Full Disclosure mailing list archives
Re: Wireless ISPs
From: Maarten <fulldisc () ultratux org>
Date: Wed, 12 May 2004 00:18:37 +0200
On Tuesday 11 May 2004 20:33, D B wrote:
I'm not real sure how to post this, nor am I sure of the scope. I am still learning about computers.
I'm not sure this is the right list for you. But while we're here...
All transactions done via secure websites are secure, however the auto mailing feature to confirm orders sometimes contains sensitive data. When the customer is on a wireless connection, be it ISP or home LAN that data is broadcasted in the clear for anyone within range to eavesdrop. A wired internet connection
Who, in their right minds, will read their email anyhow over an unencrypted wireless link ? That's asking for trouble, ie. information-leakage. This doesn't just apply to sensitive CC / billing information, you know. It applies to your pop3 email password too, and to any and all email you wouldn't want in the open. Besides, do you actually surf exclusively to SSL-enabled websites ? Or do you consider normal surfing containing solely non-sensitive data ? Cause you may get a nasty surprise, then. Think about cookies, or even just surf-habits alone.
It is legal according to US law to eavesdrop on wireless connections. http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm The only solutions I can offer are one of two things. 1. Quit sending auto confirmations with sensitive data
'Do you want a blank receipt with that ?' ;)
2. Encrypt all wireless transmissions at least making someone who gains access to this data prosecutable.
Oh, to slap the eavesdropper with a DMCA lawsuit you can just ROT-13 all your mail. That law does not call for any high level of "encryption", however stupid that may sound. Funny things that, laws... ;)
Please direct all flames to /dev/null
Okay. Well then, on a more serious note: Either look into SSL encrypting your mail ( pop3s / imaps / ... ), or encrypt your entire wireless traffic, either by WEP (trivially crackable but may deter amateurs and / or people afraid of the DMCA) or a VPN (more or less uncrackable, depending on the setup) Maarten _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs Scott Taylor (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Jeff Workman (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs KUIJPERS Jimmy (May 12)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)