If i Don`t have any clients connected to my wep ...."
WTF are people doing trying to crack WEP and "test" Wireless Access Points, if they don't even know how the freaking things work.....actually strike that not how they work but just the basics of the terminology surrounding the thing. You don't connect to WEP. Perhaps you connect "via" it or "using" it.

I'm not even going to get into the fact that consumer products are insecure to start with and how breaking WEP should be completely irrelevant if you're using decent WPA or even better WPA with Radius auth.

The next big DUH! related to all these stupid posts is the people always claim "I'm trying to break MY WEP" etc. We know very well you're trying to hi-jack your neighbor's service and get free internet access (or similar circumstance) so STOP BSing us and wasting everyone's time.
1) You're wasting time with something you obviously don't understand.
2) There's no point in testing your own setup if you just do it right in the first place.
3) 99.999% of the time you're breaking the law. (Even if you tell us you have "permission"....we'll trust ya really...WTF?)

While IANAL, I did manage to dig some info up. Here is some of the relevant Canadian Criminal Code (Federal):
C-46, Section 326
Theft of telecommunication service

326. (1) Every one commits theft who fraudulently, maliciously, or without colour of right,
(a) abstracts, consumes or uses electricity or gas or causes it to be wasted or diverted; or
(b) uses any telecommunication facility or obtains any telecommunication service.

Definition of “telecommunication”
(2) In this section and section 327, "telecommunication" means any transmission, emission or reception of signs, signals, writing, images or sounds or intelligence of any nature by wire, radio, visual or other electromagnetic system.

R.S., c. C-34, s. 287; 1974-75-76, c. 93, s. 23.

Possession of device to obtain telecommunication facility or service

327. (1) Every one who, without lawful excuse, the proof of which lies on him, manufactures, possesses, sells or offers for sale or distributes any instrument or device or any component thereof, the design of which renders it primarily useful for obtaining the use of any telecommunication facility or service, under circumstances that give rise to a reasonable inference that the device has been used or is or was intended to be used to obtain the use of any telecommunication facility or service without payment of a lawful charge therefor, is guilty of an indictable offence and liable to imprisonment for a term not exceeding two years.

Forfeiture
(2) Where a person is convicted of an offence under subsection (1) or paragraph 326(1)(b), any instrument or device in relation to which the offence was committed or the possession of which constituted the offence, on such conviction, in addition to any punishment that is imposed, may be ordered forfeited to Her Majesty, whereupon it may be disposed of as the Attorney General directs.


So if it's not yours then don't use it. If you do use it then know you have to prove a "lawful excuse" for such use and that you'll likely forfeit your gear for at least the duration of the investigation and trial(s).

C-46, Section 430
Mischief in relation to data

(1.1) Every one commits mischief who wilfully
(a) destroys or alters data;
(b) renders data meaningless, useless or ineffective;
(c) obstructs, interrupts or interferes with the lawful use of data; or
(d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.

Punishment

(2) Every one who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life.
Punishment

(3) Every one who commits mischief in relation to property that is a testamentary instrument or the value of which exceeds five thousand dollars
(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or
(b) is guilty of an offence punishable on summary conviction.

Idem

(4) Every one who commits mischief in relation to property, other than property described in subsection (3),
(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding two years; or
(b) is guilty of an offence punishable on summary conviction.


A good summary of relevant US law can be found here:
http://irongeek.com/i.php?page=computerlaws/state-hacking-laws

Comments

Evolving Squid said…
I have this conversation a lot...

luser: Hey squid, you know how to crack WEP right?

me: yep.

luser: Can you tell me?

me: yep.

[dramatic pause]

luser: Will you tell me?

me: no.
Evolving Squid said…
"by wire, radio, visual or other electromagnetic system."

I guess intercepting ultrasonics is OK.
Wouldn't ultrasonics be covered under "other electromagnetic system"?
Evolving Squid said…
ultrasonics are not electromagnetic - it's physical vibration in the air.
Ok I see what you're getting at now.

Popular posts from this blog

Keyboard Shortcuts (Part II)

Continuing from my previous post on Keyboard Shortcuts : Windows Desktop/Explorer Window: F1 > Open Windows Help (Or active application help if you aren't on the desktop or in windows explorer) F2 > When you have a file selected F2 will take you into Rename mode F3 or WinKey + F > Open the find file or folder applet F5 > Refresh Window WinKey + M > Minimize All Windows WinKey + shift + M > Restore All Minimized Windows WinKey + D > Show Desktop WinKey + L > Lock Windows (Not available before WinXP) WinKey + E > Launch Windows Explorer WinKey + B > Set Focus to the TaskBar (dunno why you'd want to do this) WinKey + ctrl + F > Open the find computer applet shift + delete > Permanently remove a file (same as delete followed by empty trash) alt + tab > Cycles through your program list alt + shift + tab > Cycles backwards through your program list alt + space > Activate the window control menu (same as right clicking the icon in the top l

Keyboard Shortcuts (Part I)

People often notice that I don't use the mouse as much as most people. Personally I find it much quicker to do a lot of tasks using the keyboard. Therefore I've decided to post a list of keyboard shortcuts from time to time. Hopefully you'll enjoy them and and find them useful like I do. When editing text: ctrl + arrow (Left or Right) > Move the insertion point left or right entire words. ctrl + shift + arrow (Left or Right) > Highlight entire words (left or right of the insertion point). double click > Highlight an entire word. triple click > Highlight an entire line (not sentence). shift + home > Highlight from the insertion point to the start of the line. shift + end > Highlight from the insertion point to the end of the line.

VOTE for Firefox TLS 1.2 Support

As some of you may have heard TLS1.0 got some bad news/press recently. Various details: One , Two , and Three or check this Technical Paper (pdf) . So please go over here -> Firefox : Bug 480514 - Implement TLS 1.2 (RFC 5246) and VOTE! If you're really ambitious you could also go vote for TLS 1.1 implementation (for the sake of maximizing compatability with web servers): Firefox : Bug 565047 - Implement TLS 1.1 (RFC 4346)