On Fri, 07 Nov 2008 09:43:54 GMT, n3td3v said: > good poll you have doing this, not only do you gain intelligence about > your readership, but you have a bunch of ip addresses logged with > their respective answers about their wireless posture. answering such > a poll could be a security vulnerability in its self but there is no > security through obscurity though right? There's nothing I could add to the answers to that poll that a determined hacker couldn't figure out for themselves by reading the public webpage we have on "How to hook up to our wireless network", including lists of which buildings, and even which *areas* in buildings, have wireless coverage (for instance, in our dorms, there's wireless coverage in the study and lounge areas, but *not* in the rooms, as each room has 2 wired ports in it. If you have a room that's adjacent to a lounge and you get enough signal leakage to use it, go ahead, but it's not supported). Or they could just wardrive the campus and figure it out for themselves. In other words, if an attacker is close enough to our campus that they could take advantage of our answers, they don't *need* our answers. And if they're not close enough, it doesn't matter. But it *does* give the SANS crew important info on where to focus their efforts - if 47% answer "My site is doing stupid thing XYZ, and I can't convince them otherwise", then they know they need to spend more effort explaining why XYZ is stupid, in words short enough to be understood by the management person who needs the clue.
Attachment:
pgpNjzj612Fpf.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/