Thursday, May 15, 2008

 

Techno-idiots (Part 3)

As some of you may know I do work involving IT Security for a living. To make my life easy I often use BackTrack. BackTrack is a Linux LiveCD that includes a whole load of IT Security tools (nmap, kismet, nikto...100s of tools). As with many online communities these days they offer forums for their users to ask questions etc.

What amazes me is the sheer idiocy of some of the people we get on the forums. I can completely understand that lots of people want to been a l33t h4x0rs. But SERIOUSLY...WTF PEOPLE!

For every good post (someone with a decent technical question or someone that wants to share something cool) there are 20 posts from truly clueless individuals, like:
"If i Don`t have any clients connected to my wep ...."
WTF are people doing trying to crack WEP and "test" Wireless Access Points, if they don't even know how the freaking things work.....actually strike that not how they work but just the basics of the terminology surrounding the thing. You don't connect to WEP. Perhaps you connect "via" it or "using" it.

I'm not even going to get into the fact that consumer products are insecure to start with and how breaking WEP should be completely irrelevant if you're using decent WPA or even better WPA with Radius auth.

The next big DUH! related to all these stupid posts is the people always claim "I'm trying to break MY WEP" etc. We know very well you're trying to hi-jack your neighbor's service and get free internet access (or similar circumstance) so STOP BSing us and wasting everyone's time.
1) You're wasting time with something you obviously don't understand.
2) There's no point in testing your own setup if you just do it right in the first place.
3) 99.999% of the time you're breaking the law. (Even if you tell us you have "permission"....we'll trust ya really...WTF?)

While IANAL, I did manage to dig some info up. Here is some of the relevant Canadian Criminal Code (Federal):
C-46, Section 326
Theft of telecommunication service

326. (1) Every one commits theft who fraudulently, maliciously, or without colour of right,
(a) abstracts, consumes or uses electricity or gas or causes it to be wasted or diverted; or
(b) uses any telecommunication facility or obtains any telecommunication service.

Definition of “telecommunication”
(2) In this section and section 327, "telecommunication" means any transmission, emission or reception of signs, signals, writing, images or sounds or intelligence of any nature by wire, radio, visual or other electromagnetic system.

R.S., c. C-34, s. 287; 1974-75-76, c. 93, s. 23.

Possession of device to obtain telecommunication facility or service

327. (1) Every one who, without lawful excuse, the proof of which lies on him, manufactures, possesses, sells or offers for sale or distributes any instrument or device or any component thereof, the design of which renders it primarily useful for obtaining the use of any telecommunication facility or service, under circumstances that give rise to a reasonable inference that the device has been used or is or was intended to be used to obtain the use of any telecommunication facility or service without payment of a lawful charge therefor, is guilty of an indictable offence and liable to imprisonment for a term not exceeding two years.

Forfeiture
(2) Where a person is convicted of an offence under subsection (1) or paragraph 326(1)(b), any instrument or device in relation to which the offence was committed or the possession of which constituted the offence, on such conviction, in addition to any punishment that is imposed, may be ordered forfeited to Her Majesty, whereupon it may be disposed of as the Attorney General directs.


So if it's not yours then don't use it. If you do use it then know you have to prove a "lawful excuse" for such use and that you'll likely forfeit your gear for at least the duration of the investigation and trial(s).

C-46, Section 430
Mischief in relation to data

(1.1) Every one commits mischief who wilfully
(a) destroys or alters data;
(b) renders data meaningless, useless or ineffective;
(c) obstructs, interrupts or interferes with the lawful use of data; or
(d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.

Punishment

(2) Every one who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life.
Punishment

(3) Every one who commits mischief in relation to property that is a testamentary instrument or the value of which exceeds five thousand dollars
(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or
(b) is guilty of an offence punishable on summary conviction.

Idem

(4) Every one who commits mischief in relation to property, other than property described in subsection (3),
(a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding two years; or
(b) is guilty of an offence punishable on summary conviction.


A good summary of relevant US law can be found here:
http://irongeek.com/i.php?page=computerlaws/state-hacking-laws

Comments:
I have this conversation a lot...

luser: Hey squid, you know how to crack WEP right?

me: yep.

luser: Can you tell me?

me: yep.

[dramatic pause]

luser: Will you tell me?

me: no.
 
"by wire, radio, visual or other electromagnetic system."

I guess intercepting ultrasonics is OK.
 
Wouldn't ultrasonics be covered under "other electromagnetic system"?
 
ultrasonics are not electromagnetic - it's physical vibration in the air.
 
Ok I see what you're getting at now.
 
Post a Comment

Links to this post:

Create a Link


<< Home

This page is powered by Blogger. Isn't yours?