RE: Legality of blue tooth hacking

From: Mark Teicher (mht3@earthlink.net)
Date: Sun Mar 19 2006 - 19:51:17 EST


That is correct and how the incident occurred..
The question originally posted and asked, is what
is the legality of this particular
situation. IMHO, it was an illegal act and in
doing so, the security practice director should
be removed from his position and summarily
terminated, but since I guess the company he
works for condoned his behavior, they stated "he
is so smart" and allowed him to continue his
presentation. Any act that which information is
obtained with the owner's consent is breaking the
law or violating the terms of employment.

At 05:02 AM 3/17/2006, Cedric Blancher wrote:
>Le vendredi 17 mars 2006 à 10:28 +0100, tomaz Bratusa a écrit :
> > In my opinion there's no problem because the guy who tested bluetooth
> > security didn't have evil intent. He was just checking devices and
> > informing people about security holes in their devices.
>
>As far as I understand the story, he wasn't just testing their security,
>he was actually breaking into their phones to download their personal
>data and then show them they were vulnerable, without their prior
>consent. In that case, he can fully argue good faith, but what he does
>is illegal. It's the main difference between doing things you belive
>legitimate (I'm trying to help) and legal stuff (I'm not breaking the
>law). You can help people, but actually breaking the law, and thus doing
>illegal things.
>
>The thing is law (at least in France) on computer crime does not take
>intent in account. It defines what's an intrusion as using the system
>without owner consent. There's no "legitimate purpose" for breaking into
>IT systems (without owner consent). So you may have the best intentions
>in the world, if you're breaking into a system without prior consent,
>you break the law, period.
>
>Futhermore, the OP question was on bluetooth hacking as a more general
>matter:
>
> "He got up and presented the information saying there was no law
> preventing him from snarfing information."
>
>I understand this as "if I was a malicious user, you couldn't sue me
>because there is no law that actually prevents me to download your
>personal data from your phone". And that is just plainly untrue. Now
>maybe my english not being good prevent me from understanding some
>subtility in this.
>
>And as WiFi and wireless protocols in general privacy over the air was
>mentioned before, downloading stuff from a phone using a wireless link
>is truely different from just listening or probing around. Thus, I don't
>think you can compare it to wardriving for instance.
>
> > Are you a burglar if you go past your fiends house and see that the
> > front door is open na take o look?
>
>To me, analogies with real world mostly suck...
>
>
>--
>http://sid.rstack.org/
>PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> >> Hi! I'm your friendly neighbourhood signature virus.
> >> Copy me to your signature file and help me spread!
>
>------------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Concerned about Web Application Security?
>As attacks through web applications continue to rise, you need to proactively
>protect your applications from hackers. Cenzic has the most comprehensive
>solutions to meet your application security penetration testing and
>vulnerability management needs. You have an option to go with a managed
>service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
>Download FREE whitepaper on how a managed service can help you:
>http://www.cenzic.com/forms/ec.php?pubid=10025
>And, now for a limited time we can do a FREE audit for you to confirm your
>results from other product. Contact us at request@cenzic.com
>------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:42 EDT