Opinions on my "scare" flier.

Configuration and operational information about stumbled AP's

Opinions on my "scare" flier.

Postby Raydr » Thu Aug 28, 2003 6:47 pm

I've been trying desperately to raise awareness regarding unsecured APs in my area (Gainesville, FL (Univ of Fla)). A client of mine is friends with one of the local news stations and is seeing if they're interested in doing a piece on this. I've seen some very (non-educational) newspaper columns about wireless networking, but I've gotten very annoyed at the lack of information that they provide, such as the dangers of having it unsecured and what you need to do in order to secure it.

I figure the only way to really get the point across is to "scare" the consumer into fix it.

I am a high speed internet subcontractor for a very large cable company, and as I pull up to client's homes, if I detect an unsecured AP, I give them a lecture. Generally they are appreciative and it ends up in a small service call for my consulting company.

I would like to place fliers throughout some of the higher AP populated areas. I would like some honest thoughts and opinions regarding this flier:

http://www.matosconsulting.com/Scare.htm


Thanks.

P.S.: I apologize if this is inappropriate for this forum. I do not believe I have broken any rules and have posted in the correct forum.
Hey!
Raydr
Mini Stumbler
 
Posts: 14
Joined: Sun Dec 22, 2002 2:27 pm

Postby Mr.White » Thu Aug 28, 2003 8:00 pm

Drop the "hacker" line.
A good way to threaten somebody is to light a stick of dynamite.
Then you call the guy and hold the burning fuse up to the phone.
"Hear that?" you say. "That's dynamite, baby." -Jack Handey
User avatar
Mr.White
 
Posts: 1051
Joined: Fri Oct 04, 2002 9:01 am
Location: Minnesota

Postby sparafina » Thu Aug 28, 2003 9:46 pm

Post a map of the NW quadrant of Gainesville instead of around the university. I don't think the folks with APs clustered aroung the Crystal Burger across from campus would give a flying Crispy Creme.

How 'bout them Gators?
User avatar
sparafina
Mini Stumbler
 
Posts: 1428
Joined: Tue May 07, 2002 2:12 pm
Location: TX,MD,NY

Postby G8tK33per » Fri Aug 29, 2003 3:47 am

Taken from the flier: "What’s stopping an identify thief from parking down the road and monitoring everything you do online, including your emails, passwords, instant messages, financial information, private business information, etc?"

It's 'identity' thief...
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Ralph Nader, I presume?

Postby peekitty » Fri Aug 29, 2003 4:38 am

The local newspapers and TV stations have been running "scare" stories about the dangers of unprotected 802.11 for well over a year now. What kind of revolutionary breakthrough in communication have you discovered that will cause people to people read, understand, and heed your message when the usual media sources have had little apparent impact?

Kudos for your sense of civic responsibility, but you probably shouldn't let yourself get too worked up over this.
User avatar
peekitty
 
Posts: 1054
Joined: Wed Sep 04, 2002 6:14 am
Location: S. Florida

Postby mvario » Fri Aug 29, 2003 5:26 am

Have you considered a career in the news media? :D
mvario
 
Posts: 137
Joined: Fri May 24, 2002 6:53 pm
Location: NYC

Postby Thorn » Fri Aug 29, 2003 5:28 am

Scare tactics bother me, because I don't like spreading FUD, especially the "OMG! Dirty, rotten hackers!" card. IMHO you're better off simply saying that there is a danger, and it needs to be fixed, rather than "ARE YOUR ONLINE ACTIVIES BEING WATCHED?" However, I also realize that the public is just like the proverbial mule: You have to hit him in the head with a 2x4 to get his attention.

I have a flier that I hand out to clients, which you may wish to look over. The content is detailed in this this thread with links to the PDF. It is lower-key, with little FUD. Rather it has a detailed list of suggested fixes. Even though it spells out what should be done to the point that they could do it themselves, most clients ask me to do it for them.

Also, As Mr. White said, drop the use of the word "hacker." It is exactly this kind of use that smears us all, and is insulting to use it in this manner. Use "attacker", "thief", "cracker", "scum sucking, low-life, scrote-bag" or other such term, but don't use "hacker."
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby G8tK33per » Fri Aug 29, 2003 7:42 am

Originally posted by Thorn


Also, As Mr. White said, drop the use of the word "hacker." It is exactly this kind of use that smears us all, and is insulting to use it in this manner. Use "attacker", "thief", "cracker", "scum sucking, low-life, scrote-bag" or other such term, but don't use "hacker."


I prefer "numb-nut m^ther-f^cker" myself but hey, whatever works...right?
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Postby 1EZway » Fri Aug 29, 2003 12:24 pm

another hero?
1EZway
 
Posts: 47
Joined: Thu Jun 20, 2002 12:45 pm
Location: Mid Atlantic in Hurricane Alley

Postby bws1 » Sun Aug 31, 2003 3:08 pm

Thorn,

To a certain extent, I do agree with you that strong-armed scare tactics can be a little, but sometimes it does take a good solid boot to the shin to get someones attention. Case in point, and correct me if I've repeated this story, I was stumbling in my home town and the moment I drove past the local hospital, the laptop lit up like a NHRA Christmas tree. And as luck (for the lack of a better term) would have it, my father was a patient there, at the time, and I sat there out in the parkinglot surfing the net, checking my hotmail account, etc... For grins, I even fired up ethereal and low and behold, I was getting patient data... names ssn's etc.

Needless to say, I wasn't amused.

Well to make a long story short, I called a family friend, who happened to be on the board of directors of this hospital, and informed him of the sheer stupidity of his MIS staff...

If you're not going to use WEP, that's one thing... but to not even have a VPN, encrypting your network traffic is entirely another.

I was able to make use of Look At LAN and do a sweep across their entire network (2200 devices in all) was able to develop a map of several hospitals that are in the same "chain"... etc.

Was I wrong for doing this? Damn right I was! But I went into a meeting with the VP of MIS armed with all this info and the next day there wasn't so much as a peep out of their network.

So, in some instances, strong scare tactics work... But in terms of issuing terrifying statements at the layman, it usually falls on deaf ears.

bws
bws1
Mini Stumbler
 
Posts: 5
Joined: Mon Dec 02, 2002 4:15 pm

Postby G8tK33per » Sun Aug 31, 2003 3:14 pm

Even more stupid...admitting to criminal activity on a worldwide publicly accessible web site. Dumbass.
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Postby bws1 » Sun Aug 31, 2003 4:30 pm

Originally posted by G8tK33per
Even more stupid...admitting to criminal activity on a worldwide publicly accessible web site. Dumbass.



Well, I may be a "Dumbass" but their problems are fixed now. They have taken corrective actions to resolve their lack of security. So, you can criticize me all you want, but the fact is their patient information is now secure.

As for the legality of it all... I'm not going to debate that with you because in the literal sense of the law, I was wrong. Furthermore when I informed the officers of the hospital board, I also made them aware of that fact as well and they cleared me of any wrong doing.

But, not that it's any of your business, I have been involved in network & systems security for about 20 years now, and considering the lack of ethics of some of the wannabe black hats and script kiddies out there, I decided it was well worth the risk of legal repercussions to ensure that patient privacy was guaranteed. Yes, I did have an ulterior motive with my father being in there, but even if he wasn't, I would have done the same.
bws1
Mini Stumbler
 
Posts: 5
Joined: Mon Dec 02, 2002 4:15 pm

Postby Thorn » Mon Sep 01, 2003 8:40 am

bws1,
Personally I can't condone taking an illegal action to justify a problem with netwok security, but I certainly understand your motivation.

I know we had several posts and emails about your actions with the hospital situation in the past. I recalled the you did the sniffing (legal), but not the LAN discovery (illegal). In this particular case it worked out OK, but I would not recommend this action for anyone. That poor SOB in Texas tied something similar, and ended up charged criminally for his trouble.

In any event, as you say, general statements about security usually falls on deaf ears.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

its all about tact

Postby rerunn » Fri Sep 05, 2003 6:35 pm

Whatever your motives are, be it to truly help people or to make some consulting money off of it is entirely your perogative. However, blatantly spreading fud in the hopes that this may provide you business ops AND making that fact known is GHEY in my opinion.

Raydr, im not pointing fingers or anything. Im just trying to point out that there are two distinct motives involved.

I lost the link/article but Renderman did the same thing a while back and left little notes. The notes were very nice and tactful, in fact, he happened to deliver one of his notes to some reporter who ended writing a nice story about him. Thats very cool :)

rerunn.

Renderman, are you still around???
rerunn
 
Posts: 70
Joined: Wed Jun 05, 2002 8:49 pm
Location: way up north

Re: Ralph Nader, I presume?

Postby hax0r » Sat Sep 13, 2003 8:21 am

Originally posted by peekitty
The local newspapers and TV stations have been running "scare" stories about the dangers of unprotected 802.11 for well over a year now. What kind of revolutionary breakthrough in communication have you discovered that will cause people to people read, understand, and heed your message when the usual media sources have had little apparent impact?


Personalization.

It's one thing to hear about "someone else's" unsecured WiFi being abused; it's quite another to find a map of your neighborhood with a pushpin sticking out of your house hanging on your doorknob when you come home from work...
hax0r
Mini Stumbler
 
Posts: 7
Joined: Tue Sep 03, 2002 2:13 pm

Next

Return to AP Information

Who is online

Users browsing this forum: No registered users and 2 guests

cron