found a bank using unsecure wireless - Page 2
Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 44

Thread: found a bank using unsecure wireless

  1. #11
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Ethics says go in, tell the bank manager, SHOW him how you found it, then hit him up for a high paying IT job - or a contractor 'fix' at a nice phat price.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  2. #12
    Member
    Join Date
    Mar 2004
    Posts
    81
    If I had a huge security hole and I didn't know about it, and someone came in and told me aobut it, I'd be a happy IT person.

    Don't forget that in some companies / businesses, it is the person who understands the computers just a little more than the boss that can get put in charge of the entire computer department. If that is the case, then this could become a job opportunity if handled correctly.

    Keep us posted please if you do approach them.

    ~Halv

  3. #13
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    i was out again today and i was looking at the data strings i had dumped goin across my screen and saw several Hospital (i was parked near a hostpital) and saw the records including the injury, room, phone number, name, and other stuff it was scrollin fast didnt get a good look. i'll examine the packet in a bit to see what it was all about. but the hospital is using cisco AP's and cisco equipment and IOS software, and they supposedly have wep enabled too so im not sure how that came out unencrypted in plain text, also they have some hardware called cisco1900, not sure what it is havent looked on their site. should i let them know too that they are broadcasting patient info out in the open. im startin to wonder if i could make a lil non profit competely legal service that goes around helping the public secure and give out notices about wireless security and such, i dont know the more i found out there the more i think about it. should i let the hospital know? especially with all that cisco equipment you think that that info wouldnt get out.

  4. #14
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    They have a legal requirement under HIPAA to fix this.

    If you like you can drop me a PM with the name and location, (preferably a web site), for the hospital and I will act as a "go-between" for you.

    It will be clear that I'm not wardriving them but that someone else who shall remain anonymous is concerned about their lack of security in breach of the law..... if you like I'll do the same for the bank....

    Actually, thinking about this.... I'm going to start a thread called "Anonymous Wireless Reporting". If anyone is interested I just respond to it.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #15
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    im more afraid of lettin the hospital know rather than the bank, im pretty convinced im goin to tell the bank. The hospital has all that cisco equipment so you know they are serious, but i still stumbeled upon patient information so they are going to be curious as to how/why it happend and what i was doin, i mean if i were them and i had all that equipment and someone got leaked patient information i would be wondering how they got it too, but its the truth so there has to be a legit reason. i might start a local service here goin around tellin people about their Open AP's, i get alot of stray Arp packets broadcasting IP's which makes it all the easier to connect, people these days.

  6. #16
    Senior Member
    Join Date
    Oct 2001
    Posts
    131
    My town is the same way. Every since wireless came into play this little town of less than 10,000 people has over 120 open networks. Many of them on commercial property.

    The down side is that telling a company they are open or insecure can often bring on more problems than not telling them...for you at least. I tried explaining to two banks that their wireless network was un-safe. Since I wasn't the lazy IT guy they didnt believe me. A few months later over 300 credit cards where comprimised. The culprit..their wireless network.

    I do not see where a wireless network is an asset to any business. It can not be secured, WPA and WEP can be cracked. And with the traffic most banks/companies push, it could be done in no time.

    I tried to even tell the ISP how un-safe it was, All I got was a bunch of double talk about how it is secure. B.S.

    I say tell the bank, and if they don't want to listen, its time to get the word out some how about how un-secure wireless is, and that some banks in your town are using it. Don't mention names, the people will do the rest.
    Whats a \"START\" button?

  7. #17
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    There are secure wireless networks. They are not however WiFi, they are expensive and propietary. WPA has been cracked?

    //EDIT it appears some claim to have "proof of concept" to cracking WPA but only on weak passwords and non-radius based authentication?


    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #18
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Road:

    You can also run IPSEC under WPA or WEP so even if they do crack the encryption they simply run into a second level that isn't as easy.... And it's free.... I dunno what the problem is....

    I recently enabled a WAP at work too..... MAC filtered, WPA encrypted, the whole 9 yards.... What's even better is that when you work your way all the way through the security and figure "I'm in!!!" you slowly find out that you spent all that time getting onto a WAP that is outside, (not DMZ, Outside), the firewall..... . You need to authenticate and create a VPN tunnel to get inside.... bummer.... You could have got there from your home box in the warmth and comfort of your living room..... ROFLMAO
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #19
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    That is true. I have been playing alot with OpenSSH the last 2 days. For windows that is.

    WPA is still safe depending on setup. Some random gooooooogles.


    http://www.techworld.com/mobility/ne...fm?NewsID=2577

    http://wifinetnews.com/archives/004428.html

    http://blogs.zdnet.com/Ou/index.php?p=9
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #20
    Senior Member
    Join Date
    Oct 2001
    Posts
    131
    Chances are if a bank is failing to use WPA or Radius/MAC filtering. Then the passwords they pick won't be that great.

    You can also spoof a mac address in any OS. Some systems work better than others, Brillan has MAC checking and spoof checking.

    No matter how secure a wireless network is today, it'll be cracked tomarrow.
    I would'nt be suprised if the next kismet/airsnort/wepcrack can crack WPA in a few hours.

    The bank is probably using cheap linksys/agere wireless equipment. So I'd probalby try getting them to replace it when you tell them about the ensecurity.
    Whats a \"START\" button?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •