[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <31160.140.185.28.35.1110920122.squirrel@www.sivodd.com>
From: wade at sivodd.com (Wade Woolwine)
Subject: Wi-fi. Approaching customers
Gregh,
IMO, you're covered legally. I know it sounds fishy to approach a
potential client already knowing they're insecure...but don't all of us to
that on a regular basis? I mean I will hit google with a vengence before I
go into the kick-off meeting...I want to know what I'm up against.
I would respectfully request some time from a technical manager to present
your findings (show a kismet/netstumbler scan) and explain the dangers
(not the solutions of course). Hopefully, this will rattle the manager
enough to get the word up to upper management, and if you've left some
marketing material for them to look at, they can contact you for your
services.
Good luck!
Wade
> I have asked this on another list and there has been discussion but
> nothing that really seems like an answer so I am asking for help in here.
>
>
> I did a war drive (and in MY terms that means just driving along
> gathering SSID data showing open and closed and nothing else BUT that)
> and found one HELL of a lot more wi-fi in my area than I had previously
> been aware existed. Most of the SSIDs broadcasted didn't openly identify
> the company involved though most of them were open. The idea in doing
> this was that I could note an area where wi-fi is and approach the
> company (or individual) and offer my services to LEGALLY lock their open
> wi-fi down. I realise that with open wi-fi, I could be doing anything I
> wanted to or with their systems but that isn't the point. I work in the
> area doing I.T. related work and so far have a very good reputation for
> an inexpensive service and I am self employed so doing the wrong thing
> would quickly kill all that.
>
> My question is, then, how to approach someone to legally get work from
> them fixing their badly installed wi-fi and ensuring it is all locked
> down. If I turn up saying "Your wireless networking is open to hacking
> and I can fix it" that sounds somewhat suspicious to me if you look at it
> from the point of view of a user who knows nothing much about it all. Eg,
> I am telling them something they don't want to hear, for a start and then
> telling them that if they pay me, they can have it fixed on the spot. I
> already know how strange it can sound. I happened to pick up the SSID
> ToysRus which was open and realising they would have their own company
> employed I.T. people, I just rang them to do them a favour and wasn't I
> met with suspicion? Yep! All I did was say "You know you have wireless
> networking?" and they answered "yes...." and I added "It's open and
> unsecured. You better fix it before someone else finds it" and then got
> asked 100 questions including "How do YOU know?" blah blah by someone you
> would think KNOWS the game.
>
> How do YOU approach prospective new customers to tell them their wi-fi is
> unsecured and needs attention and that you can fix it for a fee?
>
> Any help appreciated.
>
>
> Greg.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>
>
"The reason why you have people breaking into your software is because
your software sucks."
Powered by blists - more mailing lists