lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040511211554.1097.qmail@web60608.mail.yahoo.com>
From: geggam692000 at yahoo.com (D B)
Subject: Wireless ISPs

--- Frank Knobbe <frank@...bbe.us> wrote:
> On Tue, 2004-05-11 at 13:33, D B wrote:
> > All transactions done via secure websites are
> secure,
> 
> No, they are not. It's just harder to intercept the
> data.

The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most peoples scope of
abilities
> 
> > A wired internet connection
> > limits the number of people who have access to
> this
> > data simply by the nature of the internet putting
> it
> > within acceptable risk.
> 
> Same can be said for wireless. (Except that the
> perimeter of the attack
> arena is defined by the wireless emissions instead
> of cable runs.)

... look at the aspect of what points does one have to
have access to gain the amount of data on a wired
network in comparison to the same level on a wireless
AP... unless you can spoof to the gateways IP  / MAC
or actually get access to the gateway it isnt
possible, and on a switched network odds are if you
spoof to that MAC  / IP you will confuse the network
enough to be noticeable

a high gain antenna attached to a laptop / PDA and a
wireless AP such as an internet provider would mount
would give access in some cases up to 17 miles away
with no trace ....without a high gain antenna im
getting ranges of about a half a  mile away ... plus
spoofing to the gateways IP isnt noticeable to anyone
unless they are watching that gateways logs complain
about a duplicate IP /MAC ( yes i did try this on my
own AP )


> 
> Maybe, INAL. But it is illegal to commit fraud with
> the data gathered by
> eavesdropping.
>

and someone after credit card #'s is worried about
legal ?

 
> 
> Uhm... someone that accesses and uses the data is
> already prosecutable.

point being it is preventable and not being done so
... or at least preventable to a level beyond the
scope of running a program and watching the data flow

netstumbler on windows is quite simple to run


all I am after is raising the level of knowledge
needed to access the data beyond that of an 8 year old
with windows on a laptop running netstumbler and a
wifi card

do u not agree this would be prudent ?


Dan Becker




	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