Anonymous Wireless Reporting
Results 1 to 5 of 5

Thread: Anonymous Wireless Reporting

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Anonymous Wireless Reporting

    It came to my attention in another thread where people who wardrive for fun find open WAP's in Banks, Hospitals and other establishments that pass client data in clear via the airwaves. The people who find these, being responsible citizens, would like to report these security breaches but are frightened of the current laws in their country to do so for fear of retribution by the offending WAP owner labelling them a hacker and breaching the law by accessing their data.

    It seems to me, that in the case of wireless access _only_ that since I live in Detroit and much of this is happening in other states that I could act as a no-cost "go-between" from the finder to the vulnerable WAP owner without fear of being accused of being the "hacker" myself.

    It would prove to the WAP owner that the finder is indeed concerned but is sufficiently aware and afraid of the law that they would not report it for fear of retribution. It would be clear to the WAP owner that i have not been wardiving them since I can clearly prove that I live in a different city and can prove that I have not recently been to theirs.

    This takes the 'heat' off the finder and shows the WAP owner that no malicious intent is intended... this is simply a "heads up" service provided to protect an innocent party from the potential backlash of an incompetent or insecure administrator.

    I think it's a good idea.....

    Anyone's thoughts?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Well Tiger I think that is a very good idea, and if you need any help, or the WAP is in the Detroit or Michigan area, just contact me......I would be more than glad to help on this.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    How nice would a goverment ran "disclosure" program be?

    A place that you can report a vulnerability, have it on goverment record when that vulnerability was found, and know for sure that the vulnerable party got the message. I ran into this problem a while back, I had a vulnerability in my hands, and I needed to get a rather large corporation's attention. I failed for over 2 weeks to do so, so I went to Secunia.com. They also failed to get the company's attention... so they released an advisory.

    I think a goverment ran program would be great for all of this, including storefront / WAP vulnerabilitys and such... Something "anonymous" that we can go to. Maybe like us-cert.gov?

    I am reminded of those tiplines in high school...

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    TS: That is a very nice thing of you to do. Hopefully you don't get too many requests. If you start to get too many, then try to get some others on this site to help you out. I'd help if the demand was great enough.

    On another note: If anyone out there is trying to make some extra cash and you like war driving...
    Drive around neighborhoods and look for unprotected WAPs. Then post signs about the unprotected WAPs and why it is bad to have them open to the public. Leave a contact number or email address. If and when they contact you, offer to secure it for them for a small fee. (Fee will change depending on how many hosts you need to configure.)

    The next best thing is... even though you tell them exactly what you are doing and leave a paper outlining and detailing all info that was used to configure it... they will call you back to add more machines to their wireless network. Instant customers and you'll even get some referrals. I've done this in two neighborhoods and made some decent pocket change from it. Just make it clear that you are not their tech support line.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Just make it clear that you are not their tech support line
    Best piece of advice given here in a long time.....

    If you offer any kind of service make it quite clear up front the limitations of that service otherwise they will call you for every last little thing...... trust me.... been there....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •