Wireless hacking.

Gman1 · 02-11-2010 12:13am #1

It has come to attention of some people to sniff out wireless packets and get into peoples online accounts for a variety of different websites.
Eg: Facebook, gmail, etc.

This has been around for a while, but a new program has made it easier so anyone can do it.

If you use DCU wireless on your laptop.
Download and install this add on for firefox browser.

HTTPS Everywhere.
https://addons.mozilla.org/en-US/firefox/addon/229918/

Follow through to the official webpage and download from there.

Pygmalion · 02-11-2010 1:24am

This is a good step, but it's worth noting that not all websites support HTTPS.
Facebook and Gmail do, thankfully (but it's pretty hard/impossible to make Facebook use it by default without an extension like this), but it won't protect you for websites that don't allow it.

Attol · 02-11-2010 1:21pm

I'd urge everyone to protect themselves against this as soon as possible. This has happened to a few people in one of my labs today.

andrew163 · 02-11-2010 2:38pm

I've got a much better solution. Just stop assuming things are secure by default. Anything you do over unencrypted wireless networks (and most encrypted ones) should be thought of as giving everyone access to everything you look at/log in to, unless you have good reason to think otherwise (like, you're tunneling over SSH to a trusted endpoint, or you're connected to a properly set up VPN).

There is a particular tool out now that's making it far easier for people to carry out these attacks, but honestly, it wasn't that hard an attack to begin with. Anyone with Wireshark could have pulled the same thing off with a trivial amount of effort. (For those who didn't do computers, Wireshark is a well known program for watching what's happening on a network, used mainly for diagnosing various types of problems. It's part of the CA course, so everyone who did CA knows how to use it).

02-11-2010 5:12pm

I tunnel all browsing traffic over SSH. It's a pretty simple solution. RedBrick members have a number of machines to choose from and you should be able to do it via camac too (I think).

Gman1 · 02-11-2010 7:29pm

andrew163 wrote: »

I've got a much better solution. Just stop assuming things are secure by default. Anything you do over unencrypted wireless networks (and most encrypted ones) should be thought of as giving everyone access to everything you look at/log in to, unless you have good reason to think otherwise (like, you're tunneling over SSH to a trusted endpoint, or you're connected to a properly set up VPN).

There is a particular tool out now that's making it far easier for people to carry out these attacks, but honestly, it wasn't that hard an attack to begin with. Anyone with Wireshark could have pulled the same thing off with a trivial amount of effort. (For those who didn't do computers, Wireshark is a well known program for watching what's happening on a network, used mainly for diagnosing various types of problems. It's part of the CA course, so everyone who did CA knows how to use it).

I was just warning people that are less techy about the problem.
Obviously there has always been security issues with wireless.

andrew163 · 02-11-2010 8:19pm

I know, and I wasn't having a go at you or anything. It is important though that people (techy and non-techy alike) learn to stop trusting things like college wireless as much as they do.

It's not very different from having a guy called "Internet" standing in the corner, and shouting your login details at him across a crowded room :pac:

Gman1 · 03-11-2010 12:03am

andrew163 wrote: »

It's not very different from having a guy called "Internet" standing in the corner, and shouting your login details at him across a crowded room :pac:

Haha.. thats true. and would be hilarious to see

lil_cain · 03-11-2010 10:43am

andrew163 wrote: »

I've got a much better solution. Just stop assuming things are secure by default. Anything you do over unencrypted wireless networks (and most encrypted ones) should be thought of as giving everyone access to everything you look at/log in to, unless you have good reason to think otherwise (like, you're tunneling over SSH to a trusted endpoint, or you're connected to a properly set up VPN).

There is a particular tool out now that's making it far easier for people to carry out these attacks, but honestly, it wasn't that hard an attack to begin with. Anyone with Wireshark could have pulled the same thing off with a trivial amount of effort. (For those who didn't do computers, Wireshark is a well known program for watching what's happening on a network, used mainly for diagnosing various types of problems. It's part of the CA course, so everyone who did CA knows how to use it).

Any wired network other people can plug into is vulnerable as well. 30 seconds with ettercap and it'll present exactly the same vulnerabilities.

Wireless hacking.

Comments