Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Moral security Question

  1. #11
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    Hi again
    Thanks again for all your feedback, experiences. Just so you know i WILL NOT aproach the Surgery or any other business regarding their WEP set up.

  2. #12
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    why not just write them a letter? which country is this GP in?

  3. #13
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    To hm2075, I am in Australia. Writing an anonymous letter would be good idea stating about WEP possible security problem. I dont know when will go to that Drs again it isnt my one it is my girlfriends.

  4. #14
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by alias1 View Post
    To hm2075, I am in Australia. Writing an anonymous letter would be good idea stating about WEP possible security problem. I dont know when will go to that Drs again it isnt my one it is my girlfriends.
    lupin might be able to provide his version of insight, but I would say don't bother. I know Australian doctors and their surgeries, I've pentested (probably) hundreds of the things in the past few years and they all have one thing in common - when forced to revert to WPA, they use something in the webster dictionary, or the name of their surgery.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #15
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Gitsnik View Post
    lupin might be able to provide his version of insight
    No, I don't really have anything further to add.

    I'd suggest that an anonymous letter would be, at best, a waste of your time. My experience is that many businesses don't listen to any sort of security advice unless they are either a) very conscientious, b) about to undergo some sort of audit, c) paying a lot of money for said advice or d) have just been hacked.

    Given that most GP sugeries in Australia are either medical centers run by an uncaring evil corporate parent* or are run by the Doctor themselves, there generally isn't a lot of attention paid to the administrative side of the business. This is because the corporate parent usually runs things "bare bones" and the Doctors don't have the time to pay attention to these things. Because of this its unlikely that anyone will actually do anything in response to an unsolicited anonymous letter, and you will still potentially have the issue of being considered a suspect if they do get hacked (make sure your fingerprints aren't on the letter )

    * No, Im not too fond of these type of places...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #16
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    @ Lupin, thanks, i wont be doing anything THATS MY FINAL answer I do agree about Drs surgerys would have the idea that if it aint broke (in there eyes) dont fix it. Well I just hope that noone cracks the WEP and potentially more, thats not my problem.

    Thanks again for your feedback

  7. #17
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    A simple "Hey I notice you're using WEP on your wireless network. I'm kind of concerned and was wondering; are my medical records available via that network? Did you know that WEP has known weaknesses and is VERY simple for people to break?" should do the trick.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #18
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I had a situation kind of like this once where I noticed my vet where I take my animals had wep encryption and various other security problems. All I did was find some articles from reliable sources that the "average" person would trust and made them up into a little packet and offered them to the VET. A few weeks later I assume she enlisted her IT guy to fix the problems because they got fixed. I avoided sounding like I could break into her system and I also did not offer to fix it which is why she trusted me. Just my 2 cents. I do believe every situation is probably different though so no one answer will apply to every situation.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •