Re: [OT] Global Roaming data plans and WiFi hacking
Facebook recently enabled the to ability to Browse Facebook on a secure connection (https) whenever possible - http://blog.facebook.com/blog.php?post=486790652130 Yeah it took them a long while. And it definitely should be on https by default. Same applies to Twitter (which will work in https if you browse to it with the https url). That said, it also took Google a little while to roll out https as default for their gmail email service. I still remember when I first signed up for gmail and https was not enabled by default (it may/may not have been an option in those early days). Just found a blog post by Google about the change-over: http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html On 6 March 2011 18:10, David Connors da...@codify.com wrote: On 4 March 2011 16:59, Samuel Lai samuel@gmail.com wrote: Some hope that HTTPS will do to HTTP what SSH did to telnet. Digital certificate infrastructure is still a bit of a mess though. Not really. The main problem is people running online businesses/social media sites etc who think that $100 for a cert is a lot of money. Eg Facebook was just valued at $75bln. I think they can afford a few certs and a crypto accelerator on their load balancers - they don't do it because they're frickin retards. There is no other excuse. If you're going overseas and want secure access to stuff, get a VPS located at a place you trust and do it over RDP over SSL or VPN back into a trusted network and use that VPN connection as your default gateway. -- *David Connors* | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
Re: [OT] Global Roaming data plans and WiFi hacking
On Mon, Mar 7, 2011 at 12:50 PM, William Luu will@gmail.com wrote: Facebook recently enabled the to ability to Browse Facebook on a secure connection (https) whenever possible - http://blog.facebook.com/blog.php?post=486790652130 Yeah it took them a long while. And it definitely should be on https by default. Same applies to Twitter (which will work in https if you browse to it with the https url). That said, it also took Google a little while to roll out https as default for their gmail email service. I still remember when I first signed up for gmail and https was not enabled by default (it may/may not have been an option in those early days). Just found a blog post by Google about the change-over: http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html And it now has two factor authentication, which is worth turning on. On 6 March 2011 18:10, David Connors da...@codify.com wrote: On 4 March 2011 16:59, Samuel Lai samuel@gmail.com wrote: Some hope that HTTPS will do to HTTP what SSH did to telnet. Digital certificate infrastructure is still a bit of a mess though. Not really. The main problem is people running online businesses/social media sites etc who think that $100 for a cert is a lot of money. Eg Facebook was just valued at $75bln. I think they can afford a few certs and a crypto accelerator on their load balancers - they don't do it because they're frickin retards. There is no other excuse. If you're going overseas and want secure access to stuff, get a VPS located at a place you trust and do it over RDP over SSL or VPN back into a trusted network and use that VPN connection as your default gateway. -- David Connors | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact -- Meski Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough - Adam Hills
Re: [OT] Global Roaming data plans and WiFi hacking
On 7 March 2011 15:14, mike smith meski...@gmail.com wrote: On Mon, Mar 7, 2011 at 12:50 PM, William Luu will@gmail.com wrote: Just found a blog post by Google about the change-over: http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html And it now has two factor authentication, which is worth turning on. How?
