Re: Pre-Scanning for Marketing

[Pete Herzog <lists () isecom org>]

Hi,

Just for a moment, consider the scenario that you were going through the 
neighborhood seeing if windows are unlocked.  If they are, you open them 
or even just knock on the front door and tell them you see the window is 
open and you can fix that for security reasons.

If that scenario doesn't strike you as so over-security-conscious that 
it's idiotic, then you should know it is indeed a Sponge Bob episode 
(yes I have kids who watch TV sometimes).

Now let's look at this again and ask yourself, who are you to assure a 
neighborhood business, person, etc. is breaking your security rules 
(knowing best practice is not best for all)?  You can argue they're not 
aware.  Well, it's not your place.  Are they hurting you?  Are they 
hurting others?  You can argue, "not yet but statistically" and I'll 
show you a teenage boy with a fast car who if doesn't kill someone 
someday will probably cause a decent share of road rage (statistically). 
 But it's not illegal yet until the damage is done.

I know it's frustrating to see bad or no security but they may have a 
reason for it. And if they don't have a reason so what unless it's 
harming someone else or has the potential to do GREAT harm (like 
discovering they allow cell phones near drug dispensing devices in the 
hospital).  In that case, try to go through proper channels and then 
maybe even alert the proper authorities.  Be a watchdog and not a 
vigilante.  It's better for business too.

Sincerely,
-pete.

www.osstmm.org - www.isestorm.org - www.isecom.org


Rapaille Maxime wrote:
> Hi,
>
> During some site survey or wireless audit, I have found some companies
> (other that the current customer) having badly protected Wifi network.
> And a lot of non protected at all, advertising the name of the company
> or the university as SSID.
> I have found myself in the same dilemna : contact or not contac them ?
> I tried once, and got a 'very' negative reaction..  Never did it again 
> But Yes, it's very frustrating to see all those companies need our
> services, and you can't help.
> Perhaps, for example, if it's very critical for your country (some gov
> institution or the like) you could try to contact a kind of computer
> Crime unit (like we have in Belgium) and explain them the situation..
> If they understand what you are speaking about they woumld probably
> react, but, they won't be able to give your company's name as a
> reference..
> Frustrating dilemna...
>
> Regards
>
> Max

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------