"Here's how session hijacking works. The hacker waits for someone to finish successfully the authentication process. Then you as the attacker send a disassociate message, forging it to make it look like it came from the AP [access point]. The client [user] thinks they have been kicked off, but the AP thinks the client is still out there. As long as WEP is not involved you can start using that connection up until the next time out, usually about 60 minutes.Remember you had a secure connection to your cooperate servers and your Linux box had all useless services uninstalled !
Looks like fiction but works really bad!!!! :-\
"If even LAN communication has its own security flaws, do we stop "networking"? Of course not. We need to be aware of the benefits of mobile clients communicating with one other and accessing enterprise data. We also must be aware of how data and communication could be compromised -- then we'll know how to lower the risks.
Just as the benefits of protocols like 802.1x make us want to use them, any weaknesses in those protocols should only provide an invitation to companies, startups, and developers to come up with better, more secure solutions. Clients, companies, the government, and individuals will certainly make a market for such solutions, especially with the exponential growth of mobile devices."
Is Uganda ready for this is the next question?
EOF
Ronny
Noah Sematimba wrote:
My post assumed that in the first place your machine is suitably secured against attacks which it should be in any case if you're running some unix variant. It is a simple matter of turning off all unneeded services.Noah. On Tuesday 14 June 2005 16:49, Ronny wrote:Well you have covered just part of the security ,your connection to the office .But forgotten that you are using a rogue device to access your office.By the way the bad guy might be interested with what you have on your machine than what you are accessing!Well there will be a VPN to the office but not to the neighbours rite ;-) .Am not good at VPN's but that what I think correct me if wrong Ronny Noah Sematimba wrote:Well no one in his right mind should be relying on his ISP to provide him with security. Setup some sort of VPN to your office or tunnel over ssh or whatever means. All UTL is doing is providing you with the road, not also fitting the security features in whetever car you're going to use on their road. Noah. On Tuesday 14 June 2005 15:51, Robert Lukwago Mukasa wrote:With secure I suppose they mean what encryption standards are being used to protect users of the hotspots from hackers/crackers/attacks. Well how will we know unless we try them out? rob@ On 6/14/05, Mark Tinka <[EMAIL PROTECTED]> wrote:On Tuesday 14 June 2005 14:35, Ronny wrote:First I apologies for editing your subject am good at that. :-) Talk of hotspots mushrooming up ihere in UG.How secure are they.How do you mean, secure? In cases like these, security could be a point of view. Mark.Should we rush to get plugged into the matrix ;-) .Otherwise am a wireless advocate.Congs UTL and did I hear Infocom ? Ronny Alright good topic Kiggundu Mukasa wrote:Talk about starting with a bang! Congrats to UTL Need to go to each one and see what the performance is like. Kiggs **************** ***************************** Kiggundu Mukasa # Computer Network Consultancy### KYM-NET LTD. # Intranets & Internet Solutions# Plot 80 Kanjokya Street P.O. Box 24284 Kampala, Uganda Tel: +256 77 972255 +256 71 221141 Fax: +256 31 262122 **************************************************** ************* ----------------------------------------------------- ------------------- _______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
-- *************************************************************************** / ''We can't become what we need to be by remaining what we are''\ \ ,, ,,/ ***************************************************************************
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
