Slashdot Mirror

← Back to Stories (view on slashdot.org)

WarTalking Arrest

Posted by Hemos on from the get-yer-cuffs-on dept.

PhotonSphere writes "Having helped organize HoustonWireless.org, this really caught my attention! A Houston computer security analyst has been charged with 'hacking' after demonstrating the insecurity of a court's wireless LAN! This happened Wednesday and is only now getting the attention of the wireless community. The Register has the full story."

3 of 390 comments (clear)

  1. My questions by nuggz · · Score: 5, Insightful

    He did access their network without permission.
    Did they create a public network? Public as in accessible to the public without any reasonable indication or security that it is indeed a private network.

    I think broadcasting a private network and letting people on it is akin to making a public network.

    It isn't this guys fault they had to shut down their network, it is the people who set up the insecure network in the first case.

  2. Serious Consequences fo InfoSec People by Inexile2002 · · Score: 5, Insightful

    This is something that many people in the InfoSec industry are worried about and more so in the current political environment. EVERY seminar, conference or training event I've been too, there has been someone standing there for twenty minutes lecturing everyone on covering your ass.

    What bothers me is that the reason things like this happen is ignorance of non-techies and refusal to see things in a reasonable light. If you were in a bank with a locksmith, and he showed the bank manager that the locks they were using were insecure, the manager would thank the locksmith and change the locks. Show a business manager the exact same thing with their network and they might decide to have you arrested.

    Whenever I'm going to show a client ANYTHING I get full written approval ahead of time to discuss or test their security, and I get written approval to discuss my findings. There have been times when I've found vulnerabilities and not said a damn word because the client refused to sign off.

    It's sad, there are people out there - and I've worked for and with them often - who really believe in security through anonymity and believe they are acting in their best interests by alienating and prosecuting the people who can really protect their networks.

    What I will admit however is that part of the problem rests with people who try to look smart and show off the security vulnerabilities in a smart-assed kind of way. As annoying as it sometimes is, you need to manage people's expectations, fears and prejudices.

  3. Damning evidence? by balthan · · Score: 5, Insightful

    At first I thought they were being a bit harsh until I took a closer look at the dates. He's accused of breaking into the network on the 8th, but not reporting it until the 18th. Now maybe he was unable to get an appoitment to see anyone, or maybe he took 10 days to poke around in the network and see what was there. He should have reported the insecurity immediately. The fact that he didn't is suspicious.