[OT] Re: firewall package for laptop wi-fi client
On the 04/01/2011 12:19, Andrei Popescu wrote:
> On Lu, 03 ian 11, 12:28:25, tv.debian@googlemail.com wrote:
>>
>> I wouldn't do my internet banking/shopping over such a network though...
>
> Would you care to explain why you find an open wireless to be more
> dangerous than your regular internet connection?
>
> Regards,
> Andrei
[paranoid penguin mode on]
Hi, I wasn't thinking only about session hijacking, cookies grabbing or
various phishing and spoofing which are just too easy to perform on an
open network, tools like "firesheep"[1] and ready made exploit kits make
it available to the mass now. I am wondering how many social websites
accounts have been cracked thanks to this, many teenagers consider it a
game, they don't really understand the legal implications so they are
not inhibited. I saw a case of middle school student faking an access
point with a laptop on an open school network, it's easy to find video
step-by-step tutorials to do all kind of nasty things, I can only
imagine what a seasoned black hat can do.
My other concern would be the environment in which such networks exist :
coffee shops, train stations, hotels lobby, school hall... It opens an
exiting array of old school techniques from simply eavesdropping
passwords, using phone or laptop cameras to record typing, grab a
picture of a credit card. This techniques are not specific to open
networks, but add those data to what you can collect over an open
network and it gets really mouth watering for a pirate I guess.
I know Bruce Schneier wrote a nice piece advocating open wifi hotspots,
but I wouldn't use it for anything else than checking the news, and
certainly not for something involving password typing. Off course if you
leave in the middle of a desert and run an open network, I guess it's fine.
[1] http://threatscape.com/Advisory_04_Nov_2010__Firesheep.html
[2] http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html
[/paranoid penguin mode]
Reply to: