Re: Unsecured WiFi at work

Ok, first, can't you report it anonymously?

Second, it is unlikely, but possible that they are running a secondary authentication mechanism behind the AP (VPN, RADIUS, LEAP blah blah blah).

I would anonymously mention it if you are genuinely trying to help out.

The hospital in my town does as well have a unencrypted wifi network. It is very powerful because they want to cover the entire building, so it is a severe flaw.

Re: Unsecured WiFi at work

This is very common for hospitals.
though they may not rely on AP security( such as WEP/mac filtering/SSID... etc. ) as Chris previously mentioned they may have other security measures running that you are not aware of, and cannot be aware of with further testing (do not do this if you are not authorized to beforehand) ... also as it was mentioned you most likely want to present this anonymously if at all... they are probably paying someone to make sure their data is secure, but they may not be doing their job... and that DOES NOT make it your job.
there are a few people that will call them up and tell them and even offer their help... I wouldn't suggest this unless you are prepared to defend yourself... for some reason people don't like to be told that their barn door is open, and it is likely that even though you may pose as the messenger, they will be looking for someone to blame, especially someone that wasn't supposed to be there in the first place...

Thanks, guys. Looks like anonymous may be the way to go here.
I thought of another alternative: Two of the higher ups around here (doctors, not suits) know me pretty well and are good guys.
They'd make *great* shields as they are pretty much at the top of everyone's "do not fuck with" list.

Al

And sorry about posting to the wrong area.

Yeah,same with the hospital in my town,some friends and i were wardriving and picked up the AP about 2-3 miles away. *Shakes finger* not very responsible on their part.

Must have been one hell of an AP.

Or a good antenna.

Al

This definately violates HIPPA standards if there is no secondary authentication set up. I keep seeing this more and more in my professional life, folks deploy wireless then months later ask 'are there any security implecations for having done this?'. I would recommend making an anonymous comment about this issue tho. I found myself in this position at and old job. I was a low level tech support guy. I fixed desktops and unjammed printers. However, while using the corporate network I was able to gain unrestricted access to some very sensitive data that affected a lot of customers. Being a good employee, I told a supervisor about what I was able to do. Rather than get a 'good job', I almost got fired. See thier 'policy' regarding security was to pretend it wasnt an issue. If someone brought up an issue, you got rid of them rather than fix the problem. I can almost guarantee the hospital will respond in the same manner. What you casualy found could cost someone thier job, and that person is going to be some sort of manager. Managers aren't about to lose their cushy job because of some noisy underling, they'll just shut you up. If your anonymous note dosent prompt change, for the sake of the people who are trusting the hospital with their info, you may want to report them.

Thanks, Noid. There was a guy in Alabama in 1990 (I think) whose last name was Noid. The guy snapped like a rubber band and held hostages in a Dominos for 8 hrs before the cops got him. He thought Dominos wanted people to "avoid" him...

Well, I talked to the medical chief of staff who talked to risk management (without mentioning me) and they crapped a brick.
They were already working on an advanced patient privacy program (shredding docs, etc) but hadn't considered the airwaves.

Looks like something will get done.

Al

Well, an update. They still haven't enabled WEP, but I did receive a list of questions through my MD higher-up friend.

1. Where exactly were you in relation to the hospital?
2. What equipment were you using, in detail?
3. Were you running any special software?
4. How did you recoqnize that you had connected to the hospital network?
5. Did you get access to any systems, or just establish a connection to an access point?
6. If you did access computer systems, which ones?

My answers:

1. Uh, in the hospital (will have to explain about those exotic devices called antennas).
2. Uh, a notebook and a built-in crappy wi-fi card (Toshiba, Toshiba).
3. Netstumbler! But you don't *need* any special software at this point...ARRG!
4. No, just established that the connection was there.
5. N/A

I guess I'll print out the ns1 file along with a comparison file...maybe they can understand the little lock icon thingie. Tell them to get to their router and enable WEP.
Maybe throw in an anology to a open modem line.

A couple of quotes from the list:

"We do block the access". Referring to the wired network, no doubt.

"Dear Dr. X, I am following up on your report of the inappropriate access to the hospital network (italics mine)". So the problem's [I]me[I], not the network.

This is depressing. I mean, I'm certainly no expert on this stuff, but they seem to be so completly *clueless*...

Al

You're not going to believe this.

When I wrote the last post, I was in my local internet coffee shop (free broadband, gotta love it) when someone behind me said: "I couldn't help noticing you're on the DefCon page".

Well, said person turned out to be Mike, the guy who coded AirJack and gave a talk at last year's Black Hat! Small world.

So even if they have a VPN, they could still be insecure...

I wonder if I should just ask permission to attempt a connection and find out one way or another...

Al

in the library here they have open access, but require you to log into a vpn to be able to access anything. before you log in all websites are redirected to something that says: you have not logged in to the vpn yet. please start the vpn client and try again. until you know that you can access anything without logging in there is risk of compromised records or anything. i specifically don't use wep at my home, it is very slow, and not secure. it can be cracked in 24-48 hrs i believe depending on the amount of traffic on it, it is not processor intesive either, a pda could do it, you just need to capture a shitload of traffic. vpn is the way to go for secure access, heck even on a wired lan at a hospital, how hard would it be for joe shmoe with his laptop to plug into an ethernet port in one of the rooms while visiting his brother?

i don't know. it just seems to me that you are stirring things around, possibly without any justification. try to access a) the outside world. b)a system with not confidential material on it. don't enter it, just see if you can communicate with it.

if anything i said sounds wrong it very well could be just post and don't be an asshole

--simple3
.

sniff sniff... what is that smell?

I would like to add a comment here about telling someone their network is insecure and why this could be a bad idea. It's not limited to this scenario - it's actually a human social thing. If you tell someone their hair is out of place, or their nickers are showing, you will most likely get a bad reaction from a stranger. This seems illogical to me (and maybe other puter geeks) but is human nature...

Anonymity is probably a good idea, but then why tell them at all? There are pretty obvious legal implications of saying anything to them after you've accessed their network without permission so I wouldn't even go there.