After Dillard accessed the information, he contacted patients and insurance companies. He also wrote WRAL a letter, stating, "These guys are a bunch of bozos." He also mailed WRAL copies of checks and insurance forms with patient names and procedures.
I have to be very careful to be sure my laptop doesn't accidentally even pull a DHCP address by having my ip statically configured and the adapter down (ifconfig wlan0 down) so that TCP/IP is not active and iptables set to block any/all traffic both ways.
Although I have not yet received my new Orinoco card, (still working with a less than adequate card in ndiswrappers), my understanding and initial testing shows that I can still detect and gather enough information as a completely passive listener to find open wireless sources.
I would absolutely not ever want to connect to any network (leaving any finger prints) that I wanted as a customer (for the very reason in the article). Besides that, I don't care about whatever may be exposed on the network. I don't have time or interest to seek out or exploit anything like that.
My interest is only in trying to make a few extra buck by doing the very easy configuration of their access point and adapters. Perhaps it will open the door to additional work with that customer.
I am VERY open to suggestions as to how to stay out of trouble and how to make the sale!
Mike Johnson wrote:
Glenn Meyer wrote:
Yep, you gotta play on their fears a little to get the to fork over the cash.
You bring up a good point that I haven't yet worked out a complete solution for.... How to successfully sell without scaring them or making them feel threatened. However, it is a potential danger - especially business (my main interest as customers). They need to know and get it locked down to a reasonable level.
It should be noted that a guy went to jail not too long ago by approaching an area hospital with an offer to help secure their wireless network that he had found was wide open. Not sure if he was convicted, but he was brought up on charges:
http://www.wral.com/news/2465963/detail.html
The security industry does not need to be all about fear, uncertainty, and doubt.
Mike
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
