Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Wi-fi. Approaching customers
From: "Coral J. Cook" <cjcook () strongtowersecurity com>
Date: Tue, 15 Mar 2005 14:05:47 -0800
What about doing a targeted mail campaign (zip code, zip +4 , etc) with
a flyer about wireless security/insecurity in general with specific
statistics for the target area, or even a generic (not pinpoint gps
accuracy, but large area overview) map showing open access points?

Coral


Gregh wrote:

I have asked this on another list and there has been discussion but nothing that really seems like an answer so I am 
asking for help in here.

I did a war drive (and in MY terms that means just driving along gathering SSID data showing open and closed and 
nothing else BUT that) and found one HELL of a lot more wi-fi in my area than I had previously been aware existed. 
Most of the SSIDs broadcasted didn't openly identify the company involved though most of them were open. The idea in 
doing this was that I could note an area where wi-fi is and approach the company (or individual) and offer my 
services to LEGALLY lock their open wi-fi down. I realise that with open wi-fi, I could be doing anything I wanted to 
or with their systems but that isn't the point. I work in the area doing I.T. related work and so far have a very 
good reputation for an inexpensive service and I am self employed so doing the wrong thing would quickly kill all 
that.

My question is, then, how to approach someone to legally get work from them fixing their badly installed wi-fi and 
ensuring it is all locked down. If I turn up saying "Your wireless networking is open to hacking and I can fix it" 
that sounds somewhat suspicious to me if you look at it from the point of view of a user who knows nothing much about 
it all. Eg, I am telling them something they don't want to hear, for a start and then telling them that if they pay 
me, they can have it fixed on the spot. I already know how strange it can sound. I happened to pick up the SSID 
ToysRus which was open and realising they would have their own company employed I.T. people, I just rang them to do 
them a favour and wasn't I met with suspicion? Yep! All I did was say "You know you have wireless networking?" and 
they answered "yes...." and I added "It's open and unsecured. You better fix it before someone else finds it" and 
then got asked 100 questions including "How do YOU know?" blah blah

 by someone you would think KNOWS the game.


How do YOU approach prospective new customers to tell them their wi-fi is unsecured and needs attention and that you 
can fix it for a fee?

Any help appreciated.

Greg.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]