EDIT: Sorry about the multiple posts... my connection kept timing out... I didn't think it ever posted. I've been having trouble posting lately... my bad. They should all be deleted by now.

I was in lab the other night at school and I working with this guy who has a hosting comany and also a small wireless ISP (802.11g) going on. He had his laptop with him and he was looking to see if he could get to his WAPs from our school. We could not.

But.... here is what we discovered...

Turns out that our school has 3 WAPs all broadcasting their SSID and are wide open. We didn't breach any security... we just discovered them. We have better things to do than mess with the schools network. It is a state run college and we could get in a sh17 load of trouble for messing around. I'm trying to get my education... not get kicked out/jail time.

I want to tell the admins... but want to be sure that they won't turn it around on us... like we were trying to break in... which we were not. Mabye we'll send an "annonymous" e-mail alerting them without giving our contact info. Mabye we'll just say that we live in the area (which there are plenty of dorms/apartments near by) and that we discovered their unprotected WAPs and they should look into securing it better. For now... I'm taking ALL of my stuff off their network...

Pretty scary with all of those kids at school getting in trouble for trying to help out the admins and the school alike. I'm tempted to just forget it... but what would that make me? No better than their admin(s). I have read the horror stories of others trying to help too.

Like most people know... I'm not a malicious person and neither is he. We both want to be in the security field at some point in our carreers and we are well on our ways. We feel we have a responsablility to both the school and the students to report it. We just don't want to get in trouble...

What do you all think we should do? Just forget it and let them worry about it?