Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Sneaking a peek on Wlan in airports
From: Toby Barrick <tbarrick () cox net>
Date: Fri, 18 May 2007 12:14:13 -0700

This is something that I have run into many times in the past on both the "wired side" and on the unwired side of the 'Net - - from the inside and from the outside.

From a corporate stand point receiving unsolicited security information from someone - the person reporting the security flaw is ALWAYS suspect and is handled very suspiciously. Whether it be an internal "unauthorized" person or an external person. Actually the external person reporting the flaw may have a bit of a better time of reporting the security flaw given a few factors:

1. Reporting the security flaw being a worried user of the system and FULL cooperation with examiners = probably OK - but why/how did you find it?
2. Reporting the security flaw anonymously  = suspect - - logs are pulled
3. Reporting the security flaw and offering to assist for a fee = suspect - logs are pulled and notification of authorities is on the table 4. Reporting the security flaw and making even simple demands = extortion - all records are pulled and authorities are notified
5. Lot's more - - insert your own here

When reporting issues to the general public that you have obtained specific info on (as in this case) there are various reactions but in general they just don't want to know. Some of the reactions I have gotten are as follows:

1. How did you do that?
2. Who / what are you?
3. Prove it - - If proven they may or may not call the cops or get really agitated
4. Well duh! I'm in a public space
5. They just don't want to talk at all

I am sure that this is tremendously abridged but it's a bit of a start. Until the general public actually gets a clue reporting anything to them is a waste of time.

Toby


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]