r00k
2[H]4U
- Joined
- Aug 24, 2004
- Messages
- 2,696
I'm sitting here at the desk of one of my clients, in a downtown business area of a larger city, working on repairing a windows xp installation.
And while her computer is doin it's thing, i pulled out the laptop, and what should i find, but an unsecured wireless 802.11g signal that i know does not belong to my client. So I did what i assume most any of us would, and that is, use it. Naturally, i wanted to learn what i can, and sure enough, the router uses the default password of admin. There are some dhcp leases out, but no machines reachable by scanning the networks full range of ip's. Which is fine by me. I do an ipchicken and find the ISP, the connection is great.
But now we delve into the other side of things - ethics. What i am doing is considered wrong by some, essentially white hat hacking (by mitnik's definition). I am not attempting to take this network over maliciously, breach it's security to cause harm, but i know that if it was this easy for me to do it, then someone who would want to cause harm will also have a very easy time.
The question is this - should i change the password on the router so that only i, a responsible and well-meaning individual, has the ability to mess with this router, thus preventing malicious individuals from gaining full access? I feel it is safe to assume that the owner does not ever change the settings of this router, they just want it to work, and if they really needed to make a change, they would have to reset the router and reconsider security anyway. Conversely, it is my intention to leave their wireless signal untouched, and not put any security on it because that would effectively disable it for the owner, which would be a malicious act.
Please share your thoughts.
And while her computer is doin it's thing, i pulled out the laptop, and what should i find, but an unsecured wireless 802.11g signal that i know does not belong to my client. So I did what i assume most any of us would, and that is, use it. Naturally, i wanted to learn what i can, and sure enough, the router uses the default password of admin. There are some dhcp leases out, but no machines reachable by scanning the networks full range of ip's. Which is fine by me. I do an ipchicken and find the ISP, the connection is great.
But now we delve into the other side of things - ethics. What i am doing is considered wrong by some, essentially white hat hacking (by mitnik's definition). I am not attempting to take this network over maliciously, breach it's security to cause harm, but i know that if it was this easy for me to do it, then someone who would want to cause harm will also have a very easy time.
The question is this - should i change the password on the router so that only i, a responsible and well-meaning individual, has the ability to mess with this router, thus preventing malicious individuals from gaining full access? I feel it is safe to assume that the owner does not ever change the settings of this router, they just want it to work, and if they really needed to make a change, they would have to reset the router and reconsider security anyway. Conversely, it is my intention to leave their wireless signal untouched, and not put any security on it because that would effectively disable it for the owner, which would be a malicious act.
Please share your thoughts.