I have a question and would like some opinions, I went to Drs with my girlfriend in a local surgery and I noticed one of the desks they had a Wireless modem / router. I did a quick scan for WLAN on my mobile to find 2 WEP networks in the surgery. One the Drs and the other was the Chemist next door. I did notice that it looked like a WLAN and LAN light was flashing in use.
I am pretty much self taught Linux, few Microsoft Certs. Morally I want to tell them that there modem / pcs may not be secure - I personally worry especially medical records.
I have got no intentions to 'hack' anything to prove a point.
I know there are so many WEP protected company's but has anyone approached a company about that and if so how ?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Personally I'd be very wary about telling anyone their network was insecure unless they had asked for my opinion on the matter. At the very least you may end up needing to explain why you were poking around in the first place, and if the network ever does get broken into you can bet that they will remember what you said and consider you the first suspect.
I don't think you have a moral duty to say anything under these circumstances, seeing as you don't manage and didn't setup the network, and if you are worried about the security of your own information, which is reasonable, I'd start seeing another Doctor.
Thanks for your feedback Streaker69 and Lupin. In all honestly I think I wont be doing anything but it does make you wonder I would have thought drs surgerys would have a best policy in a perfect world.
Has anyone actually aproached a company before ? eg WEP and what happened I am curious. I can understand why people would be hesitant to help somehow it will come back and bite them as Lupin said.
Do you feel morally obligated to inform them? Or do you see a potential client who you can $uggest your opinions to?
To answer your question, no. If they are not a client or friend, then I have no business in trying to make myself look good, or earn their business through scare tactics as mentioned.
While it would be nice to help out people who may simply be unaware of the security risk, the effort doesn't outweigh the potential consequences for me.
I dont see $$$ as I dont have proper certificates and dont like scaring people although am going to start my CCNA soon. I have no connections to the surgery or any employees it was more a moral question with it being a medical business if it was a corner fruit & Veg store I wouldnt think twice. (Sorry if any one owns / works Fruit and Veg store )
It was more of a "why do you even care?" that I was trying to get at (moral or personal gain).
My opinion is hit the books and worry about more important things. It's good to be aware of these things, it's another to act on them. Maybe someone else will add something. Good luck on your CCNA.
Others here have traveled this road before and can tell you some stories about these things that may help you in your decision making.
You should read my post on advising companies of WEP vulnerabilities in an effort to introduce myself to local businesses.
It will give you some insight into how people perceive those telling them of WEP problems and it may get you ready for how you will be treated.
"Update: I do have an idea for you. Contact your local Chamber of Commerce, see if you can meet with the person there that organizes their meetings with other companies. See if you can maybe have a little seminar with local business owners that demonstrate what you're talking about. Business owners are going to be more open to hearing it in that kind of setting than a cold call at their office.
I know where I am I can get Police clearance which states that i have no criminal background etc which would give good confidence to business's
In the end does seem to be more trouble than it is worth.
Time to hit the books.
hi man, don't even think so about it ,man if you said to them that they have a problem in thier wep then any thing will happen to their router they will say it is you , finnally it's up to you but for me never because i have done such a thing and seen the.....