On Wed, May 12, 2004 at 22:40:28 +0200,
Soderland, Craig [EMAIL PROTECTED] wrote:
Just to throw my .02 in here wasn't there a FCC ruling (for those of you in the US)
that stated that you as a private citizen have the right to receive any broadcast
radio signal.
If this is the case then
Dan,
Your reasoning is quite skewed. Yes wireless
ISP'ISP'sould have
encryption and most do. It is very poor accounting
and business
procedures to let evereveryouneyour network and use
it for free.
Unless
maybe you are thinking of a WAP WAPa coffee house.
However saying that wireless
Subject: Re: [Full-Disclosure] Wireless ISPs
Date: Tue, 11 May 2004 12:20:45 -0700 (PDT)
From: D B [EMAIL PROTECTED]
To: Brian Toovey [EMAIL PROTECTED]
CC: [EMAIL PROTECTED
Hi Brian and Dan,
Sit down sometime inside a wireless ISPs area and run
kismet. You can see someone connect to a service via
SSL, then immediately after they purchase something
they check the email. Guess what ? the Credit card #
and address are in that email.
Yeah...
There is 2 problems :
-
[SNIP]
all I am after is raising the level of knowledge
needed to access the data beyond that of an 8 year old
with windows on a laptop running netstumbler and a
wifi card
do u not agree this would be prudent ?
Wireless products, as is most often the case with new technology in
[SNIP}
Apparently the users don't care, so why should we?
to CYA. And if you provide the means and the info to users on how to use
something that is 'safer' more secure and they then do not follow the
advice and end up in a deep hole with a shovel tunneling deeper, you are
protected
On Tue, May 11, 2004 at 10:27:09PM -0700, D B wrote:
erm
merchant = https order from and there to a secure mail
serverand from there to the ISPs insecure ...oops
there goes all that SSL
Dan, as a couple of people (myself included) have pointed out, you're dealing with two
separate issues
On Wed, 12 May 2004 22:24:18 +0530, Aditya, ALD [Aditya Lalit Deshmukh] [EMAIL
PROTECTED] said:
if people knew just how to use them the world would have been a much safer place
already !
inst it ironic that the people cannot use the free tools also.
Not ironic, just sad.
If they weren't
PROTECTED]
Sent: Tuesday, May 11, 2004 6:05 PM
To: Maarten
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
On Wed, 12 May 2004 00:18:37 +0200, Maarten [EMAIL PROTECTED] said:
Who, in their right minds, will read their email anyhow over an unencrypted
wireless link ? That's asking
On Wed, 12 May 2004 10:13:35 PDT, Schmidt, Michael R. said:
How hard would it be to have a few companies start a secure Internet? All
access is by licensed know individuals. No more hacking, no more slacking. If
You know.. the Internet *did* start that way. When there were 4 IMPs and 6
11, 2004 4:32 PM
To: D B
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
On Tue, 2004-05-11 at 13:33, D B wrote:
All transactions done via secure websites are secure,
No, they are not. It's just harder to intercept the data.
A wired internet connection
limits
On the other side of things, I've recently encountered internet vendors
who're reassuring customers that they use HTTPS for online ordering. But
when I've ordered something from them they've e-mailed me asking for
proof of ownership of the card - they either want a fax, or for me to
e-mail a
Hi Brian
Sit down sometime inside a wireless ISPs area and run
kismet. You can see someone connect to a service via
SSL, then immediately after they purchase something
they check the email. Guess what ? the Credit card #
and address are in that email.
Doesn't take some 15 year veteran of the
Hi Mr Coffee
Im using this venue to influence several wireless ISPs
to use WEP
They claim the internet is insecure anyway so they
wont use it.
I do understand the implications but yes wireless is
totally legal to eavesdrop.
The bottom 6 channels run on HAM frequencies and that
is specifically
I agree with Brian. I feel that merchants sending information through
email is irresponsible and this is a customer service issue.
We have online ordering and do not send sensitive data via email. None
of the merchants that I have made online purchases with recently have
done this either.
at least we have that
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of D B
Sent: Tuesday, May 11, 2004 12:21 PM
To: Brian Toovey
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
Hi Brian
Sit down sometime inside a wireless ISPs area and run
On Tue, 2004-05-11 at 13:33, D B wrote:
All transactions done via secure websites are secure,
No, they are not. It's just harder to intercept the data.
A wired internet connection
limits the number of people who have access to this
data simply by the nature of the internet putting it
within
Hi Frank
Tis a multiple faceted thing
The one point it can be addresssed for everyone is at
the wireless AP, thus I would conclude it is their
responsibility.
Im reasonably sure a jury would follow suit,
especially when they find out raising the bar to limit
this would take entering a password
On Tue, 2004-05-11 at 16:15, D B wrote:
The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most peoples scope of
abilities
Agreed. But the blanket statement secure [ssl implied] websites are
secure is just not correct.
[...] and on a switched network odds are
--On Tuesday, May 11, 2004 1:26 PM -0700 Schmidt, Michael R.
[EMAIL PROTECTED] wrote:
In some states it is illegal to intercept any communication without both
parties knowledge. This is true of wired or wireless communications. Be
it a chat session or an online order process. In the state
--- Frank Knobbe [EMAIL PROTECTED] wrote:
On Tue, 2004-05-11 at 13:33, D B wrote:
All transactions done via secure websites are
secure,
No, they are not. It's just harder to intercept the
data.
The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most
WEP will not help you in this situation, since the same key will be
assigned to every client, making it virtually a protected hub.
