|
Posted by Imhotep on September 28, 2005, 9:20 pm
If you were Registered and logged in, you could reply and use other advanced thread options
teh Mephisto wrote:
> For those of you that don't know, Dartmouth College is the first college
> to go totally wireless. I'm sure many of you have been to a coffee shop
> /book store (Barns and Noble) and have seen that they offer public
> access wifi hotspots. This means that you don't have to have a password
> or pay anything to get connected.
>
> Most of these places probably do not have any way of preventing
> hijacking attempts. If I decided to go to my local starbucks and setup
> a fake wifi, theres nothing stopping me.
>
> But I don't even have to do that to get your passwords. All I have to
> do is throw up a packet sniffer and bam I have all of your email
> passwords/website passwords. POP3 is an unencrypted protocol. WIFI
> access points act as hubs. Unless everything is running SSL all of your
> passwords are being sent out to everyone connected to that WIFI access
> point.
>
> I'm telling you this to inform those of yall who don't already know, and
> to ask a question to those of you who are in the profession and know
> everything there is to know about wifi.
>
> What is stopping me from going to Barns and Noble, firing up Ethereal,
> and getting everyones passwords for email/websites? Is there a way to
> disconnect a computer that shows signs of running a packet sniffer? Is
> there even a way to tell that a computer is running a packet sniffer?
>
> This is something you might expect to see at Defcon or Blackhat but
> probably not in your local Starbucks. Next time you are there, think
> about the security risks and don't check your email or visit a site that
> requires you to have a password unless you send it via SSL (Gmail,
> banking sites, etc).
>
> I am cross-posting to get as many opinions/answers as possible.
>
> Thank you for your time
Pretty much common knowledge (at least in this news group)....
Im
| 
XML site map