lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6.2.0.14.0.20050315161102.01e96128@mail.buckeye-express.com>
From: sidhayn at buckeye-express.com (Richard Farina)
Subject: Wi-fi. Approaching customers

My lawyer advised me against approaching people with the information that 
their wifi is open to hackers.  Honestly, there are too many laws in your 
way (in the US at least). I urge you to look into your local laws and see 
if there is a good way to approach customers without making it seem like 
extortion/blackmail.  I hope you have better luck than I.

-Rick Farina

At 03:35 PM 3/15/2005, Gregh wrote:
>I have asked this on another list and there has been discussion but 
>nothing that really seems like an answer so I am asking for help in here.
>
>I did a war drive (and in MY terms that means just driving along gathering 
>SSID data showing open and closed and nothing else BUT that) and found one 
>HELL of a lot more wi-fi in my area than I had previously been aware 
>existed. Most of the SSIDs broadcasted didn't openly identify the company 
>involved though most of them were open. The idea in doing this was that I 
>could note an area where wi-fi is and approach the company (or individual) 
>and offer my services to LEGALLY lock their open wi-fi down. I realise 
>that with open wi-fi, I could be doing anything I wanted to or with their 
>systems but that isn't the point. I work in the area doing I.T. related 
>work and so far have a very good reputation for an inexpensive service and 
>I am self employed so doing the wrong thing would quickly kill all that.
>
>My question is, then, how to approach someone to legally get work from 
>them fixing their badly installed wi-fi and ensuring it is all locked 
>down. If I turn up saying "Your wireless networking is open to hacking and 
>I can fix it" that sounds somewhat suspicious to me if you look at it from 
>the point of view of a user who knows nothing much about it all. Eg, I am 
>telling them something they don't want to hear, for a start and then 
>telling them that if they pay me, they can have it fixed on the spot. I 
>already know how strange it can sound. I happened to pick up the SSID 
>ToysRus which was open and realising they would have their own company 
>employed I.T. people, I just rang them to do them a favour and wasn't I 
>met with suspicion? Yep! All I did was say "You know you have wireless 
>networking?" and they answered "yes...." and I added "It's open and 
>unsecured. You better fix it before someone else finds it" and then got 
>asked 100 questions including "How do YOU know?" blah blah by someone you 
>would think KNOWS the game.
>
>How do YOU approach prospective new customers to tell them their wi-fi is 
>unsecured and needs attention and that you can fix it for a fee?
>
>Any help appreciated.
>
>Greg.
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://www.secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