Security Basics mailing list archives
RE: How safe / unsafe is Free Open WiFi?
From: "Bilgehan TURAN" <bturan () fintek com tr>
Date: Wed, 12 Mar 2008 09:53:50 +0200
İt is also easy for home users. You need just a time for 40-bit wep, you need 250.000 packet. İf it is 108 bit you need 2.500.000 packet. İf you broadcast (beacon) by any means, it is half an hour away. Regards Bilgehan TURAN (CCNA, SCNA, SCSA) Uzman Bilgi Güvenliği ve Risk Yönetimi Eskişehir Yolu 4.Km. 2.Cad. No:63 C Blok Söğütözü 06520 ANKARA Tel : (312) 289 13 34 Fax : (312) 289 14 50 bturan () fintek com tr -----Original Message----- From: Nick Duda [mailto:nduda () VistaPrint com] Sent: Tuesday, March 11, 2008 4:49 PM To: 'Aaron Howell'; security-basics () securityfocus com Subject: RE: How safe / unsafe is Free Open WiFi? Not to go off topic too much, but my understanding is that WEP, while it can be cracked is still hard to crack for the average home based on the number of WEP packets that you need to capture in order to crack WEP. Cracking it on a corporate network with lots of WEP activity would be easier. Is this not the case anymore? I;m not defending WEP by anymeans, down with WEP! - Nick -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Aaron Howell Sent: Monday, March 10, 2008 11:39 PM To: security-basics () securityfocus com Subject: Re: How safe / unsafe is Free Open WiFi? PCSC Information Services wrote:
assets. The use of Free/Open WiFi networks is not inherently more risky than ANY use of the Internet.
I agree with almost everything you said, however, I respectfully disagree on this single point. Since I can sit across the cafe from you and quietly sniff all of your traffic with zero effort, I would say that using open wifi networks is more risky than, say, sitting in my office at home. Given that WEP is cracked in less than 30 seconds these days, even using WEP is pretty much worthless. The advantage (to a malicious individual) of an internet cafe, a hotel, an airport, etc, is that you aren't paying any attention to who is sitting across from you, and what they're doing. If someone is parked outside my house for 30 minutes, I'm going to wonder what is going on, if there's a dude sitting across from me in the coffee shop, I'm going to think he's drinking his coffee and surfing for porn... As in most situations, the best course of action is user education. If you explain to people that their traffic can be silently captured with little to no effort, they will be more likely to take steps to make sure that traffic can't be used, either by encrypting it, not checking their POP3 account while in a public place, etc.
appropriate safeguards. To suggest that a hard line is more secure than WiFi fails to account for compromise in the wired network. The same type of attacks that are available in a WiFi network are also available over a line.
Again, I agree with you in principle, however the barrier to entry in sniffing ANY wireless connection is lower than doing so for a wired connection. BEing able to sniff a wired connection assumes either a very broken network configuration, or compromise of some resource. Neither of these are true for wireless, as it is commonly deployed in these locations.
I have what is probably a rather basic question: Just how safe are free, or open, WiFi networks that you find in Internet cafes, Hotels, Airports, etc? My personal opinion is that there are very unsafe, but I do not have the technical expertise to explain to my colleages why they are unsafe. Can anyone provide a summary, or a link to an article that provides a summary, of why a laptop or PDA user should avoid using free and open WiFi networks?
Like I said above, most of what Sean says holds true. My advice to my friends, family, and clients: Don't do anything on an open network that you wouldn't want everyone else in the room (and for 100 yards around the building) to be able to see. Fire up a wireless protocol analyzer sometime at one of these places and be amazed (or not, depending on your level of cynicism) by the number of people checking email in plaintext. DEFCON has the wall of sheep, maybe we could implement something like this at internet cafes and hotels around the world... -- Aaron Howell nGenuity Information Services 509-396-2075 x6000 http://www.ngenuity-is.com
Attachment:
smime.p7s
Description:
Current thread:
- How safe / unsafe is Free Open WiFi? BlogPatrol.com (Mar 10)
- Re: How safe / unsafe is Free Open WiFi? PCSC Information Services (Mar 10)
- Re: How safe / unsafe is Free Open WiFi? Aaron Howell (Mar 11)
- RE: How safe / unsafe is Free Open WiFi? Nick Duda (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Ansgar -59cobalt- Wiechers (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Nicola Bressan (Mar 11)
- RE: How safe / unsafe is Free Open WiFi? Bilgehan TURAN (Mar 12)
- Re: How safe / unsafe is Free Open WiFi? Aaron Howell (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? PCSC Information Services (Mar 10)
- RE: How safe / unsafe is Free Open WiFi? Murda Mcloud (Mar 11)
- RE: How safe / unsafe is Free Open WiFi? Sandeep Romana (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Kim Zeitler (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Ali, Saqib (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Kim Zeitler (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Brent Huston (Mar 11)
- <Possible follow-ups>
- Re: How safe / unsafe is Free Open WiFi? amatachick (Mar 11)
- RE: How safe / unsafe is Free Open WiFi? Enquiries Globalart4u (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? PCSC Information Services (Mar 12)
- RE: How safe / unsafe is Free Open WiFi? Enquiries Globalart4u (Mar 11)
- Re: RE: How safe / unsafe is Free Open WiFi? amatachick (Mar 11)
- Re: How safe / unsafe is Free Open WiFi? Patoff (Mar 11)