Re: Where is the Wireless line?

I agree with the notion that it's less than productive. I was simply addressing the issue of getting the same point across without stepping over the legal bounds. If they haven't figured out how to setup their wireless securely either by whomever set it up or using Google, I doubt they'd actually go the distance to pay someone to do it on a contractual basis.

~

----- Original Message ----
From: Timothy Shea <tim@xxxxxxxxx>
To: swinginscott <swinginscott@xxxxxxxxx>
Cc: pen-test@xxxxxxxxxxxxxxxxx
Sent: Wednesday, September 5, 2007 8:49:37 AM
Subject: Re: Where is the Wireless line?

I agree with the first part but I strongly disagree with the last
part. But we've covered this before.

By going in and telling the owner or manager of the location that
their wireless is 'insecure' and that "I'm here to help. Here is my
card" is a sure invitation to get kicked out. Its one thing to be
helpful and say he might an issue - its quite a another to say "hire
me to fix it".

But go ahead and do it - I've gotten quite a lot of business due to -
other- companies using this tactic as a marketing gimmick.

t.s

On Sep 5, 2007, at 7:21 AM, swinginscott wrote:

I think you would agree that a locksmith going around a
neighborhood, opening doors then telling each family they need help
would be an acceptable practice. Unwanted, or forced entry is just
that, unwanted. Remember, an unlocked door is never an invitation
to come inside under any circumstance.

If the SSID is something like, "Joe's Office", I think the ethical
thing would be to locate Joe's Office and go inside to offer your
services. Just tell them, I noticed that your wireless network is
unsecure. Then you could pitch your audit by saying things like,
"With your unsecure network here are some of the things that can
happen, I would be glad to show you a demonstration if you'll
authorize it." Then once they agree, you can go outside and print
the page on the printer without felonious access ;)

You'll get the same point across to the customer, without breaking
the law.

~ Scott

----- Original Message ----
From: Barry Fawthrop <barry@xxxxxxxxxxxxxxxxxx>
To: pen-test@xxxxxxxxxxxxxxxxx
Sent: Tuesday, September 4, 2007 9:57:10 PM
Subject: Where is the Wireless line?

Hi All

Where does the wireless line being and end with regards to "illegal
access"

Concept:

If company A has a wireless network (unprotected) No Encryption,
Broadcasting SSID, Default Acesss point user_name and password.

You know they need security. So is it wrong to
access the network and print to their printer a document
saying "You need security, I just accessed your network"

Or would one have to have permission first!.
I'm not talking about accessing data and files, but using the printer
and printing on their paper that they need help!!!.
And then going in and asking for a security contract having proved
beyond doubt that they need it.

Otherwise before hand it is just your word & experience against theirs
and obviously they are not going to admit they need help without being
shown?

Curious to hear your comments, or possible solutions to the same/
similar
problems??

Thanks
Barry

----------------------------------------------------------------------
--
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
----------------------------------------------------------------------
--







______________________________________________________________________
______________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222

----------------------------------------------------------------------
--
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
----------------------------------------------------------------------
--








____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • TidBITS#785/27-Jun-05
    ... Jeff Carlson continues his exploration of computerized poker ... and Adam examines both the Canary Wireless ... Rogue Amoeba's Audio Hijack Pro ... A Canary in the Network ...
    (comp.sys.mac.digest)
  • Re: Where is the Wireless line?
    ... By going in and telling the owner or manager of the location that their wireless is 'insecure' and that "I'm here to help. ... I noticed that your wireless network is unsecure. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Linksys NAS200 Network Storage adapter
    ... The only two wireless network settings that are of any consequence are the SSID and the encryption method and password. ... either click the "Print Network Settings" button on the final screen of the Wizard or simply access the appropriate XML file and get at them that way and then use the information to configure the router manually as I explained earlier. ... I've read thru some of the MS web site on that product and it appears to do everything a NAS will do plus other cool features, such as, with an xbox360 with the wireless adapter, I can stream my video/pics to my TV for family viewing. ...
    (microsoft.public.windowsxp.network_web)
  • [NMRC Advisory] Microsoft Windows Wireless Exposure on Laptops
    ... Application: Wireless Network Connection ... This advisory documents an anomaly involving Microsoft's Wireless Network ... If a laptop connects to an ad-hoc network it can later start ... This is known as a Link-Local address, and by default Link-Local is turned on on all Windows platforms on all interfaces, including wireless interfaces. ...
    (Bugtraq)
  • Re: Very slow internet speeds
    ... my connection got slower and slower. ... download speed is now closer to 10kb/s. ... I have a Linksys WRT54G wireless ... When I put the router back into the network, ...
    (microsoft.public.windowsxp.network_web)
Quantcast