[Novalug] Linux Wireless - tips tools and hacks?

Nick Danger nick@hackermonkey.com
Sat Oct 24 21:03:03 EDT 2009


On Sat, 24 Oct 2009 20:32:25 -0400
American Dave <novalug@soupy.org> wrote:

> There's a lot of prior art of why you don't want to embark on this
> path. You're just inviting trouble.  If you insist on testing your
> security you should get express written permission first, and be
> completely transparent while doing it.  

Trust me, I have complete permission and express written consent of
the MLB, the NFL and the NBA. This isn't me going down the path of "Oh
YEAH? Hold my beer and watch this!" This is after a few meetings of IT
where we discuss several security issues we decided to give this a try.
I am asking this group alone now but come Monday this will be a project
of the IT department, not just a rogue Linux guy being obnoxious. Its
not WEP at least :-)

> Anyway, don't do it to your employer.  It doesn't matter if you're
> right.

Right or wrong doesn't matter when breaking company policy. In this
case my employer has asked (more like dared) me to do it. And we have
some external auditors coming in to do just this type of thing
(PCI-DSS) in a few weeks anyway so we would very much like to "see what
they will see" before they see it. We like to run the tools they run
before they run them. That way we find out stuff like Nessus can crash
a Oracle 8i server on our own terms rather then theirs. Its amazing how
you can make a major issue a minor one and a minor issue a major one
just by your response to it. (Funny audit story if anyone wants to hear
it)

Thanks for the concern though. Its something to keep in mind. Being
right doesn't pay the bills when you get fired!

Nick



More information about the Novalug mailing list