From: Timothy Shea (tim@tshea.net)
Date: Wed Sep 05 2007 - 08:49:37 EDT
I agree with the first part but I strongly disagree with the last
part. But we've covered this before.
By going in and telling the owner or manager of the location that
their wireless is 'insecure' and that "I'm here to help. Here is my
card" is a sure invitation to get kicked out. Its one thing to be
helpful and say he might an issue - its quite a another to say "hire
me to fix it".
But go ahead and do it - I've gotten quite a lot of business due to -
other- companies using this tactic as a marketing gimmick.
t.s
On Sep 5, 2007, at 7:21 AM, swinginscott wrote:
> I think you would agree that a locksmith going around a
> neighborhood, opening doors then telling each family they need help
> would be an acceptable practice. Unwanted, or forced entry is just
> that, unwanted. Remember, an unlocked door is never an invitation
> to come inside under any circumstance.
>
> If the SSID is something like, "Joe's Office", I think the ethical
> thing would be to locate Joe's Office and go inside to offer your
> services. Just tell them, I noticed that your wireless network is
> unsecure. Then you could pitch your audit by saying things like,
> "With your unsecure network here are some of the things that can
> happen, I would be glad to show you a demonstration if you'll
> authorize it." Then once they agree, you can go outside and print
> the page on the printer without felonious access ;)
>
> You'll get the same point across to the customer, without breaking
> the law.
>
> ~ Scott
>
> ----- Original Message ----
> From: Barry Fawthrop <barry@ttienterprises.org>
> To: pen-test@securityfocus.com
> Sent: Tuesday, September 4, 2007 9:57:10 PM
> Subject: Where is the Wireless line?
>
> Hi All
>
> Where does the wireless line being and end with regards to "illegal
> access"
>
> Concept:
>
> If company A has a wireless network (unprotected) No Encryption,
> Broadcasting SSID, Default Acesss point user_name and password.
>
> You know they need security. So is it wrong to
> access the network and print to their printer a document
> saying "You need security, I just accessed your network"
>
> Or would one have to have permission first!.
> I'm not talking about accessing data and files, but using the printer
> and printing on their paper that they need help!!!.
> And then going in and asking for a security contract having proved
> beyond doubt that they need it.
>
> Otherwise before hand it is just your word & experience against theirs
> and obviously they are not going to admit they need help without being
> shown?
>
> Curious to hear your comments, or possible solutions to the same/
> similar
> problems??
>
> Thanks
> Barry
>
> ----------------------------------------------------------------------
> --
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ----------------------------------------------------------------------
> --
>
>
>
>
>
>
>
> ______________________________________________________________________
> ______________
> Sick sense of humor? Visit Yahoo! TV's
> Comedy with an Edge to see what's on, when.
> http://tv.yahoo.com/collections/222
>
> ----------------------------------------------------------------------
> --
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ----------------------------------------------------------------------
> --
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:06 EDT