[EMAIL PROTECTED] wrote: ------------- > > YOUR CREDIT CARD NUMBERS ET AL ARE *NOT* AT ANY GREATER RISK DURING > WIRELESS TRANSIT THAN THEY ARE OVER WIRED CONNECTIONS OR EVEN IN YOUR > STATION WAGON. IN FACT, THE CASE CAN BE MADE TO SAY THEY'RE *MORE* > SECURE.
WRONG! wireless is a lot easier to tap than physical wiring, therefore it's far easier for someone to gain access to your online transaction and it's data. on a wired network, the intruder has to have physical access to your network or one of the machines the transaction goes through, or the internet backbone. Wireless also makes a "man in the middle" attack much simpler. and all of this can be done from anywhere within a block of you with good equipment. > SSL is a *secure* transit mechanism. It is an end-to-end encrypted > connection *BETWEEN YOUR BROWSER AND THE FINANCIAL eCOMMERCE SERVER*. > The SSL packets are then enclosed *within* (encapsulated) the > wireless' encryption mechanism -- IOW, it makes for *TWO* layers of > encryption! SSL is reasonably secure, but not nearly as good as many people think, and some implementations are flawed (it doesn't matter how good an encryption protocol is if it's implemented poorly). also, once the packets are captured, the cracker can let his machine take time to crack it, they don't need it in real time. It has also been demonstrated that a "timing" attack works against ssl, even with the many routers a packet goes through and the jitter in forwarding timing. > As for WEP... The original Wired Equivalent Privacy (WEP) encryption found in > 802.11 standards can be sniffed and decoded, with quite a bit of > effort. Depending on the amount of wireless traffic you produce, it > might require anywhere from an hour to days of sniffing to gather > enough data for the decrypt. But still, all that does is hand the > phreaker your SSL-encrypted packets -- which would still require > major supercomputers years to break! The new encryption mechanism, > WPA, corrects WEP's shortcommings, btw. It has now been demonstrated that the WEP encryption is implemented poorly, and that it can be cracked in 10-15 minutes, and this can be done passively (i.e. without sending any test packets which might attract attention, all you have to do is listen to the traffic for a while). I would strongly suggest checking out cryptogram.org. none of this is very hard to crack. ----------- Yes, mac people tend to be smarter, and hopefully many will be smart enough to stay away from wireless. going wireless means an intruder doesn't need physical access to any thing, all they need is an antenna etc. and a good computer and they can crack you to death if they want to, and they can do it without any visible signal from outside (i.e. they can have their antenna inside along with the computer, close the curtains and you have no idea someone is even trying). Fortunately, most people who know how to do these things don't need to rip you off, and there aren't too many tools for script kiddies. in any case, the crackers are so good that there is actually a surplus of stolen credit card numbers! people are selling huge list of stolen credit card info and there are so many that most never get used, the cracker simply has more credit card numbers than they can use! seriously, i recommend cryptogram. all of what i've said above has been documented in the cryptogram news letter sighting well done studies by serious computer people. it's not hype, it's reality. wireless is like writing on the back of a post card as opposed to putting a message inside an envelope. for some things, you probably don't care if someone can read the post card in transit, for other things you not only want an envelope but an envelope with printing inside so the letter can't be read without opening the envelope and leaving evidence of the privacy violation. -- MacNetwork is sponsored by <http://lowendmac.com/> and... XRouter Pro | Share your DSL or cable modem between multiple computers! Dr. Bott | Only $199 <http://www.drbott.com/prod/MIH130.html> Support Low End Mac <http://lowendmac.com/lists/support.html> MacNetwork list info: <http://lowendmac.com/lists/macnet.html> --> AOL users, remove "mailto:"; end list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/macnetwork%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
