found a bank using unsecure wireless - Page 4
Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 44

Thread: found a bank using unsecure wireless

  1. #31
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Welcome to AO

    Front page
    Left Hand side
    "Edit Site Options"
    Check the little green dot into the "no" hole

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #32
    Member
    Join Date
    Dec 2004
    Posts
    93
    Thanks for the greets guys, alrighty thanks.

    Are we allowed to talk about wardriving in here and other things?
    If at first you don\'t succeed, work for Microsoft.

  3. #33
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Last time Acidloop :
    Delete this post, re-post in GCC............
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #34
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Thars a varmit loose in the dungeon.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #35
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    I was in a situation very close to your just this year. I worked for a small medical clearing hose in town and someone found a hole while trying to script into our system. They contacted us and let us know if the hole, he was about as nervous as you are right now.

    We invited him into the facility to talk about what he found, he met with us.
    We agreed that we would listen to what he had to say, and signed a Non Disclosure Agreement with him.

    Bottom line, he found the hole, we did not have him replicate it, but I got enough information from him for me to try and recreate it. I was sucessful and broke in the same way he did. I then located the source of the problem, recreated it, fixed it, and am forever greatfull that he did find it and inform us. Otherwise it still may of been open today.

    The person that informed us was a CISSP and I belive that he did the right thing by letting us know, as Ms. Mittens will probably let you knoe, when you do get your CISSP and you have studied to get there, that you are also bound by the CISSP code that pretty much stated taht you are obligated to report such an incident if you know about it...its your duty.

    Just my 2 cents.

    Hope this help with your choice.
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  6. #36
    Last time Acidloop :
    Delete this post, re-post in GCC............
    Sounds like this topic is in full swing again, no need to go around deleting things.

    I never knew about this topic until it was brought up again, and it's been a very interesting read. What other experiences have people had in regards to similar wardriving ethical situations?

  7. #37
    Member
    Join Date
    Dec 2004
    Posts
    93
    See, new members can make a differece hehe.
    If at first you don\'t succeed, work for Microsoft.

  8. #38
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Acidloop,

    I am being very serious now, so please read this more than once and THINK about it?

    I am forty years older than you............... ...........In fact I could probably beat you in a Zimmer Frame race

    OK the serious bit:

    What do you think the probability of being convicted in a court is if you and I appeared charged with the same thing?

    Errrr..........I am an adult, have a career, qualifications............etc..........? do you see what I am getting at?

    My "ethical problem" is that you may get into trouble, and this could impact on the rest of your life?

    Please be careful.......
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #39
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    Good call nihil, wasent thinking about that when I posted above.

    If you want to make a differance, please be careful.

    but it is still good that you got advice first, an I hoped it helped.

    As for closing the thread, I think it is good that it was revitalized, no use being harsh about closing a thread if it still has great feedback.
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  10. #40
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Kruptos:

    If you want to make people aware of their security holes I offered in another thread to be a go between for anyone not in the SE Michigan area to pass that information back to the owner of the network _if_ you can positively identify them for me.

    I'm not interested on Joe Public's WAP in his front room, I can find a million of those just round here. But if you found a bank, medical facility, law enforcement agency who are passing confidential information in clear.... Don't go cracking their WEP to show me how 1337 you are.... then just give me a PM with the business name, address, phone, date/time of capture, SSID and a sanitized packet capture of what you can see so I can make a case for you. Sanitized means leave in the first name and initial of the last name of a capture of client data, if it's CC information just leave in the last 4 digits of the CC - same with an SSN. If it's medical or law enforcement then leave the diagnosis or other info in but make sure the name is sanitized.

    I will be happy to make contact with the owner and pass the information on while keeping you out of the picture. You will need to be contactable by me but _only_ for further verification of data. You can do that through a throwaway account at Yahoo or whatever which puts a further layer between you and me which would considerably up the costs of anyone who choses to be really stupid - but i don't think they will.... They have to go through me first..... and I can be a tad feisty when you rattle my cage....

    Please note: I will not do this for anyone who locates an insecure WAP within 100 miles of my locaton at the time of the capture. eg: If I fly to Ft. Lauderdale on my way to the Keys and you send me a packet dump from Miami on the day I passed through Ft. Lauderdale then it's a "no-go". But I do have one other volunteer who lives a long way away that I could put you on to to do the same thing if he is still willing.

    Maybe we could create a network of third parties to maintain a buffer between those who want to do the right thing and those who may turn "nasty" because they are incompetent..... With a network several people could all pass the same information at the same time with only one person knowing the actual email address of the sender.... The more we put up the investigative costs for someone who doesn't appreciate the "intrusion on their happy little world" the less likely they are to pursue and the more likely they are to accept the issue and hopefully fix it...... Anyone interested? It'd be really nice to have an "international" group.... That would screw them right up....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •