JimmyPopAli

http://www.theregister.co.uk/content/55/26397.html

From the Kismet list.

g0tr00t

This is such bullsh*t.

"an alleged intrusion that cost the county a reported $5,000 to clean up."

WTF? What cost $5000???? For the county to ream out the net admins for f*cking up!!! The cost of the wireless AP's that mr dumbsh*t net admin recommended? - Oh just leave it at default. It's the best security setting in the world.

"District Clerk Charles Bacarisse told the paper that no confidential information was disclosed but the alleged intrusion eventually resulted in the county closing its wireless LAN only a month after it was activated. "

So what cost $5000????????

Check this out!
"On March 18, Puffer demonstrated to a county official and a Chronicle reporter how easy it was to gain access to the court's system using only a laptop computer and a wireless LAN card. "

And now he is doing jail time for this???

Let me get this straight:
1. A reporter contacted him to "stumble"
2. A county official accompanied them to go stumble.
3. He accessed their network and showed them, lets say, the workstations.
4. He did NOTHING to their networks.
5. Now is facing jail time!!!

"Puffer, who was employed briefly by the county's technology department in 1999, could get five years in jail and faces a $250,000 fine on each count if convicted, the Houston Chronicle reports."

Sorry to stoop to the level of cursing. But this crap pisses me off! Here someone was helping them and now they turn around and lock him up.

Ok, ok so he should of had a signed contract with the court house and what not, but it still frosts my ass..



---Ok, so I missed the part about uploading porn. Ok, so he did hack, pretty deep too. Oh well, his loss. Dumbass.

__________________
g0tr00t

"Its all fun and games until someone gets killed."

lincomatic

---Ok, so I missed the part about uploading porn. Ok, so he did hack, pretty deep too. Oh well, his loss. Dumbass.


this part is a joke, right?

you should post this on the main netstumbler site too. very interesting.

__________________
~lincomatic

g0tr00t

http://www.chron.com/cs/CDA/story.hts/tech/news/1507766

The guy is getting blamed for this too....

__________________
g0tr00t

"Its all fun and games until someone gets killed."

lincomatic

sounds a more than a bit far-fetched to try to pin the porno pic on him too. another case of overzealous DA's. it was probably an inside job from some dork surfing pr0n at his desk.

__________________
~lincomatic

g0tr00t

Well you know someone has to be the scapegoat. This poor guy is it. So now every intrusion from 1 month prior to them shutting down wirelesss will be blamed on this guy.

Instead of going after the net admin that installed the AP's. AGHHH!!!!!

This kills me...Just think about it now.

The county is going to hire a forensics team to analyze the network, they will all need new computers , the old ones may have trojans and cannot be cleaned , now they are going to spend much more $$$$ on having a "security consultant" to come in, flip on WEP and enable MAC filtering.

Kills me....

__________________
g0tr00t

"Its all fun and games until someone gets killed."

Sh00t3r

G0tr00t, you hit the nail on the head. There's going to be thousands spent now only because someone actually exposed a vulnerability, or did he? What he actually did to "hack" the network is going to have to be determined. Nonetheless he did have previous working experience at the location and this could've made his attack a heck of alot easier.

Sorry to say but this Bacarisse guy is right. Anyone attempting to take a reporter along and show him how to "hack" into a WLAN better be prepared for repurcusions after the hacked company is all over the TV. Simply using NetStumbler or Kismet as means to "identify" WLANS is another story (as fungus did recently).

Maybe the article should've been titled "ethical hacker faces charges after exposing an exploit of a wireless LAN". As opposed to the war driving title?

Time will tell

carbolic

Back story from March 2002:
http://www.chron.com/cs/CDA/story.hts/topstory/1302663

__________________
www.SoCalWUG.org

lincomatic

that is really sad. a couple of bureaucrats trying to save their sorry asses by blaming a scapegoat. it's their heads that should roll for putting up a wide open network in the first place. hell, anyone in a nearby building w/ XP would have gotten on automatically. just goes to show you the slimy "damage control" public officials resort to when they make a mistake.

__________________
~lincomatic

drnazo

This is exactly why war drivers and wi-fi junkies should keep a low profile.
Another case similar happened here. Only he got in trouble for wardriving. He told people that the cops said that they could see the glow of the LCD on his face and twas the reason they pulled him over. Once he was pulled over they gave him a ticket for operating a computer while driving and also a ticket for scanning.

He was actually doing them a favor and was punished for it. This shows you how bad ignorant people can hurt a good cause.

I plan on continuing wardriving and everything but I also plan on modifying my wardriving habits.

stumble_butt

That's what this guy was - an amatuer! Someone said it right - you get a contract to evaluate a system FIRST then you hack it! This bozo deserves everything he gets! To many freaking wannabes calling themsleves "security specialists" without knowing the first thing about the ground rules.

Yes, the Clerk of the Court needs to share this guys fate for allowing an unsecured system to be installed. But we all know that's not going to happen.

One other thing - let's don't kid ourselves about wardriving being a good "cause". If all you do is collect APs then you've got a hobby. If it goes any further then it's hacking - something this court is probably going to make case law about.

That FOX news story the other night ended up with the talking head spouting something about "this is a gray area until the courts get involved". Well I think the "courts" are about to "get involved" and legistlators will soon follow it up with black letter law.

If you want to call informing and educating others about the insecurities of 802.xx a "cause" - I'll buy that - but wardriving? Wardriving has been fun, and educational but a "cause"? .... I don't think so.

"We have for a long time being breaking little laws, and the big laws are beginning to catch up with us." ~ A.F. Coventry 1888-1973 Canadian Naturalist

__________________
Marius -- You ' Da Man

TheSovereign

man they got ripped off 5,000 bux to delete porn
well no good deed goes unpunished i hope this is a lesson to u all
if your gonna scan use a mac address spoofer!

__________________
SO SAYS TheSovereign

Sh00t3r

Ok after reading this article, I have to say this Charles Bacarisse guy is quite a tool bag. But the case should still go to court to determine what hacking, compromising of the network, porn placement, etc. was actually done. This could be a landmark case for wardrivers if they focus on the wireless factor. So much for that "gray area". Think if in a year it was ILLEGAL to war drive. jeeesh!

g0tr00t

What if you wanted to let someone know. What if you just mentioned to one of your co workers and said, hey someone needs to know this. Then the next day your co-workers squeals and you are led out in cuffs.

What no contract between you and a coworker. People talk, this guy got a raw deal in my book.

It's his fault for not having a contract in his back pocket? The news article doesn't tell the whole story and never will. I say to hell with this wireless a--holes. If they went up with no WEP or MAC filtering that is their fault.

Yeah he should have gotten a signed contract. But what if he wanted to get a contract. Then his boss, says well how do you know this? Hmm, umm well let me show you my NS logs. BAM - busted.

This story sounds incomplete to me. My support goes for Stefan Puffer. He just wanted to let someone, anyone know that they were wide open.

I am in his boat. Becasue I don't have my CISSP, nor do I have a track record of penetration testing, nor do I have certs in being a Net Admin, I know what am doing. But there is no one to tell of the open AP's at my work. If I do I may be another Stefan Puffer. So now thousands of peoples info is flying through the air, why, because there is no one that I can get to "sign a contract" so I can show them how wide open they are.

So on they will go exposing thousands US citizens information clearly through the air. Just becuase I can't hang a shingle over my head that says, "Security Analyst". Life ain't fair sometimes....

__________________
g0tr00t

"Its all fun and games until someone gets killed."

fordem

And that $5000 cleanup - is not for cleaning up. That's probably the security analyst's fee - you know - the guy they called in to secure what should have been secured in the first place.