lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: jayc at nashlink.net (Jay Daniel)
Subject: Wi-fi. Approaching customers

I'm not sure I'd use the words covered legally.  Keep inmind in some areas
people might feel this type of activity violates federal wiretapping laws.
Doesn't mean they're right or wrong just means you could be causing yourself
some serious issues.

I can say for certain that I've seen small security company x approach
another company y, turns out y is owned by a fortune 100 company, they
report it up the chain and small security company x gets a visit from the
fbi.

If you know open wireless is a serious problem, add that information
(generally) to your marketing material and indicate you can fix those types
of problems, but pointing out you've in someway shape or form monitored
their network and you're contacting them is going to result in some
headaches.

----- Original Message ----- 
From: "Wade Woolwine" <wade@...odd.com>
To: "Gregh" <chows@...mail.com.au>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, March 15, 2005 2:55 PM
Subject: Re: [Full-disclosure] Wi-fi. Approaching customers


> Gregh,
> IMO, you're covered legally. I know it sounds fishy to approach a
> potential client already knowing they're insecure...but don't all of us to
> that on a regular basis? I mean I will hit google with a vengence before I
> go into the kick-off meeting...I want to know what I'm up against.
> I would respectfully request some time from a technical manager to present
> your findings (show a kismet/netstumbler scan) and explain the dangers
> (not the solutions of course). Hopefully, this will rattle the manager
> enough to get the word up to upper management, and if you've left some
> marketing material for them to look at, they can contact you for your
> services.
>
> Good luck!
> Wade
>
> > I have asked this on another list and there has been discussion but
> > nothing that really seems like an answer so I am asking for help in
here.
> >
> >
> > I did a war drive (and in MY terms that means just driving along
> > gathering SSID data showing open and closed and nothing else BUT that)
> > and found one HELL of a lot more wi-fi in my area than I had previously
> > been aware existed. Most of the SSIDs broadcasted didn't openly identify
> > the company involved though most of them were open. The idea in doing
> > this was that I could note an area where wi-fi is and approach the
> > company (or individual) and offer my services to LEGALLY lock their open
> > wi-fi down. I realise that with open wi-fi, I could be doing anything I
> > wanted to or with their systems but that isn't the point. I work in the
> > area doing I.T. related work and so far have a very good reputation for
> > an inexpensive service and I am self employed so doing the wrong thing
> > would quickly kill all that.
> >
> > My question is, then, how to approach someone to legally get work from
> > them fixing their badly installed wi-fi and ensuring it is all locked
> > down. If I turn up saying "Your wireless networking is open to hacking
> > and I can fix it" that sounds somewhat suspicious to me if you look at
it
> > from the point of view of a user who knows nothing much about it all.
Eg,
> > I am telling them something they don't want to hear, for a start and
then
> > telling them that if they pay me, they can have it fixed on the spot. I
> > already know how strange it can sound. I happened to pick up the SSID
> > ToysRus which was open and realising they would have their own company
> > employed I.T. people, I just rang them to do them a favour and wasn't I
> > met with suspicion? Yep! All I did was say "You know you have wireless
> > networking?" and they answered "yes...." and I added "It's open and
> > unsecured. You better fix it before someone else finds it" and then got
> > asked 100 questions including "How do YOU know?" blah blah by someone
you
> > would think KNOWS the game.
> >
> > How do YOU approach prospective new customers to tell them their wi-fi
is
> > unsecured and needs attention and that you can fix it for a fee?
> >
> > Any help appreciated.
> >
> >
> > Greg.
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://www.secunia.com/
> >
> >
>
>
> "The reason why you have people breaking into your software is because
> your software sucks."
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://www.secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