Company IT security

[ayu]

<rant>

I work as a Software Engineer at a pretty large consulting company in the city where I live.
I have known all along that this company doesn't bother about security much, and all my previous warnings about how dangerous it is to handle it so carelessly, have been completely pointless.

Yesterday I decided to prove a point by breaking into our "high security wireless network" (they call it that since we are using the best encryption available).
The problem with the "high security wireless network" is that the router has WPS available (Something I have pointed out a number of times).

So I setup a WiFI antenna in my office, and fired up wash to see if the router shows as a potential target, which it did.
I then started reaver and targeted the SSID, and then just sat back and watch.

It took less than 4 hours to bruteforce the WPS PIN and get the oh so long and uncrackable password that we have.
I sent all this to the person in charge, just to get a response that "We will fix this eventually" (which is the same as "we won't fix this" in this company).

It angers me that I have absolutely no power to fix this, and no one seems to listen to my warnings.
I even suggested that I act as a "real" attacker from the outside, and tried to deal some real damage (this suggestion earned me a warning from my boss).

My dream job is to work for a real IT security company, but they are usually small around here and hard to get employed at, so I guess I will just have to live with this for a while, and continue trying to find another more suitable job for me.

</rant>

[ph0bYx]

Did you apply for EC3?

[ayu]

Did you apply for EC3?

Yup ... only law enforcement accepted -.-

So I'm back on square one.

[ph0bYx]

Damn. Maybe try some part time IT security work? Something like a private IT detective or such Gain experience

[ayu]

Damn. Maybe try some part time IT security work? Something like a private IT detective or such Gain experience

Yeah, actually recently applied to something similar
They wanted my CV, so I have sent it to them.
We'll see where that takes me

[maboroshi]

Or start your own IT/Sec business

You would have a pretty solid team if you needed it.

Mabs

[ph0bYx]

too much bureaucracy for a business imo. But I've always dreamed of having an IT security group much like the Lightman Group from the show Lie To Me

[bad_brain]

@cats
for them it's some kind of "time waste thing geeks do"...they don't even see the potential risks for their company behind that and how someone with financial interests ( a competitor) could make use of that. business is war, and most companies are poland.

@ph0
too much bureaucracy? actually not really. of course depends with who you work together with and how trustworthy you are labeled by new customers.

my business is, besides the computers and servers, pretty much this:



and this is not even a joke.

[ph0bYx]

Not really bureaucracy, but paper work was the word I was looking for. Managing your own company is more economy, organization, networking, damage control etc. than actually doing the work..

[bad_brain]

ok, that's true. I spend at least 30% of the time with maintenance work like keeping the servers running properly or preparing for customers messing up their sites (doing backups).