Full Disclosure mailing list archives
Re: Wireless ISPs
From: Scott Taylor <security () 303underground com>
Date: Tue, 11 May 2004 16:46:32 -0600
On Tue, 2004-05-11 at 15:15, D B wrote:
--- Frank Knobbe <frank () knobbe us> wrote:On Tue, 2004-05-11 at 13:33, D B wrote:All transactions done via secure websites aresecure, No, they are not. It's just harder to intercept the data.The level of knowledge it takes to penetrate a SSL style transaction puts it beyond most peoples scope of abilities
The data in transit from SSL websites is rather secure. But that does nobody any good if its saved on an unpatched M$/SQL Server.
A wired internet connection limits the number of people who have access tothisdata simply by the nature of the internet puttingitwithin acceptable risk.Same can be said for wireless. (Except that the perimeter of the attack arena is defined by the wireless emissions instead of cable runs.)... look at the aspect of what points does one have to have access to gain the amount of data on a wired network in comparison to the same level on a wireless AP... unless you can spoof to the gateways IP / MAC or actually get access to the gateway it isnt possible, and on a switched network odds are if you spoof to that MAC / IP you will confuse the network enough to be noticeable a high gain antenna attached to a laptop / PDA and a wireless AP such as an internet provider would mount would give access in some cases up to 17 miles away with no trace ....without a high gain antenna im getting ranges of about a half a mile away ... plus spoofing to the gateways IP isnt noticeable to anyone unless they are watching that gateways logs complain about a duplicate IP /MAC ( yes i did try this on my own AP )
There are ways to eavesdrop on anything. People who sign up with large ISPs like to think they can get lost in the shuffle, without realizing there are techs and admins all across the country that can view data off sniffers located across their infrastructure. Plus theres the possibility that someone hacks a machine on a business/isp network and uses it as a remote password sniffer, etc. With wireless, many similar things can be accomplished without the need of expensive hardware or difficult hacks, and can be done from the comfort of a nice air conditioned car. But either way, once the data leaves your computer and goes across the air or even a landline network - its out of your hands and you must evaluate the risk and know that it exists. No method of transit is immune. But many simple steps can be taken to reduce the risk.
Maybe, INAL. But it is illegal to commit fraud with the data gathered by eavesdropping.and someone after credit card #'s is worried about legal ?Uhm... someone that accesses and uses the data is already prosecutable.point being it is preventable and not being done so ... or at least preventable to a level beyond the scope of running a program and watching the data flow netstumbler on windows is quite simple to run all I am after is raising the level of knowledge needed to access the data beyond that of an 8 year old with windows on a laptop running netstumbler and a wifi card do u not agree this would be prudent ? Dan Becker __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Scott Taylor - <security () 303underground com> scribline, n.: The blank area on the back of credit cards where one's signature goes. -- "Sniglets", Rich Hall & Friends _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs Scott Taylor (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Jeff Workman (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)