From: Cedric Blancher (sid@rstack.org)
Date: Thu Mar 16 2006 - 02:25:35 EST
Le mercredi 15 mars 2006 à 13:48 +0000, mht3@earthlink.net a écrit :
> At a recent Cisco security product meeting, I observed a security
> practice director outside snarfing phone numbers and addresses from
> the various people who were attending the meeting. He got up and
> presented the information saying there was no law preventing him from
> snarfing information. I seem to recall attending a conference a while
> back where the laws regarding this type of blue tooth snarfing was
> discussed.
In France, law says breaking (or trying to) into an "automated
information processing system" is illegal without owner consent. In this
case, the phone is clearly an "automated information processing system"
and this guy is stealing informations without user consent. It's as well
illegal to enter and/or maintain into such a system without owner
content, and so is dowloading and/or altering data. Not speaking of the
fact we're speaking of personal data, that can raise special legal
aspects in some situations. So, from many aspects, it's illegal. Period.
From a more technical point of vue, bluesnarfing[1][2] relies on
exploiting improper OBEX implementations, what basicly is called
exploiting a flaw. Thus, if this would be legal, then exploiting any
random flaw would be as well !?
I don't even see how the illegality of bluesnarfing could be
questionnable...
[1] http://trifinite.org/trifinite_stuff_bluesnarf.html
[2] http://trifinite.org/trifinite_stuff_bluesnarfpp.html
-- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE CanSecWest Practical WiFi (in)Security Master Dojo: http://cansecwest.com/dojowifi.html ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:41 EDT