Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where is the Wireless line?

From: Timothy Shea <tim () tshea net>
Date: Wed, 5 Sep 2007 07:49:37 -0500
I agree with the first part but I strongly disagree with the last part. But we've covered this before.
By going in and telling the owner or manager of the location that their wireless is 'insecure' and that "I'm here to help. Here is my card" is a sure invitation to get kicked out. Its one thing to be helpful and say he might an issue - its quite a another to say "hire me to fix it".
But go ahead and do it - I've gotten quite a lot of business due to - other- companies using this tactic as a marketing gimmick. 

t.s

On Sep 5, 2007, at 7:21 AM, swinginscott wrote:
I think you would agree that a locksmith going around a neighborhood, opening doors then telling each family they need help would be an acceptable practice. Unwanted, or forced entry is just that, unwanted. Remember, an unlocked door is never an invitation to come inside under any circumstance.
If the SSID is something like, "Joe's Office", I think the ethical thing would be to locate Joe's Office and go inside to offer your services. Just tell them, I noticed that your wireless network is unsecure. Then you could pitch your audit by saying things like, "With your unsecure network here are some of the things that can happen, I would be glad to show you a demonstration if you'll authorize it." Then once they agree, you can go outside and print the page on the printer without felonious access ;)
You'll get the same point across to the customer, without breaking the law. 

~ Scott

----- Original Message ----
From: Barry Fawthrop <barry () ttienterprises org>
To: pen-test () securityfocus com
Sent: Tuesday, September 4, 2007 9:57:10 PM
Subject: Where is the Wireless line?

Hi All
Where does the wireless line being and end with regards to "illegal access" 

Concept:

If company A has a wireless network (unprotected) No Encryption,
Broadcasting SSID, Default Acesss point user_name and password.

You know they need security. So is it wrong to
access the network and print to their printer a document
saying "You need security, I just accessed your network"

Or would one have to have permission first!.
I'm not talking about accessing data and files, but using the printer
and printing on their paper that they need help!!!.
And then going in and asking for a security contract having proved
beyond doubt that they need it.

Otherwise before hand it is just your word & experience against theirs
and obviously they are not going to admit they need help without being
shown?
Curious to hear your comments, or possible solutions to the same/ similar 
 problems??

Thanks
Barry
---------------------------------------------------------------------- -- 
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
---------------------------------------------------------------------- --
______________________________________________________________________ ______________ 
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
---------------------------------------------------------------------- -- 
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
---------------------------------------------------------------------- -- 




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: