Penetration Testing mailing list archives
Re: Where is the Wireless line?
From: swinginscott <swinginscott () yahoo com>
Date: Wed, 5 Sep 2007 05:55:56 -0700 (PDT)
I agree with the notion that it's less than productive. I was simply addressing the issue of getting the same point across without stepping over the legal bounds. If they haven't figured out how to setup their wireless securely either by whomever set it up or using Google, I doubt they'd actually go the distance to pay someone to do it on a contractual basis. ~ ----- Original Message ---- From: Timothy Shea <tim () tshea net> To: swinginscott <swinginscott () yahoo com> Cc: pen-test () securityfocus com Sent: Wednesday, September 5, 2007 8:49:37 AM Subject: Re: Where is the Wireless line? I agree with the first part but I strongly disagree with the last part. But we've covered this before. By going in and telling the owner or manager of the location that their wireless is 'insecure' and that "I'm here to help. Here is my card" is a sure invitation to get kicked out. Its one thing to be helpful and say he might an issue - its quite a another to say "hire me to fix it". But go ahead and do it - I've gotten quite a lot of business due to - other- companies using this tactic as a marketing gimmick. t.s On Sep 5, 2007, at 7:21 AM, swinginscott wrote:
I think you would agree that a locksmith going around a neighborhood, opening doors then telling each family they need help would be an acceptable practice. Unwanted, or forced entry is just that, unwanted. Remember, an unlocked door is never an invitation to come inside under any circumstance. If the SSID is something like, "Joe's Office", I think the ethical thing would be to locate Joe's Office and go inside to offer your services. Just tell them, I noticed that your wireless network is unsecure. Then you could pitch your audit by saying things like, "With your unsecure network here are some of the things that can happen, I would be glad to show you a demonstration if you'll authorize it." Then once they agree, you can go outside and print the page on the printer without felonious access ;) You'll get the same point across to the customer, without breaking the law. ~ Scott ----- Original Message ---- From: Barry Fawthrop <barry () ttienterprises org> To: pen-test () securityfocus com Sent: Tuesday, September 4, 2007 9:57:10 PM Subject: Where is the Wireless line? Hi All Where does the wireless line being and end with regards to "illegal access" Concept: If company A has a wireless network (unprotected) No Encryption, Broadcasting SSID, Default Acesss point user_name and password. You know they need security. So is it wrong to access the network and print to their printer a document saying "You need security, I just accessed your network" Or would one have to have permission first!. I'm not talking about accessing data and files, but using the printer and printing on their paper that they need help!!!. And then going in and asking for a security contract having proved beyond doubt that they need it. Otherwise before hand it is just your word & experience against theirs and obviously they are not going to admit they need help without being shown? Curious to hear your comments, or possible solutions to the same/ similar problems?? Thanks Barry ---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ---------------------------------------------------------------------- -- ______________________________________________________________________ ______________ Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222 ---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ---------------------------------------------------------------------- --
____________________________________________________________________________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Where is the Wireless line?, (continued)
- RE: Where is the Wireless line? Matt Steer (Sep 05)
- RE: Where is the Wireless line? adam.slader (Sep 05)
- Re: Where is the Wireless line? Harry Hoffman (Sep 05)
- Re: Where is the Wireless line? Juergen Fiedler (Sep 05)
- Re: Where is the Wireless line? List Spam (Sep 05)
- Re: Where is the Wireless line? Noah (Sep 05)
- Re: Where is the Wireless line? DaKahuna (Sep 05)
- Re: Where is the Wireless line? swinginscott (Sep 05)
- Re: Where is the Wireless line? Timothy Shea (Sep 05)
- Re: Where is the Wireless line? Morning Wood (Sep 05)
- Re: Where is the Wireless line? swinginscott (Sep 05)
- Re: Where is the Wireless line? Barry Fawthrop (Sep 05)
- RE: Where is the Wireless line? Matt Steer (Sep 05)