Re: [OT] Global Roaming data plans and WiFi hacking
On 4 March 2011 16:59, Samuel Lai samuel@gmail.com wrote: Some hope that HTTPS will do to HTTP what SSH did to telnet. Digital certificate infrastructure is still a bit of a mess though. Not really. The main problem is people running online businesses/social media sites etc who think that $100 for a cert is a lot of money. Eg Facebook was just valued at $75bln. I think they can afford a few certs and a crypto accelerator on their load balancers - they don't do it because they're frickin retards. There is no other excuse. If you're going overseas and want secure access to stuff, get a VPS located at a place you trust and do it over RDP over SSL or VPN back into a trusted network and use that VPN connection as your default gateway. -- *David Connors* | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
Re: [OT] Global Roaming data plans and WiFi hacking
On Fri, Mar 4, 2011 at 11:36 AM, Dylan Tusler dylan.tus...@sunshinecoast.qld.gov.au wrote: Got a colleague who is travelling to UK, Greece and Turkey, and she wants to be able to do some internet stuff (banking, email etc) via mobile handset while on the move. Better to look for a data plan? Or rely on WiFi? How would you do it? Also, we have a co-worker that recently had her identity snatched via open WiFi in a cafe. Ended up losing her email account, and having her bank account compromised, partly because of lax password practices. How can you harden up against these kinds of things? google Firesheep. That's what's often used to hack, and looking at that gives suggested preventions. Cheers, Dylan Tusler Acting Data, Development Integration Manager ICTS Branch Sunshine Coast Council ph: +61 (0)7 5420 8002 [image: Sunshine Coast Council] http://www.sunshinecoast.qld.gov.au/ [image: Sunshine Coast Council is on Facebook]https://www.facebook.com/SunshineCoastCouncil __ __ To find out more about the Sunshine Coast Council, visit your local office at Caloundra, Maroochydore, Nambour or Tewantin or visit us online at www.sunshinecoast.qld.gov.au. http://www.sunshinecoast.qld.gov.au/ If correspondence includes personal information, please refer to Council's Privacy Policyhttp://www.sunshinecoast.qld.gov.au/sitePage.cfm?code=disclaimer This email and any attachments are confidential and only for the use of the addressee. If you have received this email in error you are requested to notify the sender by return email or contact council on 1300 00 7272 and are prohibited from forwarding, printing, copying or using it in anyway, in whole or part. Please note that some council staff utilise Blackberry devices, which results in information being transmitted overseas prior to delivery of any communication to the device. In sending an email to Council you are agreeing that the content of your email may be transmitted overseas. Any views expressed in this email are the author's, except where the email makes it clear otherwise. The unauthorised publication of an email and any attachments generated for the official functions of council is strictly prohibited. Please note that council is subject to the Right to Information Act 2009 (Qld) and Information Privacy Act 2009 (Qld). -- Meski Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough - Adam Hills
RE: [OT] Global Roaming data plans and WiFi hacking
Interesting. I had heard of Firesheep, but just looked at the details. How would you write an app that resists this kind of attack? Does an app that uses .NET Membership Provider have this kind of vulnerability (encrypted login, but unencrypted cookies.) Cheers, Dylan. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of mike smith Sent: Friday, 4 March 2011 10:42 AM To: ozDotNet Subject: Re: [OT] Global Roaming data plans and WiFi hacking On Fri, Mar 4, 2011 at 11:36 AM, Dylan Tusler dylan.tus...@sunshinecoast.qld.gov.aumailto:dylan.tus...@sunshinecoast.qld.gov.au wrote: Got a colleague who is travelling to UK, Greece and Turkey, and she wants to be able to do some internet stuff (banking, email etc) via mobile handset while on the move. Better to look for a data plan? Or rely on WiFi? How would you do it? Also, we have a co-worker that recently had her identity snatched via open WiFi in a cafe. Ended up losing her email account, and having her bank account compromised, partly because of lax password practices. How can you harden up against these kinds of things? google Firesheep. That's what's often used to hack, and looking at that gives suggested preventions. Cheers, Dylan Tusler Acting Data, Development Integration Manager ICTS Branch Sunshine Coast Council ph: +61 (0)7 5420 8002 http://www.sunshinecoast.qld.gov.au/ https://www.facebook.com/SunshineCoastCouncil __ __ To find out more about the Sunshine Coast Council, visit your local office at Caloundra, Maroochydore, Nambour or Tewantin or visit us online at www.sunshinecoast.qld.gov.au.http://www.sunshinecoast.qld.gov.au/ If correspondence includes personal information, please refer to Council's Privacy Policyhttp://www.sunshinecoast.qld.gov.au/sitePage.cfm?code=disclaimer This email and any attachments are confidential and only for the use of the addressee. If you have received this email in error you are requested to notify the sender by return email or contact council on 1300 00 7272 and are prohibited from forwarding, printing, copying or using it in anyway, in whole or part. Please note that some council staff utilise Blackberry devices, which results in information being transmitted overseas prior to delivery of any communication to the device. In sending an email to Council you are agreeing that the content of your email may be transmitted overseas. Any views expressed in this email are the author's, except where the email makes it clear otherwise. The unauthorised publication of an email and any attachments generated for the official functions of council is strictly prohibited. Please note that council is subject to the Right to Information Act 2009 (Qld) and Information Privacy Act 2009 (Qld). -- Meski Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough - Adam Hills - To find out more about the Sunshine Coast Regional Council, visit your local office at Caloundra, Maroochydore, Nambour or Tewantin or visit us online at www.sunshinecoast.qld.gov.au. If correspondence includes personal information, please refer to Council's Privacy Policy at http://www.sunshinecoast.qld.gov.au . This email and any attachments are confidential and only for the use of the addressee. If you have received this email in error you are requested to notify the sender by return email or contact council on 1300 00 7272 and are prohibited from forwarding, printing, copying or using it in anyway, in whole or part. Please note that some council staff utilise Blackberry devices, which results in information being transmitted overseas prior to delivery of any communication to the device. In sending an email to Council you are agreeing that the content of your email may be transmitted overseas. Any views expressed in this email are the author's, except where the email makes it clear otherwise. The unauthorised publication of an email and any attachments generated for the official functions of council is strictly prohibited. Please note that council is subject to the Right to Information Act 2009 (Qld) and Information Privacy Act 2009 (Qld).
