username:password@www.whatever.net is something you might type into the url bar that would pose a very real security threat when shared. Google search terms are automatically published and your login information would be accessible to anyone.
Considering that Internet explorer stopped supporting that method of sending credentials in 2004, I don't think its an issue. http://support.microsoft.com/kb/834489.
The smokescreen was that while the cars were in getting the pedals modified, Toyota was also installing updated firmware. The new firmware disengages the throttle if the brake is applied for more than a few seconds. Something that should have been programmed in the first place.
If the vulnerability were publicly (fully) disclosed, perhaps Mozilla would rush a fix out the door. As far as I know, there has been limited disclosure of the vulnerability to only a few parties, and I haven't heard that the vulnerability is being exploited.
I'd be interested in knowing what options are available for similarly hardening Windows. What I'd really like to see is for the average system to become difficult enough to compromise that there is no longer fertile ground for automated attacks and the botnets that follow. I think that's achievable too, if we really wanted to do it.
The nice part is that almost all of the security settings are trivially deployed via Active Directory and GPOs. Deploying Linux security settings in a corporate environment generally involves rolling your own scripts and distribution methods.
I'm not saying Windows doesn't have room for improvement in the realm of security. On the contrary, there are tons of hardening features and settings in Windows but most are turned off by default for compatibility reasons (or really annoying like the Vista default implementation of UAC).
... to stand in the way of progress. Unions have a long history of holding milking their employers with little regard to the overall health of the business (who cares if GM is going down the toilet, so long as the retired union guys gets their pension) . Here is yet another case where they are holding their own pocketbooks as more important than all else. As a tax payer, I'd rather see the govt get rid of agencies that are manually processing paperwork (inconsistently at that) and automate as much as possible. However, I do strongly feel that you should be able to reach a real person if something needs straightened out.
The article says its damages, presumably payable to the person spammed by the spamming company. Given that the CA law also says its a misdemeanor, that would imply that individuals can be fined or jailed. Cali might be able to start prosecuting these guys and generating some revenue. Or maybe they'll stick with the easier to prove and more lucrative dwi cases.
From 17529.5. http://codes.lp.findlaw.com/cacode/BPC/1/d7/3/1/1.8/s17529.5 (a)It is unlawful for any person or entity to advertise in a commercial e-mail advertisement either sent from California or sent to a California electronic mail address under any of the following circumstances:
(1)The e-mail advertisement contains or is accompanied by a third-party's domain name without the permission of the third party.
(2)The e-mail advertisement contains or is accompanied by falsified, misrepresented, or forged header information. This paragraph does not apply to truthful information used by a third party who has been lawfully authorized by the advertiser to use that information.
(3)The e-mail advertisement has a subject line that a person knows would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.
(b)(1)(A)In addition to any other remedies provided by any other provision of law, the following may bring an action against a person or entity that violates any provision of this section:
(i)The Attorney General.
(ii)An electronic mail service provider.
(iii)A recipient of an unsolicited commercial e-mail advertisement, as defined in Section 17529.1.
(B)A person or entity bringing an action pursuant to subparagraph (A) may recover either or both of the following:
(i)Actual damages.
(ii)Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of this section, up to one million dollars ($1,000,000) per incident.
(C)The recipient, an electronic mail service provider, or the Attorney General, if the prevailing plaintiff, may also recover reasonable attorney's fees and costs.
(D)However, there shall not be a cause of action under this section against an electronic mail service provider that is only involved in the routine transmission of the e-mail advertisement over its computer network.
(2)If the court finds that the defendant established and implemented, with due care, practices and procedures reasonably designed to effectively prevent unsolicited commercial e-mail advertisements that are in violation of this section, the court shall reduce the liquidated damages recoverable under paragraph (1) to a maximum of one hundred dollars ($100) for each unsolicited commercial e-mail advertisement, or a maximum of one hundred thousand dollars ($100,000) per incident.
(3)(A)A person who has brought an action against a party under this section shall not bring an action against that party under Section 17529.8 or 17538.45 for the same commercial e-mail advertisement, as defined in subdivision (c) of Section 17529.1.
(B)A person who has brought an action against a party under Section 17529.8 or 17538.45 shall not bring an action against that party under this section for the same commercial e-mail advertisement, as defined in subdivision (c) of Section 17529.1.
(c)A violation of this section is a misdemeanor, punishable by a fine of not more than one thousand dollars ($1,000), imprisonment in a county jail for not more than six months, or both that fine and imprisonment.
I am indeed aware of a few other utilities that can handle 3rd party updates. I've even seen a few utilities that allow manually adding custom packages to a WSUS server. A recent one at www.w3sus.com sounds like it might be easier than my current method of using GPOs or scripts to keep my environment up to date on java, adobe, firefox, etc.
Referring to Nvidia and Linksys, I presume you're talking about drivers. Yes Windows Updates and WSUS have drivers, but Microsoft only provides the WHQL testing drivers which are usually very out of date. I deliberately don't approve those in WSUS as they sometimes end up replacing or screwing up newer drivers already on the machine. Are you aware of any 3rd party software updates, either routine or security related, that Microsoft provides via WU/WSUS?
Actually, companies CAN run their updates through Windows Update - they just usually refuse
Really? Not through the normal Windows Update. Name one company that has done so. You can however you a WSUS server to handle third-party updates, but it's not a trivial process and you have to set this up yourself. It would be nice if Adobe created a streamlined method of adding their updates to a corp wsus server.
I can see some use for this a secondary method of archiving the private key. Perhaps one that might survive the EMP blast from a nuclear strike. I don't think I wouldn't trust it as a primary method though.
Personally, I would think that using a smartcard (or two for redundancy) would be a better option. Since the private key never leaves the card once installed, it can't be copied without stealing the card itself. The actual signing, or en/decrypting of symmetric keys happens securely within the smartcard. If someone actually needs to recover some encrypted archive data then they go get the card and use it. The pin to unlock the card can be changed as needed. Otherwise with typical removeable media or hard copy of the private key, any person or software that had access in the past could have copied it.
For an example of a large entity doing this full-scale, just have a look at the DOD CAC program.
or download the dummy.exe from the actual directions below and point it to that.
Right, like I'm dumb enough to grab an unknown executable from some website and tie it to my F1 key. You must have me mistaken as someone from the other topic about clueless admins who will do anything an official email tells them to.
If the USPS wants to sell the stamp, they should make the guy a good-faith offer for a license to the image they stole.
I agree with that. Regardless of the contentions over who owns the copyrights or if the photo was fair use, USPS should have consulted with Mr Gaylord beforehand and had the decency to credit him for the work in the press releases.
I believe under a strict interpretation of the law, the civil penalty for the copyright violation is limited to $30k. USPS could have settled with Gaylord up front instead of feeding the trial lawyers, but then I suppose that's conceding on the question of ownership. Convoluted isn't it?
A cursory search finds that Hyundai donated $1M to the project, so you might not want to make that assumption. The CoE would I imagine have to be involved in any project on the Mall
Hyundai donated $100k to a Korean War memorial in Oregon. Google also turns up the Korean War National Museum as a 501(c)3 charitable organization, but that's not the memorial itself.
The court ruling itself gives the contract number. One important excerpt from the contract is "The Government shall be considered the “person for whom the work was prepared” for the purpose of authorship in any copyrightable work under 17 U.S.C. 201(b)".
"Being under contract to the govt" seems to be inaccurate. Citation needed.
Indirectly contracted would be more accurate. The information you seek is in the link to the ruling cited in the summary.
Corp of Engineers Contract #DACA31-90-C-0057 (April 11, 1990)
"The Army Corps of Engineers selected Cooper-Lecky Architects, P.C. (Cooper- Lecky) as the prime contractor for the creation, construction, and installation of the Memorial. Cooper-Lecky sponsored a competition to select the sculptor for the Memorial. Mr. Gaylord, a nationally recognized sculptor, won the contest. "
"I-28 GOVERNMENT RIGHTS (UNLIMITED) (MAR 1979). The Government shall have unlimited rights, in all drawings, designs, specifications, notes and other works developed in the performance of this contract, including the right to use same on any other Government design or construction without additional compensation to the Contractor. The contractor hereby grants to the Government a paid-up license throughout the world to all such works to which he may assert or establish any claim under design patent or copyright laws . . .
I-29 DRAWINGS AND OTHER DATA TO BECOME PROPERTY OF GOVERNMENT (MAR 1979). All designs, drawings, specifications, notes and other works developed in the performance of this contract shall become the sole property of the Government . . . . The Government shall be considered the “person for whom the work was prepared” for the purpose of authorship in any copyrightable work under 17 U.S.C. 201(b). With respect thereto, the contractor agrees not to assert or authorize others to assert any rights nor establish any claim under the design patent or copyright laws . . . "
I believe such monuments are usually funded by subscription by private organizations; and I find evidence that such is the case for this Memorial. So, NO, your tax dollars did not pay for this, though it is on public land; I do not know if the Federal government maintains the site or a private organization does so (as is the case with e.g. Monticello).
The court summary statement mentions it was contracted under an Army Corp of Engineers contract, so I would presume that govt dollars were used. http://www.nab.usace.army.mil/projects/WashingtonDC/korean.html also states the project was managed and now maintained by the Army COE.
That should have started, "With $17 million in sales..."
And even more interesting was the estimate of 5.4 million sold to collectors. I don't understand the point of collecting a stamp when there are 46 million others just like it? It's the same notion of collecting all the state quarters I suppose.
Well actually the idea and concept was created by a team from Penn State. The govt took the idea and contracted out to have it implemented. The contracted company then hired Gaylord.
The underlying problem is that copyrights were improperly assigned to Gaylord in the first place.
I think the word you are actually looking for is something like "erroneously" or "stupidly". It seems like the copyrights were properly assigned.
The govt in its arguments used the word "improperly assigned" so I stuck with that. Erroneously implies by mistake to me. Gaylord wasn't the sole holder so it was improper to have assigned him a copyright saying so. A bit ironic as it was a govt office that screwed that up.
The article is a bit misleading when it says "Innocent Infringement Defense" as it is not a defense of the charge if infringement. It is actually an admission that infringement took place, but requests a lower penalty as the infringement was not deliberate or unforeseen. In this case, the defendant made the argument that the works in question didn't have any obvious copyright markings and she didn't know they were under copyright. (I suspect they asked if she had looked at the CD in the store and had seen the copyright notice on it, and she said yes).
They never lose the exclusivity. The exclusivity is a legal construct, and only applies only in the legal framework. That legal exclusivity is weakened if and only if someone else passes an illegal copy as a legal one. The people selling DVDs on street corners do remove the exclusivity. But people knowingly trading illegal works are not harming the holder being the exclusive legal place to purchase the work.
Huh? If you are distributing copies of the work without the consent of the copyright holder or one of the accepted exceptions like fair-use, then you are infringing on his rights, period. The question of actual harm to the copyright holder is mostly irrelevant in determining whether the copyright has been infringed. I believe the law needs to be changed to allow any damages awarded to better reflect the actual harm done to the copyright holder, and not this blanket statutory $750 per work mess.
The point of the article (you did bother reading it right?) is that some strains like MRSA are resistance to all but a few classes of current antibiotics. Those particular classes of antibiotics have significant side effects, like Cipro damaging connective tissue, or others causing kidney damage. Even more troubling is the finding of a strain that is resistance to all current antibiotics.
It's not clear yet, what the long term safety or effectiveness of the antibiotics being developed are.
The underlying problem is that copyrights were improperly assigned to Gaylord in the first place. Being under contract to the govt, those copyrights should have been assigned to the govt. In fact the contracting officer has been and still is demanding that those improperly assigned copyrights be turned over. The court wasn't allowed to challenge the validity of those copyrights and had to take them at face value.
Because the password is never sent during the 4-way handshake.
I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.
When a client connects to a WEP or WPA access point, there is a four-way challenge-response handshake:
1. The client station sends an authentication request to the Access Point.
2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.
So pretending to be their wireless access point or even sniffing the exchange won't reveal the passphrase.
Now if you pretend to be their access point and don't request authentication, then they may very well connect to you and never be the wiser. Then assuming you provide internet access, you are free to sniff or alter their data streams.
I suppose its possible to pretend to be their access-point, and pass along the pieces of the handshake to the real access point. That would make you a man-in-the-middle, but that doesn't buy you anything more than just sniffing the traffic out of the air.
Slashdot Mirror
Not really.
username:password@www.whatever.net is something you might type into the url bar that would pose a very real security threat when shared. Google search terms are automatically published and your login information would be accessible to anyone.
Considering that Internet explorer stopped supporting that method of sending credentials in 2004, I don't think its an issue.
http://support.microsoft.com/kb/834489.
The smokescreen was that while the cars were in getting the pedals modified, Toyota was also installing updated firmware. The new firmware disengages the throttle if the brake is applied for more than a few seconds. Something that should have been programmed in the first place.
If the vulnerability were publicly (fully) disclosed, perhaps Mozilla would rush a fix out the door. As far as I know, there has been limited disclosure of the vulnerability to only a few parties, and I haven't heard that the vulnerability is being exploited.
You mean like having an automated exploit tool published 1-1/2 months ago? https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0/
I'd be interested in knowing what options are available for similarly hardening Windows. What I'd really like to see is for the average system to become difficult enough to compromise that there is no longer fertile ground for automated attacks and the botnets that follow. I think that's achievable too, if we really wanted to do it.
You could start with using the features already provided in Windows http://technet.microsoft.com/en-us/library/cc507874.aspx and http://www.microsoft.com/downloads/details.aspx?familyid=A3D1BBED-7F35-4E72-BFB5-B84A526C1565&displaylang=en.
The nice part is that almost all of the security settings are trivially deployed via Active Directory and GPOs. Deploying Linux security settings in a corporate environment generally involves rolling your own scripts and distribution methods.
I'm not saying Windows doesn't have room for improvement in the realm of security. On the contrary, there are tons of hardening features and settings in Windows but most are turned off by default for compatibility reasons (or really annoying like the Vista default implementation of UAC).
The article says its damages, presumably payable to the person spammed by the spamming company. Given that the CA law also says its a misdemeanor, that would imply that individuals can be fined or jailed. Cali might be able to start prosecuting these guys and generating some revenue. Or maybe they'll stick with the easier to prove and more lucrative dwi cases.
From 17529.5. http://codes.lp.findlaw.com/cacode/BPC/1/d7/3/1/1.8/s17529.5
(a)It is unlawful for any person or entity to advertise in a commercial e-mail advertisement either sent from California or sent to a California electronic mail address under any of the following circumstances:
(1)The e-mail advertisement contains or is accompanied by a third-party's domain name without the permission of the third party.
(2)The e-mail advertisement contains or is accompanied by falsified, misrepresented, or forged header information. This paragraph does not apply to truthful information used by a third party who has been lawfully authorized by the advertiser to use that information.
(3)The e-mail advertisement has a subject line that a person knows would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.
(b)(1)(A)In addition to any other remedies provided by any other provision of law, the following may bring an action against a person or entity that violates any provision of this section:
(i)The Attorney General.
(ii)An electronic mail service provider.
(iii)A recipient of an unsolicited commercial e-mail advertisement, as defined in Section 17529.1.
(B)A person or entity bringing an action pursuant to subparagraph (A) may recover either or both of the following:
(i)Actual damages.
(ii)Liquidated damages of one thousand dollars ($1,000) for each unsolicited commercial e-mail advertisement transmitted in violation of this section, up to one million dollars ($1,000,000) per incident.
(C)The recipient, an electronic mail service provider, or the Attorney General, if the prevailing plaintiff, may also recover reasonable attorney's fees and costs.
(D)However, there shall not be a cause of action under this section against an electronic mail service provider that is only involved in the routine transmission of the e-mail advertisement over its computer network.
(2)If the court finds that the defendant established and implemented, with due care, practices and procedures reasonably designed to effectively prevent unsolicited commercial e-mail advertisements that are in violation of this section, the court shall reduce the liquidated damages recoverable under paragraph (1) to a maximum of one hundred dollars ($100) for each unsolicited commercial e-mail advertisement, or a maximum of one hundred thousand dollars ($100,000) per incident.
(3)(A)A person who has brought an action against a party under this section shall not bring an action against that party under Section 17529.8 or 17538.45 for the same commercial e-mail advertisement, as defined in subdivision (c) of Section 17529.1.
(B)A person who has brought an action against a party under Section 17529.8 or 17538.45 shall not bring an action against that party under this section for the same commercial e-mail advertisement, as defined in subdivision (c) of Section 17529.1.
(c)A violation of this section is a misdemeanor, punishable by a fine of not more than one thousand dollars ($1,000), imprisonment in a county jail for not more than six months, or both that fine and imprisonment.
