Full Disclosure mailing list archives
Re: Wi-fi. Approaching customers
From: "Matthew Sabin" <matthew () sabin com>
Date: Tue, 15 Mar 2005 16:07:00 -0500
I'm not sure I can help you on the contacting process, but question you assumptions. My company has made a conscious decision to leave our WiFi open to visitors, while our internal machines connect via IPSec on the open airwaves. A drive-by would show the open nature of our WiFi, but wouldn't immediately tell you that we've secured our business fairly well. --Matthew Sabin ----- Original Message ----- From: "Wade Woolwine" <wade () sivodd com> To: Gregh <chows () ozemail com au> Subject: Re: [Full-disclosure] Wi-fi. Approaching customers Date: Tue, 15 Mar 2005 15:55:22 -0500 (EST)
Gregh, IMO, you're covered legally. I know it sounds fishy to approach a potential client already knowing they're insecure...but don't all of us to that on a regular basis? I mean I will hit google with a vengence before I go into the kick-off meeting...I want to know what I'm up against. I would respectfully request some time from a technical manager to present your findings (show a kismet/netstumbler scan) and explain the dangers (not the solutions of course). Hopefully, this will rattle the manager enough to get the word up to upper management, and if you've left some marketing material for them to look at, they can contact you for your services. Good luck! WadeI have asked this on another list and there has been discussion but nothing that really seems like an answer so I am asking for help in here. I did a war drive (and in MY terms that means just driving along gathering SSID data showing open and closed and nothing else BUT that) and found one HELL of a lot more wi-fi in my area than I had previously been aware existed. Most of the SSIDs broadcasted didn't openly identify the company involved though most of them were open. The idea in doing this was that I could note an area where wi-fi is and approach the company (or individual) and offer my services to LEGALLY lock their open wi-fi down. I realise that with open wi-fi, I could be doing anything I wanted to or with their systems but that isn't the point. I work in the area doing I.T. related work and so far have a very good reputation for an inexpensive service and I am self employed so doing the wrong thing would quickly kill all that. My question is, then, how to approach someone to legally get work from them fixing their badly installed wi-fi and ensuring it is all locked down. If I turn up saying "Your wireless networking is open to hacking and I can fix it" that sounds somewhat suspicious to me if you look at it from the point of view of a user who knows nothing much about it all. Eg, I am telling them something they don't want to hear, for a start and then telling them that if they pay me, they can have it fixed on the spot. I already know how strange it can sound. I happened to pick up the SSID ToysRus which was open and realising they would have their own company employed I.T. people, I just rang them to do them a favour and wasn't I met with suspicion? Yep! All I did was say "You know you have wireless networking?" and they answered "yes...." and I added "It's open and unsecured. You better fix it before someone else finds it" and then got asked 100 questions including "How do YOU know?" blah blah by someone you would think KNOWS the game. How do YOU approach prospective new customers to tell them their wi-fi is unsecured and needs attention and that you can fix it for a fee? Any help appreciated. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/"The reason why you have people breaking into your software is because your software sucks." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Wi-fi. Approaching customers Gregh (Mar 15)
- Re: Wi-fi. Approaching customers Wade Woolwine (Mar 15)
- Re: Wi-fi. Approaching customers Jay Daniel (Mar 15)
- Re: Wi-fi. Approaching customers Richard Farina (Mar 15)
- Re: Wi-fi. Approaching customers Coral J. Cook (Mar 15)
- <Possible follow-ups>
- Re: Wi-fi. Approaching customers Matthew Sabin (Mar 15)
- Re: Wi-fi. Approaching customers Marcus Graf (Mar 15)
- Re: Wi-fi. Approaching customers Ryan Sumida (Mar 15)
- Re: Wi-fi. Approaching customers KF (Lists) (Mar 15)
- Re: Wi-fi. Approaching customers Konstantin V. Gavrilenko (Mar 15)
- Re: Wi-fi. Approaching customers Ryan Sumida (Mar 16)
- Re: Wi-fi. Approaching customers Ron DuFresne (Mar 15)
- Re: Wi-fi. Approaching customers Gregh (Mar 15)
- Re: Wi-fi. Approaching customers Ron DuFresne (Mar 15)
- Re: Wi-fi. Approaching customers Ryan Sumida (Mar 16)
- Re: Wi-fi. Approaching customers Marcus Graf (Mar 15)
- Re: Wi-fi. Approaching customers Wade Woolwine (Mar 15)
- Re: Wi-fi. Approaching customers Ryan Sumida (Mar 16)