Re: [OT] Global Roaming data plans and WiFi hacking
VPN seemed to be one way, so I guess an app that did a similar setup. On Fri, Mar 4, 2011 at 11:53 AM, Dylan Tusler dylan.tus...@sunshinecoast.qld.gov.au wrote: Interesting. I had heard of Firesheep, but just looked at the details. How would you write an app that resists this kind of attack? Does an app that uses .NET Membership Provider have this kind of vulnerability (encrypted login, but unencrypted cookies.) Cheers, Dylan. -- *From:* ozdotnet-boun...@ozdotnet.com [mailto: ozdotnet-boun...@ozdotnet.com] *On Behalf Of *mike smith *Sent:* Friday, 4 March 2011 10:42 AM *To:* ozDotNet *Subject:* Re: [OT] Global Roaming data plans and WiFi hacking On Fri, Mar 4, 2011 at 11:36 AM, Dylan Tusler dylan.tus...@sunshinecoast.qld.gov.au wrote: Got a colleague who is travelling to UK, Greece and Turkey, and she wants to be able to do some internet stuff (banking, email etc) via mobile handset while on the move. Better to look for a data plan? Or rely on WiFi? How would you do it? Also, we have a co-worker that recently had her identity snatched via open WiFi in a cafe. Ended up losing her email account, and having her bank account compromised, partly because of lax password practices. How can you harden up against these kinds of things? google Firesheep. That's what's often used to hack, and looking at that gives suggested preventions. Cheers, Dylan Tusler Acting Data, Development Integration Manager ICTS Branch Sunshine Coast Council ph: +61 (0)7 5420 8002 [image: Sunshine Coast Council] http://www.sunshinecoast.qld.gov.au/ [image: Sunshine Coast Council is on Facebook]https://www.facebook.com/SunshineCoastCouncil __ __ To find out more about the Sunshine Coast Council, visit your local office at Caloundra, Maroochydore, Nambour or Tewantin or visit us online at www.sunshinecoast.qld.gov.au. http://www.sunshinecoast.qld.gov.au/ If correspondence includes personal information, please refer to Council's Privacy Policyhttp://www.sunshinecoast.qld.gov.au/sitePage.cfm?code=disclaimer This email and any attachments are confidential and only for the use of the addressee. If you have received this email in error you are requested to notify the sender by return email or contact council on 1300 00 7272 and are prohibited from forwarding, printing, copying or using it in anyway, in whole or part. Please note that some council staff utilise Blackberry devices, which results in information being transmitted overseas prior to delivery of any communication to the device. In sending an email to Council you are agreeing that the content of your email may be transmitted overseas. Any views expressed in this email are the author's, except where the email makes it clear otherwise. The unauthorised publication of an email and any attachments generated for the official functions of council is strictly prohibited. Please note that council is subject to the Right to Information Act 2009 (Qld) and Information Privacy Act 2009 (Qld). -- Meski Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough - Adam Hills -- Meski Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough - Adam Hills