Date: Fri, 10 Jan 2003 14:20:08 -0600 From: Dave Hull <dphull@insipid.com> Subject: Re: What to do? Message-ID: <Pine.LNX.4.44.0301101405530.16263-100000@insipid.cc.ukans.edu>
On Fri, 10 Jan 2003, jose sanchez wrote:
> The other day I was war driving somewhere in KC and
> found 5 WLANs that I could take total control of. The
> owner left the configurations with all the default
> passwords... There was even one small company that had
> a wireless print server that was vulnerable, I could
> have used the printer if I wanted to. I also
> downloaded their client's database (in ms access);
> Now, my question is:
>
> Should I let them know their Network is vulnerable and
> offer to tweak it for a small fee or just let them
> find out the hard way?
>
I think you should go and turn yourself in to the local authorities for
stealing some company's data. :p
Seriously, if I were in your shoes, I think I'd call the company and ask to
speak with the owner. Explain to him that you were working in the area and
noticed that his network was wide open. Explain that people can steal company
data or change it, or worse...
Let him know that you're a technology worker and that iff he doesn't already
have someone who does computer work for him, you'd gladly spend 5 or 10
minutes with him showing him how to change the default passwords, enable
stronger encryption or whatever. I would offer this complimentary, it probably
won't take very long and if it takes longer than 10 - 15 minutes to figure
out, walk away and recommend that he contact someone else about it.
If you're friendly, polite and helpful, you may get additonal paying work out
of the deal. If not, no big deal, you've done your good deed for the week.
Then again, the owner might be an a-hole and tell you feck off.
-- This none to helpful reply brought to you by,Dave "a" Hull, http://insipid.com