[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1084311101.478.172.camel@localhost>
From: frank at knobbe.us (Frank Knobbe)
Subject: Wireless ISPs
On Tue, 2004-05-11 at 16:15, D B wrote:
> The level of knowledge it takes to penetrate a SSL
> style transaction puts it beyond most peoples scope of
> abilities
Agreed. But the blanket statement "secure [ssl implied] websites are
secure" is just not correct.
> [...] and on a switched network odds are if you
> spoof to that MAC / IP you will confuse the network
> enough to be noticeable
Depending on where on the inside, that may not be true. But I agree that
it is more noticeable. This is a good point to highlight as intrusion
detection capabilities in WiFi clouds are lower (dare I say much lower)
than in wired networks.
> a high gain antenna attached to a laptop / PDA and a
> wireless AP such as an internet provider would mount
> would give access in some cases up to 17 miles away
> with no trace
Point taken. It's probably easier to get away too :)
> > Maybe, INAL. But it is illegal to commit fraud with
> > the data gathered by
> > eavesdropping.
>
> and someone after credit card #'s is worried about
> legal ?
Sorry, you brought it up.
> point being it is preventable and not being done so
> ... or at least preventable to a level beyond the
> scope of running a program and watching the data flow
Oh, yeah, I agree whole heartedly. And I know what you are trying to do
(having read your response to Mr. Coffee), and I agree and support your
cause. But your statements that wired networks are secure is just not
correct. There is no absolute security. SSL web sites are not secure.
And the people you are trying to convince (wireless ISPs) may respond
with that as well. It's all a matter of what level of risk is accepted.
The difference here is that on wired networks, SSL and such are step to
improve security, not fool proof mind you. Wireless ISPs that do not
encrypt just don't do that, and should be held legally responsible for
negligence. Wireless ISP should encrypt the data just like wired ISPs
put locks and chains on their switching facilities.
I'm with you. I just don't agree to some of the reasons you gave (or how
you worded them) to justify it. Call me a nit-pick :)
Cheers,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040511/b1ceedae/attachment.bin
Powered by blists - more mailing lists