Full Disclosure mailing list archives

Re: Wireless ISPs

From: Maarten <fulldisc () ultratux org>
Date: Wed, 12 May 2004 00:18:37 +0200

On Tuesday 11 May 2004 20:33, D B wrote:

I'm not real sure how to post this, nor am I sure of
the scope. I am still learning about computers.


I'm not sure this is the right list for you. But while we're here...

All transactions done via secure websites are secure,
however the auto mailing feature to confirm orders
sometimes contains sensitive data. When the customer
is on a wireless connection, be it ISP or home LAN
that data is broadcasted in the clear for anyone
within range to eavesdrop. A wired internet connection


Who, in their right minds, will read their email anyhow over an unencrypted 
wireless link ?  That's asking for trouble, ie. information-leakage.

This doesn't just apply to sensitive CC / billing information, you know. It 
applies to your pop3 email password too, and to any and all email you 
wouldn't want in the open.  
Besides, do you actually surf exclusively to SSL-enabled websites ? Or do you 
consider normal surfing containing solely non-sensitive data ? Cause you may 
get a nasty surprise, then. Think about cookies, or even just surf-habits 
alone.

It is legal according to US law to eavesdrop on
wireless connections.

http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm

The only solutions I can offer are one of two things.

1. Quit sending auto confirmations with sensitive data


'Do you want a blank receipt with that ?'  ;)

2. Encrypt all wireless transmissions at least making
someone who gains access to this data prosecutable.


Oh, to slap the eavesdropper with a DMCA lawsuit you can just ROT-13 all your 
mail.  That law does not call for any high level of "encryption", however 
stupid that may sound.  Funny things that, laws...   ;)

Please direct all flames to /dev/null


Okay.
Well then, on a more serious note: Either look into SSL encrypting your mail 
( pop3s / imaps / ... ), or encrypt your entire wireless traffic, either by 
WEP (trivially crackable but may deter amateurs and / or people afraid of the 
DMCA) or a VPN (more or less uncrackable, depending on the setup) 

Maarten

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
  - Re: Wireless ISPs D B (May 11)
    - Re: Wireless ISPs Frank Knobbe (May 11)
    - Re: Wireless ISPs Scott Taylor (May 11)
    - Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs Maarten (May 11)
  - Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
  - Re: Wireless ISPs Sean Milheim (May 11)
    - Re: Wireless ISPs Jeff Workman (May 11)
    - Re: Wireless ISPs Maarten (May 11)
    - Re: Wireless ISPs Valdis . Kletnieks (May 11)
    - Re: Wireless ISPs Ron DuFresne (May 12)
    - Re: Wireless ISPs KUIJPERS Jimmy (May 12)
  - Re: Wireless ISPs Frank Knobbe (May 11)

(Thread continues...)