Full Disclosure mailing list archives

Re: Wireless ISPs

From: Frank Knobbe <frank () knobbe us>
Date: Tue, 11 May 2004 16:31:41 -0500

On Tue, 2004-05-11 at 16:15, D B wrote:

The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most peoples scope of
abilities


Agreed. But the blanket statement "secure [ssl implied] websites are
secure" is just not correct.

[...] and on a switched network odds are if you
spoof to that MAC  / IP you will confuse the network
enough to be noticeable


Depending on where on the inside, that may not be true. But I agree that
it is more noticeable. This is a good point to highlight as intrusion
detection capabilities in WiFi clouds are lower (dare I say much lower)
than in wired networks.

a high gain antenna attached to a laptop / PDA and a
wireless AP such as an internet provider would mount
would give access in some cases up to 17 miles away
with no trace


Point taken. It's probably easier to get away too :)

Maybe, INAL. But it is illegal to commit fraud with
the data gathered by
eavesdropping.


and someone after credit card #'s is worried about
legal ?


Sorry, you brought it up.

point being it is preventable and not being done so
... or at least preventable to a level beyond the
scope of running a program and watching the data flow


Oh, yeah, I agree whole heartedly. And I know what you are trying to do
(having read your response to Mr. Coffee), and I agree and support your
cause. But your statements that wired networks are secure is just not
correct. There is no absolute security. SSL web sites are not secure.
And the people you are trying to convince (wireless ISPs) may respond
with that as well. It's all a matter of what level of risk is accepted.

The difference here is that on wired networks, SSL and such are step to
improve security, not fool proof mind you. Wireless ISPs that do not
encrypt just don't do that, and should be held legally responsible for
negligence. Wireless ISP should encrypt the data just like wired ISPs
put locks and chains on their switching facilities. 

I'm with you. I just don't agree to some of the reasons you gave (or how
you worded them) to justify it. Call me a nit-pick :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
  - Re: Wireless ISPs D B (May 11)
    - Re: Wireless ISPs Frank Knobbe (May 11)
    - Re: Wireless ISPs Scott Taylor (May 11)
    - Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs Maarten (May 11)
  - Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
  - Re: Wireless ISPs Sean Milheim (May 11)
    - Re: Wireless ISPs Jeff Workman (May 11)
    - Re: Wireless ISPs Maarten (May 11)
    - Re: Wireless ISPs Valdis . Kletnieks (May 11)

(Thread continues...)