lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: geggam692000 at yahoo.com (D B)
Subject: Wireless ISPs

Everyone is so busy trying to outgeek the other they
are missing the issue.

An 8 year old with a laptop who downloads netstumbler
could read peoples emails with no difficulty from an
ISP who offers no encryption ( god knows that 8 yr old
can kick my ass on a video game )

My main issue is preventing the casual observer from
stumbling in, similar to locks on a screen door.

Not really a security issue to be relied on but does
prevent casual entries.

Always hate debates with geeks unless they are close
enough to break their nose when they start trying to
outgeek the next.


Dan Becker

--- Kurt Seifried <listuser@...fried.org> wrote:
> Folks. WEP is POINTLESS for public access points.
> You have to share the
> password. Let's see locally:
> 
> Coffee shop #1 has Telus hotspot (local telco), no
> WEP, SSL gateway
> redirect, plug your CC in and buy access. Login
> through SSL encryped web
> site to access. Not sure how access is enforced
> (probably MAC address), I
> haven't bothered to test this yet.
> 
> Coffee shop #2 has homebrew, the SSID is the name of
> the place, the password
> is in a small duotang (labeled "do not remove from
> bar") and I'm guessing it
> never changes. You buy $5 (cdn) of whatever, you get
> to use the wireless
> inet (or wired, they provide several stations and a
> conference table).
> 
> Coffee shop #3 has homebrew, the SSID is posted on
> the wall upstairs, no
> password is required (i.e. no WEP).
> 
> Which is more secure? None of them really. The SSID
> is public. They either
> do not use WEP, or they use WEP and any attacker
> will trivially be able to
> find the WEP key (hint: buy a cup of coffee and
> ask).
> 
> The most secure option is likely the wired access at
> coffee shop #2.
> 
> Now a technical person can do something like SSH
> port forwarding and stuff
> all their email traffic and web browsing through a
> secure system on the
> outside. But someone like my mother is supposed to
> do what exactly? Have a
> colocated machine somewhere she can VPN off of, or
> SSH port forward?
> 
> Now ideally the coffee shop would provide security
> from your machine to
> their gateway, however:
> 
> WEP is useless. See above.
> VPN based solutions generally require client
> software (which isn't always
> possible, corporate laptops, etc.), and
> configuration and client account
> management. A PPTP or IPSec solution would result in
> a non trivial amount of
> help required for your average customer.
> Other wireless encryption protocols may solve this,
> WAP? Who knows.
> 
> Kurt Seifried, kurt@...fried.org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
> 
> 



	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