Be careful what you broadcast...

[Nutcase]

Quote:

Originally Posted by Garp

good luck trying to get them from an passphrase protected sshkey. still mitm could be used to disrupt things a bit. last years hacker conference had some bloke who used mitm style hacks with snort to replace all images on pages people were viewing with goatse

Should I be concerned that the only term in there I understood was "goatse"?

[LeperousDust]

Yeah this all sounds possible, but unless in a sensitive environment, pretty useless. It's a good toy, and a party trick, but you still need to be in the right place at the right time listening to the right people, at home with WPA/WPA2 enabled i still feel safe because there are too many other hot spots around me to have to worry about the odd person who knows enough about this to "spy" on me. I'm maybe more careful when out and about, but i very rarely use my wi-fi in cafes motorway service stations anyways. Which again are in my eyes pretty safe. A "hacker" would have to be sitting round all day, in the hope of stumbling upon something signifigant...

[Dr. Z]

My point wasn't about your home access points, which whilst aren't secure outright if you aren't doing things right, the chances of someone targetting you is slim.

However, my point is extremely pertinent in McDonalds/services/hotel wifi access points - they are, by and large, completely vulnerable to attack. Anyone that believes that this stuff isnt good enough to complete a proper attack against a public access point like those is naive. In a hotel for example you have people using wifi all the time and in a motorway services you have even more people coming and going - and as it is paid for you have credit card details being broadcast left right and centre as well as other (largely unencrypted) traffic.

Rich pickings IMO

[divine]

I'm confused as to what this enables.

So basically, were I to take a laptop and connect somewhere and you were nearby with this software, you could see everything that was coming and going to my laptop?

[LeperousDust]

I've never had to divulge credit card info with t-mob hotspots... Best they get really after trouble, through the t-mob hotspot thing (some kinda vpn) and https connections is probably my gmail password, which is obviously a good starting point and yes i'd rather nobody else new that, but its not "easy" and a lot of work to find out you haven't really divulged much (no passwords on my gmail at all and i rotate passwords too). I agree if you get the right stupid business man with a business account its probably worth it. But you don'y know who you're watching... If there are 30+ people in a cafe how can you keep on top of all the possible traffic and know thats its even worth the while? Plus trying to fiddle around and crack ssl/vpn stuff? Although i understand everyone doesn't use this ().

[Garp]

Quote:

Originally Posted by divine`

I'm confused as to what this enables.

So basically, were I to take a laptop and connect somewhere and you were nearby with this software, you could see everything that was coming and going to my laptop?

Basically.. its always been the danger with wireless networks, possible to hijack under the right circumstances. Better encryption methods like WPA2 help a lot, but very few 'public' hot spots bother with these.

[Will]

That's why I always use my mobile connection (3G) to do any bank orders in public places - I know this is not flawless either, but it's probably a little safer. I've almost given up on wireless now, it's ok as a convenience but networking is so much more efficient with a nice piece of copper or optical cable

[Dr. Z]

Quote:

Originally Posted by LeperousDust

I've never had to divulge credit card info with t-mob hotspots... Best they get really after trouble, through the t-mob hotspot thing (some kinda vpn) and https connections is probably my gmail password, which is obviously a good starting point and yes i'd rather nobody else new that, but its not "easy" and a lot of work to find out you haven't really divulged much (no passwords on my gmail at all and i rotate passwords too). I agree if you get the right stupid business man with a business account its probably worth it. But you don'y know who you're watching... If there are 30+ people in a cafe how can you keep on top of all the possible traffic and know thats its even worth the while? Plus trying to fiddle around and crack ssl/vpn stuff? Although i understand everyone doesn't use this ().

Some APs don't require you to pay, some do, thats all. HTTPS is vulnerable to Man In The Middle attacks and the software to do that is freely available and relatively easy to use. I could theoretically stroll into a wireless hotspot and with relative ease I could have [b]every[/i] packet being sent through my laptop on its way to the real internet, being filtered for usernames/passwords and other useful stuff. It doesn't even need to be in realtime either, you can log all of the packets you see and run an analysis of them later.

SSL and VPN stuff is a PITA (VPN much more than SSL)but you have to remember that in a MITM attack, I don't see encrypted stuff, I see plaintext. Sadly for users, the fact that many people simply click "ok" at the first sign of an internet explorer or firefox popup window means that the only (flimsy) protection you have from "me" is just ignored.

As for the GMail thing, I don't actually get your password (unless I MITMd the start of your session, which is HTTPS) but your cookie - which is in many ways better than a password - I simply open up a browser and I am you, just like that. All the password rotation in the world can't protect you from that!

I am not the kind of person to actually put this into practice maliciously and I suppose I am more of a geek than most when it comes to things like this but honestly, it took me less than a day to get to grips with the requisite tools when I first came across them and they have got significantly easier to use since then! Some of the logic of how exactly to go about certain things is still a bit past me, I need to do more reading but any vaguely knowledgeable person with a laptop could teach themselves this in a week and scam hundreds of people.

If it wasn't too difficult/complicated/whatever to design, build and implement devices to scan cards as they are pushed into ATMs, what makes you think this is any less significant a threat?

Quote:

Originally Posted by divine`

I'm confused as to what this enables.

So basically, were I to take a laptop and connect somewhere and you were nearby with this software, you could see everything that was coming and going to my laptop?

In essence, yes. If its a public access point its even worse because they don't encrypt anything (so I wouldn't have to "identify" myself by joining the LAN). I don't particularly want to post a screenshot but I was mucking about before with my own WLAN and I noticed something was happening that shouldn't have been. Anyways, it turns out that someone around here is running a completely insecure (not even WEP) AP and I was able to see half of their traffic (obviously their wireless device didn't have the transmit power to get its packets to me, but if I moved closer I would be able to see all their traffic!

[LeperousDust]

But surely the cookie is useless unless you use is there and then? As you say you dont need to look at stuff in real time (in fact theres too much crap to do so surely? especially at a spot that is busy enough to warrant a decent attack). If you find something of interest from me later on how would having a cookie then (thats probably expired?) help? As you say some you pay at, and that makes sense, but i suppose i'm different i'd NEVER give out my CC over a public spot to pay for the access hence why i use t-mob I know for some stupid people out there (who are warned anyways) this is bad news, but for most half savy people surely this isn't a "big" problem, due to the vast amount of packets you'd have to be sniffing etc... I'm rambling now but i hope you get me?

[Dr. Z]

A GMail cookie is but one specific example of how wireless users are vulnerable, and yes that particular example has to be used pretty quickly. Others like people's bank details or credit card details are a lot more useful after the fact.

A lot of people put WAY too much trust in seing that padlock at the bottom of their screens. A savvy hacker could MITM the initial SSL login page and people would trust that whilst they pay for their access they are safe. Wrong! Even a FREE access point could be vulnerable to that - you bowl up, ARP poison the entire network and present users with a genuine-looking and secure portal page asking for payment for access. You wouldn't need anything spectacular to pull that off, in fact its INCREDIBLY easy to do!

We could be here forever talking about the numerous ways that you could exploit the inherent insecurity of wireless networks and that wasn't the point of this thread - it was to give a tip-of-the-iceberg look at just what is possible in the world of wireless.

99% of people with computers aren't like "us" - they are stupid general public with no idea, and thats what you have to bear in mind!