I am indeed aware of a few other utilities that can handle 3rd party updates. I've even seen a few utilities that allow manually adding custom packages to a WSUS server. A recent one at www.w3sus.com sounds like it might be easier than my current method of using GPOs or scripts to keep my environment up to date on java, adobe, firefox, etc.
Referring to Nvidia and Linksys, I presume you're talking about drivers. Yes Windows Updates and WSUS have drivers, but Microsoft only provides the WHQL testing drivers which are usually very out of date. I deliberately don't approve those in WSUS as they sometimes end up replacing or screwing up newer drivers already on the machine. Are you aware of any 3rd party software updates, either routine or security related, that Microsoft provides via WU/WSUS?
Actually, companies CAN run their updates through Windows Update - they just usually refuse
Really? Not through the normal Windows Update. Name one company that has done so. You can however you a WSUS server to handle third-party updates, but it's not a trivial process and you have to set this up yourself. It would be nice if Adobe created a streamlined method of adding their updates to a corp wsus server.
I can see some use for this a secondary method of archiving the private key. Perhaps one that might survive the EMP blast from a nuclear strike. I don't think I wouldn't trust it as a primary method though.
Personally, I would think that using a smartcard (or two for redundancy) would be a better option. Since the private key never leaves the card once installed, it can't be copied without stealing the card itself. The actual signing, or en/decrypting of symmetric keys happens securely within the smartcard. If someone actually needs to recover some encrypted archive data then they go get the card and use it. The pin to unlock the card can be changed as needed. Otherwise with typical removeable media or hard copy of the private key, any person or software that had access in the past could have copied it.
For an example of a large entity doing this full-scale, just have a look at the DOD CAC program.
I wasn't bitching about you, but rather the hydrous weblog actually expecting people to download the aptly named dummy.exe.
or download the dummy.exe from the actual directions below and point it to that.
Right, like I'm dumb enough to grab an unknown executable from some website and tie it to my F1 key. You must have me mistaken as someone from the other topic about clueless admins who will do anything an official email tells them to.
If the USPS wants to sell the stamp, they should make the guy a good-faith offer for a license to the image they stole.
I agree with that. Regardless of the contentions over who owns the copyrights or if the photo was fair use, USPS should have consulted with Mr Gaylord beforehand and had the decency to credit him for the work in the press releases.
I believe under a strict interpretation of the law, the civil penalty for the copyright violation is limited to $30k. USPS could have settled with Gaylord up front instead of feeding the trial lawyers, but then I suppose that's conceding on the question of ownership. Convoluted isn't it?
A cursory search finds that Hyundai donated $1M to the project, so you might not want to make that assumption. The CoE would I imagine have to be involved in any project on the Mall
Hyundai donated $100k to a Korean War memorial in Oregon. Google also turns up the Korean War National Museum as a 501(c)3 charitable organization, but that's not the memorial itself.
The court ruling itself gives the contract number. One important excerpt from the contract is "The Government shall be considered the “person for whom the work was prepared” for the purpose of authorship in any copyrightable work under 17 U.S.C. 201(b)".
"Being under contract to the govt" seems to be inaccurate. Citation needed.
Indirectly contracted would be more accurate. The information you seek is in the link to the ruling cited in the summary.
Corp of Engineers Contract #DACA31-90-C-0057 (April 11, 1990)
"The Army Corps of Engineers selected Cooper-Lecky Architects, P.C. (Cooper-
Lecky) as the prime contractor for the creation, construction, and installation of the
Memorial. Cooper-Lecky sponsored a competition to select the sculptor for the
Memorial. Mr. Gaylord, a nationally recognized sculptor, won the contest. "
"I-28 GOVERNMENT RIGHTS (UNLIMITED) (MAR 1979).
The Government shall have unlimited rights, in all drawings, designs,
specifications, notes and other works developed in the performance of this
contract, including the right to use same on any other Government design or
construction without additional compensation to the Contractor. The
contractor hereby grants to the Government a paid-up license throughout the
world to all such works to which he may assert or establish any claim under
design patent or copyright laws . . .
I-29 DRAWINGS AND OTHER DATA TO BECOME PROPERTY OF
GOVERNMENT (MAR 1979).
All designs, drawings, specifications, notes and other works developed
in the performance of this contract shall become the sole property of the
Government . . . . The Government shall be considered the “person for
whom the work was prepared” for the purpose of authorship in any
copyrightable work under 17 U.S.C. 201(b). With respect thereto, the
contractor agrees not to assert or authorize others to assert any rights nor
establish any claim under the design patent or copyright laws . . . "
I believe such monuments are usually funded by subscription by private organizations; and I find evidence that such is the case for this Memorial. So, NO, your tax dollars did not pay for this, though it is on public land; I do not know if the Federal government maintains the site or a private organization does so (as is the case with e.g. Monticello).
The court summary statement mentions it was contracted under an Army Corp of Engineers contract, so I would presume that govt dollars were used. http://www.nab.usace.army.mil/projects/WashingtonDC/korean.html also states the project was managed and now maintained by the Army COE.
That should have started, "With $17 million in sales..."
And even more interesting was the estimate of 5.4 million sold to collectors. I don't understand the point of collecting a stamp when there are 46 million others just like it? It's the same notion of collecting all the state quarters I suppose.
Well actually the idea and concept was created by a team from Penn State. The govt took the idea and contracted out to have it implemented. The contracted company then hired Gaylord.
The underlying problem is that copyrights were improperly assigned to Gaylord in the first place.
I think the word you are actually looking for is something like "erroneously" or "stupidly". It seems like the copyrights were properly assigned.
The govt in its arguments used the word "improperly assigned" so I stuck with that. Erroneously implies by mistake to me. Gaylord wasn't the sole holder so it was improper to have assigned him a copyright saying so. A bit ironic as it was a govt office that screwed that up.
The article is a bit misleading when it says "Innocent Infringement Defense" as it is not a defense of the charge if infringement. It is actually an admission that infringement took place, but requests a lower penalty as the infringement was not deliberate or unforeseen. In this case, the defendant made the argument that the works in question didn't have any obvious copyright markings and she didn't know they were under copyright. (I suspect they asked if she had looked at the CD in the store and had seen the copyright notice on it, and she said yes).
A quick summary of the Innocent Infringement Response for those who actually click links. http://itlaw.wikia.com/wiki/Innocent_infringement
They never lose the exclusivity. The exclusivity is a legal construct, and only applies only in the legal framework. That legal exclusivity is weakened if and only if someone else passes an illegal copy as a legal one. The people selling DVDs on street corners do remove the exclusivity. But people knowingly trading illegal works are not harming the holder being the exclusive legal place to purchase the work.
Huh? If you are distributing copies of the work without the consent of the copyright holder or one of the accepted exceptions like fair-use, then you are infringing on his rights, period. The question of actual harm to the copyright holder is mostly irrelevant in determining whether the copyright has been infringed. I believe the law needs to be changed to allow any damages awarded to better reflect the actual harm done to the copyright holder, and not this blanket statutory $750 per work mess.
The point of the article (you did bother reading it right?) is that some strains like MRSA are resistance to all but a few classes of current antibiotics. Those particular classes of antibiotics have significant side effects, like Cipro damaging connective tissue, or others causing kidney damage. Even more troubling is the finding of a strain that is resistance to all current antibiotics.
It's not clear yet, what the long term safety or effectiveness of the antibiotics being developed are.
The underlying problem is that copyrights were improperly assigned to Gaylord in the first place. Being under contract to the govt, those copyrights should have been assigned to the govt. In fact the contracting officer has been and still is demanding that those improperly assigned copyrights be turned over. The court wasn't allowed to challenge the validity of those copyrights and had to take them at face value.
Because the password is never sent during the 4-way handshake.
I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.
When a client connects to a WEP or WPA access point, there is a four-way challenge-response handshake:
1. The client station sends an authentication request to the Access Point.
2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.
So pretending to be their wireless access point or even sniffing the exchange won't reveal the passphrase.
Now if you pretend to be their access point and don't request authentication, then they may very well connect to you and never be the wiser. Then assuming you provide internet access, you are free to sniff or alter their data streams.
I suppose its possible to pretend to be their access-point, and pass along the pieces of the handshake to the real access point. That would make you a man-in-the-middle, but that doesn't buy you anything more than just sniffing the traffic out of the air.
What online banking website has unencrypted logins?
How many people would notice a man-in-the-middle attack where the connection between the middle and their computer wasn't encrypted/https?
Because the password is never sent during the 4-way handshake.