Re: NY Case Underscores Wi-Fi Privacy Dangers

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: NY Case Underscores Wi-Fi Privacy Dangers
On Mon, Apr 25, 2011 at 9:18 PM, keith smith <> wrote:

> Thought this might be interesting to some.
>
> Lying on his family room floor with assault weapons trained on him, shouts
> of "pedophile!" and "pornographer!" stinging like his fresh cuts and
> bruises, the Buffalo homeowner didn't need long to figure out the reason for
> the early morning wake-up call from a swarm of federal agents.
>
> http://abcnews.go.com/US/wireStory?id=13448808
>


OMG, yea howdy!

We are responsible for our networks!

Course, most of us can get into WEP and WPA/WPA2 trivially, so unless you
have a Radius Server (which most WiFi routers will happily work with)
running Enterprise WPA2, you are still "at risk" of network encroachment.

While WEP/WPA/WPA2 constitutes "reasonable protection", it does not protect
you. Anyone on a shared network owns you completely, with the ability to
use SSLStrip to even get your https logins and passwords.

BUT IS THIS CRIMINAL?

If so, most of the "adminstrator-less" Internet Startups running insecure
Websites are criminal?

Technical Security HowTo Proof of Concept References:

http://www.eastmobiles.com/index.php?option=com_content&view=article&catid=27:wi-fi&id=106:wpa2-key-hack-nvidia
http://blogs.pcmag.com/securitywatch/2010/07/spoofing_hack_against_wpa2_rev.php
http://www.youtube.com/watch?v=r9x2e32voZY
http://www.securitytube.net/video/193

>
> ------------------------
> Keith Smith
>




--
(503) 754-4452 iPhone
(623) 239-3392 Skype
(623) 688-3392 Google Voice

http://www.it-clowns.com

"It took me many years but I have gained access to the root account and have
removed the user God." -Saros
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss