Penetration Testing mailing list archives

Re: Where is the Wireless line?

From: swinginscott <swinginscott () yahoo com>
Date: Wed, 5 Sep 2007 05:55:56 -0700 (PDT)

I agree with the notion that it's less than productive.  I was simply addressing the issue of getting the same point 
across without stepping over the legal bounds.  If they haven't figured out how to setup their wireless securely either 
by whomever set it up or using Google, I doubt they'd actually go the distance to pay someone to do it on a contractual 
basis.

~

----- Original Message ----
From: Timothy Shea <tim () tshea net>
To: swinginscott <swinginscott () yahoo com>
Cc: pen-test () securityfocus com
Sent: Wednesday, September 5, 2007 8:49:37 AM
Subject: Re: Where is the Wireless line?

I agree with the first part but I strongly disagree with the last  
part.  But we've covered this before.

By going in and telling the owner or manager of the location that  
their wireless is 'insecure' and that "I'm here to help.  Here is my  
card" is a sure invitation to get kicked out.  Its one thing to be  
helpful and say he might an issue - its quite a another to say "hire  
me to fix it".

But go ahead and do it - I've gotten quite a lot of business due to - 
other- companies using this tactic as a marketing gimmick.

t.s

On Sep 5, 2007, at 7:21 AM, swinginscott wrote:

I think you would agree that a locksmith going around a  
neighborhood, opening doors then telling each family they need help  
would be an acceptable practice.  Unwanted, or forced entry is just  
that, unwanted.  Remember, an unlocked door is never an invitation  
to come inside under any circumstance.

If the SSID is something like, "Joe's Office", I think the ethical  
thing would be to locate Joe's Office and go inside to offer your  
services.  Just tell them, I noticed that your wireless network is  
unsecure.  Then you could pitch your audit by saying things like,  
"With your unsecure network here are some of the things that can  
happen, I would be glad to show you a demonstration if you'll  
authorize it."  Then once they agree, you can go outside and print  
the page on the printer without felonious access ;)

You'll get the same point across to the customer, without breaking  
the law.

~ Scott

----- Original Message ----
From: Barry Fawthrop <barry () ttienterprises org>
To: pen-test () securityfocus com
Sent: Tuesday, September 4, 2007 9:57:10 PM
Subject: Where is the Wireless line?

Hi All

Where does the wireless line being and end with regards to "illegal  
access"

Concept:

If company A has a wireless network (unprotected) No Encryption,
Broadcasting SSID, Default Acesss point user_name and password.

You know they need security. So is it wrong to
access the network and print to their printer a document
saying "You need security, I just accessed your network"

Or would one have to have permission first!.
I'm not talking about accessing data and files, but using the printer
and printing on their paper that they need help!!!.
And then going in and asking for a security contract having proved
beyond doubt that they need it.

Otherwise before hand it is just your word & experience against theirs
and obviously they are not going to admit they need help without being
shown?

Curious to hear your comments, or possible solutions to the same/ 
similar
 problems??

Thanks
Barry

---------------------------------------------------------------------- 
--
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
---------------------------------------------------------------------- 
--







______________________________________________________________________ 
______________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222

---------------------------------------------------------------------- 
--
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
---------------------------------------------------------------------- 
--







       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

RE: Where is the Wireless line?, (continued)
- RE: Where is the Wireless line? Matt Steer (Sep 05)
  - RE: Where is the Wireless line? adam.slader (Sep 05)
- Re: Where is the Wireless line? Harry Hoffman (Sep 05)
- Re: Where is the Wireless line? Juergen Fiedler (Sep 05)
- Re: Where is the Wireless line? List Spam (Sep 05)
- Re: Where is the Wireless line? Noah (Sep 05)
- Re: Where is the Wireless line? DaKahuna (Sep 05)
- Re: Where is the Wireless line? swinginscott (Sep 05)
  - Re: Where is the Wireless line? Timothy Shea (Sep 05)
  - Re: Where is the Wireless line? Morning Wood (Sep 05)
- Re: Where is the Wireless line? swinginscott (Sep 05)
- Re: Where is the Wireless line? Barry Fawthrop (Sep 05)