Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Moral security Question

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default Moral security Question

    Hi
    I have a question and would like some opinions, I went to Drs with my girlfriend in a local surgery and I noticed one of the desks they had a Wireless modem / router. I did a quick scan for WLAN on my mobile to find 2 WEP networks in the surgery. One the Drs and the other was the Chemist next door. I did notice that it looked like a WLAN and LAN light was flashing in use.
    I am pretty much self taught Linux, few Microsoft Certs. Morally I want to tell them that there modem / pcs may not be secure - I personally worry especially medical records.
    I have got no intentions to 'hack' anything to prove a point.
    I know there are so many WEP protected company's but has anyone approached a company about that and if so how ?

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by alias1 View Post
    Hi
    I have a question and would like some opinions, I went to Drs with my girlfriend in a local surgery and I noticed one of the desks they had a Wireless modem / router. I did a quick scan for WLAN on my mobile to find 2 WEP networks in the surgery. One the Drs and the other was the Chemist next door. I did notice that it looked like a WLAN and LAN light was flashing in use.
    I am pretty much self taught Linux, few Microsoft Certs. Morally I want to tell them that there modem / pcs may not be secure - I personally worry especially medical records.
    I have got no intentions to 'hack' anything to prove a point.
    I know there are so many WEP protected company's but has anyone approached a company about that and if so how ?
    It is best if you're going to do it, to just tell them that they have a potential problem, but do not offer to secure it for them. Do not use any scare type tactics, just present the facts that WEP is insecure and should not be used. Allow them to make the decision to contact their own people to have the problem resolved.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Personally I'd be very wary about telling anyone their network was insecure unless they had asked for my opinion on the matter. At the very least you may end up needing to explain why you were poking around in the first place, and if the network ever does get broken into you can bet that they will remember what you said and consider you the first suspect.

    I don't think you have a moral duty to say anything under these circumstances, seeing as you don't manage and didn't setup the network, and if you are worried about the security of your own information, which is reasonable, I'd start seeing another Doctor.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    Thanks for your feedback Streaker69 and Lupin. In all honestly I think I wont be doing anything but it does make you wonder I would have thought drs surgerys would have a best policy in a perfect world.
    Has anyone actually aproached a company before ? eg WEP and what happened I am curious. I can understand why people would be hesitant to help somehow it will come back and bite them as Lupin said.

  5. #5
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Do you feel morally obligated to inform them? Or do you see a potential client who you can $uggest your opinions to?

    To answer your question, no. If they are not a client or friend, then I have no business in trying to make myself look good, or earn their business through scare tactics as mentioned.

    While it would be nice to help out people who may simply be unaware of the security risk, the effort doesn't outweigh the potential consequences for me.

  6. #6
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    I dont see $$$ as I dont have proper certificates and dont like scaring people although am going to start my CCNA soon. I have no connections to the surgery or any employees it was more a moral question with it being a medical business if it was a corner fruit & Veg store I wouldnt think twice. (Sorry if any one owns / works Fruit and Veg store )

  7. #7
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    It was more of a "why do you even care?" that I was trying to get at (moral or personal gain).

    My opinion is hit the books and worry about more important things. It's good to be aware of these things, it's another to act on them. Maybe someone else will add something. Good luck on your CCNA.

  8. #8
    Member squishyalt's Avatar
    Join Date
    Feb 2010
    Posts
    172

    Default alias1 - don't bother....

    Others here have traveled this road before and can tell you some stories about these things that may help you in your decision making.

    You should read my post on advising companies of WEP vulnerabilities in an effort to introduce myself to local businesses.

    It will give you some insight into how people perceive those telling them of WEP problems and it may get you ready for how you will be treated.

    Good luck.

  9. #9
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    7

    Default

    Quote Originally Posted by squishyalt View Post
    Others here have traveled this road before and can tell you some stories about these things that may help you in your decision making.

    You should read my post on advising companies of WEP vulnerabilities in an effort to introduce myself to local businesses[/URL].

    It will give you some insight into how people perceive those telling them of WEP problems and it may get you ready for how you will be treated.

    Good luck.
    That thread was great for me, i had similar ideas try to help people (particularly medical) things aren't as logical and simple as they seem. Reading that thread gave an idea that streaker69 said
    "Update: I do have an idea for you. Contact your local Chamber of Commerce, see if you can meet with the person there that organizes their meetings with other companies. See if you can maybe have a little seminar with local business owners that demonstrate what you're talking about. Business owners are going to be more open to hearing it in that kind of setting than a cold call at their office.

    I know where I am I can get Police clearance which states that i have no criminal background etc which would give good confidence to business's
    In the end does seem to be more trouble than it is worth.
    Time to hit the books.

  10. #10
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    18

    Default Never

    hi man, don't even think so about it ,man if you said to them that they have a problem in thier wep then any thing will happen to their router they will say it is you , finnally it's up to you but for me never because i have done such a thing and seen the.....

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •