Last week I came down pretty hard on Air Defense (here and here) for phishing WAPs at the InfoSecWorld trade show. Well just to show you that sometimes people make mistakes and if you blog it, you may get it addressed, I wanted to share the following email that I received today. I have redacted out the names to protect the innocent and the guilty.
Alan,
Let me start by first apologizing for any inconvenience I might have caused you or any other vendor at InfoSec World. You can be assured that next time I will collect alarms in the privacy of my own home prior to going to a convention. I setup a test box during the vendor setup on Monday, this is a tool we use to show some wireless attacks. After about an hour I shut it off, I was using it to gather some historical data to show in Advance Forensic. If I recall correctly it did run it for about 5-10 minutes the 2nd day after the demo crashed and we lost the data I collected on Monday (plug was kicked out). This was very brief and not intended to be harmful.
The intent behind using the page with AirDefense was in case anyone who saw the page could at least ask us why it happened and we could apologize and explain that it was just temporary. JOHN DOE, the gentlemen you spoke with, was not aware of my actions nor was anyone else from AirDefense. I did ask him to point you out so I could apologies and let you know it should no longer be a problem but he didn’t see you. I unplugged the test box just in case it was still doing something behind the scenes. Once again I do apologize for any issues I may have caused. If you have any questions or comments please feel free to call. Also thanks for making us aware that it may have still been phishing people off their APs.
Thanks,
So to this Air Defense engineer, I take you at your word and apology accepted. I am glad to hear that Air Defense does not condone this as a legitimate trade show tactic. Go in peace and sin no more ;-)
