Wardriving for fun and profit?

Hello all!

As an IT consultant I'm becoming more and more concerned about the
proliferation of unsecured wireless networks. I'm wondering what everyone
thinks about the ethics of offering to secure discovered networks for their
owners (for a nominal fee of course).

This seems like it could be an issue for some people. When you reply please
let me know what area you're writing from (province or state is enough) so I
can see if there's any sort of regional bias here.

Thanks,

Ian

"Ian Pattison" <(E-Mail Removed)> wrote in
news:bpuk1p$1tgmt3$(E-Mail Removed):

> Hello all!
>
> As an IT consultant I'm becoming more and more concerned about the
> proliferation of unsecured wireless networks. I'm wondering what
> everyone thinks about the ethics of offering to secure discovered
> networks for their owners (for a nominal fee of course).
>
> This seems like it could be an issue for some people. When you reply
> please let me know what area you're writing from (province or state is
> enough) so I can see if there's any sort of regional bias here.
>
> Thanks,
>
> Ian
>
>
>

If there is a way to make money and help people, then I suggest you find
away to harvest it. I am in IT too and was once a consultant. BTW, the
home users don't know the pitfalls of wireless and don't know how to
protect the network.

IL.

Duane

Hello
I just installed a wireless ap. I think its secure but would
love to pay someone to test it for me. I don't think you
would get rich doing that but you could sure help some
folks.
basil
"Ian Pattison" <(E-Mail Removed)> wrote in message
news:bpuk1p$1tgmt3$(E-Mail Removed)...
> Hello all!
>
> As an IT consultant I'm becoming more and more concerned
about the
> proliferation of unsecured wireless networks. I'm
wondering what everyone
> thinks about the ethics of offering to secure discovered
networks for their
> owners (for a nominal fee of course).
>
> This seems like it could be an issue for some people. When
you reply please
> let me know what area you're writing from (province or
state is enough) so I
> can see if there's any sort of regional bias here.
>
> Thanks,
>
> Ian
>
>

There's nothing new about your proposal to offer WiFi configuration
revisions so as to address the enormous issue of the users unknown RF
exposure to potential hackers. Certainly nothing unethical. The approach has
been used in corporate America for years directed to spyware and boardroom
monitoring devices. Many successful businesses have been built on the
knowledge and methodology of securing systems and therein providing a needed
and worthwhile service to companies.

Just issue a disclaimer at the outset that YOU DID NOT HACK the system, nor
would you do so since various statutes address this illegal activity.
Further, you will need to establish credibility with the client and be
prepared to present references since how do they know you won't create more
problems, i.e. install a surrepitious keylogger once you have access.

By some, you will be received with open arms. Others will be skeptical.

Bill
Texas
================================================== =========
"Ian Pattison" <(E-Mail Removed)> wrote in message
news:bpuk1p$1tgmt3$(E-Mail Removed)...
> Hello all!
>
> As an IT consultant I'm becoming more and more concerned about the
> proliferation of unsecured wireless networks. I'm wondering what everyone
> thinks about the ethics of offering to secure discovered networks for
their
> owners (for a nominal fee of course).
>
> This seems like it could be an issue for some people. When you reply
please
> let me know what area you're writing from (province or state is enough) so
I
> can see if there's any sort of regional bias here.
>
> Thanks,
>
> Ian
>
>

Ian Pattison wrote:
> Hello all!
>
> As an IT consultant I'm becoming more and more concerned about the
> proliferation of unsecured wireless networks. I'm wondering what
> everyone thinks about the ethics of offering to secure discovered
> networks for their owners (for a nominal fee of course).
>
> This seems like it could be an issue for some people. When you reply
> please let me know what area you're writing from (province or state
> is enough) so I can see if there's any sort of regional bias here.


You might consider your risks first. In many cases, enabling encryption
decreases range and thru-put. The customer will be more than curious about
this when they experience it. And, accoridng to my reading, there is no
such thing as a completely secure wireless network. What if someone with
time on their hands and access to knowledge actually hacks the customers
wireless network? You have claimed to make it secure. The liability is
enormous.

That said, there are a few fellows in my home town who do this very thing.
They claim to make a few hundred extra dollars a month.

Lastly, be aware that some people (like me) leave wireless networks open on
purpose. There are a few databases on the net that provide maps to and
locations of open hotspots. The vast majority of the hotspots in those
databases are open because of the "wireless garden" idea or are open because
the owners are providing them as a community service or customer
appreciation perk.

My network has several reasons to be open. There is a community group I
belong to that advocates the sharing of resources and dabbles in technology
education. I host a couple of game servers and a couple of web servers to
other members of the community group. At any given time, there can be 30 +
people playing Unreal Tournament and another 30 + people playing Half Life.
Currently, I'm hosting webspace on a W2K Server for about 40 college kids
who are learning ASP pages, and space for another 40 + High School kids who
are learning basic HTML. I also have a couple of linux boxes that aid a
handful of interested people in learning unix commands and scripting as well
as PERL scripting for Apache. As luck has it, we have a technical college
here that teaches Cisco, so the bridging (and other networking) challenges
have been met with perfect opportunities for interested students to solve
real-world problems.

So, don't be surprized when you knock on someone's door to tell them about
their open network and they just laugh. - I would. Well, first I'd laugh,
and then I'd invite you in for coffee and I'd show you our map of connected
systems and I'd give a little speech advocating our user group while trying
to determine if you are someone who might be interested in participating.

"i'm_tired" <(E-Mail Removed)> writes:
>
> You might consider your risks first. In many cases, enabling encryption
> decreases range and thru-put. The customer will be more than curious about
> this when they experience it. And, accoridng to my reading, there is no
> such thing as a completely secure wireless network.

There's no such thing as completely secure wired network either.

WiFi Protected Access addresses all known vulnerabilities in WEP, and
naturlaly is a big improvement over wide open networks.

> What if someone with time on their hands and access to knowledge
> actually hacks the customers wireless network? You have claimed to
> make it secure. The liability is enormous.

No wise security professional ever claims they've made something
secure. At best, they tell you "We've addressed all currently known
vulnerabilities." Normally, they'll assure, we're eliminated several
known vulnerabilities as potential intrusion mechanisms.

It's a risk-mitigation business.

> So, don't be surprized when you knock on someone's door to tell them
> about their open network and they just laugh. - I would. Well,
> first I'd laugh, and then I'd invite you in for coffee and I'd show
> you our map of connected systems and I'd give a little speech
> advocating our user group while trying to determine if you are
> someone who might be interested in participating.

I'd say the laughers would be in the stark minority, though. The
"clueless gaping network" crowd I'm guessing accounts for probably
well over 90% of all unsecured wireless networks.

--
Todd H.
http://www.toddh.net/

"Todd H." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "i'm_tired" <(E-Mail Removed)> writes:
> >
<...snip...>
> > What if someone with time on their hands and access to knowledge
> > actually hacks the customers wireless network? You have claimed to
> > make it secure. The liability is enormous.
>
> No wise security professional ever claims they've made something
> secure. At best, they tell you "We've addressed all currently known
> vulnerabilities." Normally, they'll assure, we're eliminated several
> known vulnerabilities as potential intrusion mechanisms.
>
> It's a risk-mitigation business.
>

Good point. But the previous poster is right. An IT professional working for
an organization can explain to the boss that there is no such thing as
perfect security, and only risk losing a job if expectations can't be
adjusted to reality. But in this litigious society, if you get paid to
improve somebody's security and they get hacked anway, it doesn't matter how
carefully you worded your claims. Unless you have liability insurance, one
lawsuit could ruin you financially, even if you end up winning. An example:
some property managers counsel condimium homeowner associations to NOT to
put locks on their gates, because it creates the appearance of a level of
security that cannot actually be guaranteed. There are cases in which
robbery or rape victims have successfully sued on this issue.