why not just write them a letter? which country is this GP in?
Hi again
Thanks again for all your feedback, experiences. Just so you know i WILL NOT aproach the Surgery or any other business regarding their WEP set up.
why not just write them a letter? which country is this GP in?
To hm2075, I am in Australia. Writing an anonymous letter would be good idea stating about WEP possible security problem. I dont know when will go to that Drs again it isnt my one it is my girlfriends.
lupin might be able to provide his version of insight, but I would say don't bother. I know Australian doctors and their surgeries, I've pentested (probably) hundreds of the things in the past few years and they all have one thing in common - when forced to revert to WPA, they use something in the webster dictionary, or the name of their surgery.Originally Posted by alias1
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
No, I don't really have anything further to add.
I'd suggest that an anonymous letter would be, at best, a waste of your time. My experience is that many businesses don't listen to any sort of security advice unless they are either a) very conscientious, b) about to undergo some sort of audit, c) paying a lot of money for said advice or d) have just been hacked.
Given that most GP sugeries in Australia are either medical centers run by an uncaring evil corporate parent* or are run by the Doctor themselves, there generally isn't a lot of attention paid to the administrative side of the business. This is because the corporate parent usually runs things "bare bones" and the Doctors don't have the time to pay attention to these things. Because of this its unlikely that anyone will actually do anything in response to an unsolicited anonymous letter, and you will still potentially have the issue of being considered a suspect if they do get hacked (make sure your fingerprints aren't on the letter)
* No, Im not too fond of these type of places...
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
@ Lupin, thanks, i wont be doing anything THATS MY FINAL answerI do agree about Drs surgerys would have the idea that if it aint broke (in there eyes) dont fix it. Well I just hope that noone cracks the WEP and potentially more, thats not my problem.
Thanks again for your feedback
A simple "Hey I notice you're using WEP on your wireless network. I'm kind of concerned and was wondering; are my medical records available via that network? Did you know that WEP has known weaknesses and is VERY simple for people to break?" should do the trick.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
I had a situation kind of like this once where I noticed my vet where I take my animals had wep encryption and various other security problems. All I did was find some articles from reliable sources that the "average" person would trust and made them up into a little packet and offered them to the VET. A few weeks later I assume she enlisted her IT guy to fix the problems because they got fixed. I avoided sounding like I could break into her system and I also did not offer to fix it which is why she trusted me. Just my 2 cents. I do believe every situation is probably different though so no one answer will apply to every situation.
Posting Permissions