What you need to do is to persuade your ISPis to implement per-session
key, possible solution WPA+Radius.
cheers,
kos
--
Respectfully,
Konstantin V. Gavrilenko
On Tue, 2004-05-11 at 14:20, D B wrote:
[...] Guess what ? the Credit card #
and address are in that email.
The ones I get have several in them. It's again a blanket statement
you make.
Besides, I think you're confusing web sites operators/developers with
{wired|wireless} ISPs.
Cheers,
--On Tuesday, May 11, 2004 4:16 PM -0400 Sean Milheim [EMAIL PROTECTED]
wrote:
However there is also pop3s and imaps.
I make pop3s and imaps available for email users as well as the unencrypted
versions. When I tell somebody how to setup their account I tell them that
they should use the
On Tuesday 11 May 2004 20:33, D B wrote:
I'm not real sure how to post this, nor am I sure of
the scope. I am still learning about computers.
I'm not sure this is the right list for you. But while we're here...
All transactions done via secure websites are secure,
however the auto mailing
On Tuesday 11 May 2004 21:20, D B wrote:
Hi Brian
Sit down sometime inside a wireless ISPs area and run
kismet. You can see someone connect to a service via
SSL, then immediately after they purchase something
they check the email. Guess what ? the Credit card #
and address are in that
On Tue, 2004-05-11 at 15:15, D B wrote:
--- Frank Knobbe [EMAIL PROTECTED] wrote:
On Tue, 2004-05-11 at 13:33, D B wrote:
All transactions done via secure websites are
secure,
No, they are not. It's just harder to intercept the
data.
The level of knowledge it takes to penetrate a
On Wednesday 12 May 2004 00:08, Jeff Workman wrote:
--On Tuesday, May 11, 2004 4:16 PM -0400 Sean Milheim [EMAIL PROTECTED]
wrote:
However there is also pop3s and imaps.
I make pop3s and imaps available for email users as well as the unencrypted
versions. When I tell somebody how to setup
On Tue, 11 May 2004 16:34:08 CDT, Frank Knobbe said:
Besides, I think you're confusing web sites operators/developers with
{wired|wireless} ISPs.
I think his point was that the *majority* of *users* will confuse the
two as well, and end up making poor decisions based on that.
Yes, it's pretty
Folks. WEP is POINTLESS for public access points. You have to share the
password. Let's see locally:
Coffee shop #1 has Telus hotspot (local telco), no WEP, SSL gateway
redirect, plug your CC in and buy access. Login through SSL encryped web
site to access. Not sure how access is enforced
Hi Brian
Sit down sometime inside a wireless ISPs area and run kismet.
You can see someone connect to a service via SSL, then
immediately after they purchase something they check the
email. Guess what ? the Credit card # and address are in that email.
Dan
If you're doing
Dan,
Your reasoning is quite skewed. Yes wireless ISP's should have
encryption and most do. It is very poor accounting and business
procedures to let everyoune on your network and use it for free. Unless
maybe you are thinking of a WAP at a coffee house.
However saying that wireless ISP's are
there is a russian saying:
If the party gets that mad, cranch the last gurkin
For a less paranoid of you, who still believe that wep is secure enough
solution. We maintain a complimentary site for our book on wireless
hacking, that has a categorised collection of tools for wireless
penetration
On Wed, 12 May 2004 00:18:37 +0200, Maarten [EMAIL PROTECTED] said:
Who, in their right minds, will read their email anyhow over an unencrypted
wireless link ? That's asking for trouble, ie. information-leakage.
The 99.98% of *real* *users* who are so clueless as to not *know* that it's a
Everyone is so busy trying to outgeek the other they
are missing the issue.
An 8 year old with a laptop who downloads netstumbler
could read peoples emails with no difficulty from an
ISP who offers no encryption ( god knows that 8 yr old
can kick my ass on a video game )
My main issue is
On Tue, 2004-05-11 at 17:01, amilabs wrote:
I have been researchign the wisp industry and I am planning to start one
also. I assure you that most use some form of authentiction and enctyption.
I would be very bad business to leave it open not only for hacking and dos,
but also for users
On Tue, 2004-05-11 at 20:50, Michael Gargiullo wrote:
If it's wireless... it's more then likely wide open. Do I run wireless
at home...yup... Am I too lazy to run WEP...yup. So I run my wireless
gear in the DMZ
Hmmm.
... and chalked my sidewalk.
So has everyone else, as I may have as
-Forwarded Message-
From: Maarten [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
Date: Wed, 12 May 2004 02:27:41 +0200
On Wednesday 12 May 2004 00:08, Jeff Workman wrote:
--On Tuesday, May 11, 2004 4:16 PM -0400 Sean Milheim [EMAIL PROTECTED
On May 11, 2004, at 17:24, Kurt Seifried wrote:
Folks. WEP is POINTLESS for public access points.
s/ for.*//
WEP/WPA/LEAP/802.1x and anything else which puts trust at the network
level are close[1] to snake-oil - even if they actually worked as
promised the only thing you get is a false sense
-Original Message-
From: D B [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 10:32 AM
To: Kurt Seifried
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
Everyone is so busy trying to outgeek the other they are
missing the issue.
An 8 year old
Of D B
Sent: Wednesday, May 12, 2004 3:47 AM
To: Mister Coffee
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Wireless ISPs
Hi Mr Coffee
Im using this venue to influence several wireless ISPs
to use WEP
They claim the internet is insecure anyway so they
wont use it.
I do understand
41 matches
Mail list logo