From: Pete Herzog (lists@isecom.org)
Date: Wed Jan 11 2006 - 18:50:50 EST
Hi,
Just for a moment, consider the scenario that you were going through the
neighborhood seeing if windows are unlocked. If they are, you open them
or even just knock on the front door and tell them you see the window is
open and you can fix that for security reasons.
If that scenario doesn't strike you as so over-security-conscious that
it's idiotic, then you should know it is indeed a Sponge Bob episode
(yes I have kids who watch TV sometimes).
Now let's look at this again and ask yourself, who are you to assure a
neighborhood business, person, etc. is breaking your security rules
(knowing best practice is not best for all)? You can argue they're not
aware. Well, it's not your place. Are they hurting you? Are they
hurting others? You can argue, "not yet but statistically" and I'll
show you a teenage boy with a fast car who if doesn't kill someone
someday will probably cause a decent share of road rage (statistically).
But it's not illegal yet until the damage is done.
I know it's frustrating to see bad or no security but they may have a
reason for it. And if they don't have a reason so what unless it's
harming someone else or has the potential to do GREAT harm (like
discovering they allow cell phones near drug dispensing devices in the
hospital). In that case, try to go through proper channels and then
maybe even alert the proper authorities. Be a watchdog and not a
vigilante. It's better for business too.
Sincerely,
-pete.
www.osstmm.org - www.isestorm.org - www.isecom.org
Rapaille Maxime wrote:
> Hi,
>
> During some site survey or wireless audit, I have found some companies
> (other that the current customer) having badly protected Wifi network.
> And a lot of non protected at all, advertising the name of the company
> or the university as SSID.
> I have found myself in the same dilemna : contact or not contac them ?
> I tried once, and got a 'very' negative reaction.. Never did it again
> But Yes, it's very frustrating to see all those companies need our
> services, and you can't help.
> Perhaps, for example, if it's very critical for your country (some gov
> institution or the like) you could try to contact a kind of computer
> Crime unit (like we have in Belgium) and explain them the situation..
> If they understand what you are speaking about they woumld probably
> react, but, they won't be able to give your company's name as a
> reference..
> Frustrating dilemna...
>
> Regards
>
> Max
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:21 EDT