Full Disclosure mailing list archives
Re: Wireless ISPs
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 11 May 2004 16:31:41 -0500
On Tue, 2004-05-11 at 16:15, D B wrote:
The level of knowledge it takes to penetrate a SSL style transaction puts it beyond most peoples scope of abilities
Agreed. But the blanket statement "secure [ssl implied] websites are secure" is just not correct.
[...] and on a switched network odds are if you spoof to that MAC / IP you will confuse the network enough to be noticeable
Depending on where on the inside, that may not be true. But I agree that it is more noticeable. This is a good point to highlight as intrusion detection capabilities in WiFi clouds are lower (dare I say much lower) than in wired networks.
a high gain antenna attached to a laptop / PDA and a wireless AP such as an internet provider would mount would give access in some cases up to 17 miles away with no trace
Point taken. It's probably easier to get away too :)
Maybe, INAL. But it is illegal to commit fraud with the data gathered by eavesdropping.and someone after credit card #'s is worried about legal ?
Sorry, you brought it up.
point being it is preventable and not being done so ... or at least preventable to a level beyond the scope of running a program and watching the data flow
Oh, yeah, I agree whole heartedly. And I know what you are trying to do (having read your response to Mr. Coffee), and I agree and support your cause. But your statements that wired networks are secure is just not correct. There is no absolute security. SSL web sites are not secure. And the people you are trying to convince (wireless ISPs) may respond with that as well. It's all a matter of what level of risk is accepted. The difference here is that on wired networks, SSL and such are step to improve security, not fool proof mind you. Wireless ISPs that do not encrypt just don't do that, and should be held legally responsible for negligence. Wireless ISP should encrypt the data just like wired ISPs put locks and chains on their switching facilities. I'm with you. I just don't agree to some of the reasons you gave (or how you worded them) to justify it. Call me a nit-pick :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs Scott Taylor (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Jeff Workman (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)