John Moser wrote: > Mostly, a lot of things are supported and work just fine. We live in > a decent enough world, usually you're not really a target for anything > bad, and we can ignore all the hype about most stuff because hey, it's > just unlikely. > > ... > > I call BS.
I call double BS :-) > > If I wanted to get into your bank account, I would probably... hmm. Let's > see. Not get there. > > First I'd grab BackTrack or nUbuntu. Then I'd snoop your wifi, > picking up your hidden network from the headers of some authentication > packets, and use aircrack-ptw to pull your WEP key in about 30 seconds You don't even have to try that hard - my wifi's wide open. > (if I want to be stealthy, I'll camp and pick up your key from your > P2P traffic). Now I can use that key in a specially modified version > of Ethereal or tcpdump to snoop your activity, pick up your gmail > cookie, and read your e-mail. Unless I seriously misunderstand TLS, you won't get my email that way. > I can authenticate with your wifi or > spoof your IP and mac now, use the WEP key to get on your network, use > your gmail cookie to log in as you, and read your message about your > online password. Which (a) I don't keep, and (b) none of my financial institutions emailed to me. Come on now, while I have some responsibility for my own security, _nobody_ should be doing business with banks that email them their passwords. > I'm sure a bunch of people reading this are going to say, "We don't > want to do that. Those tools should be complicated, so that only > really really REALLY intent bad guys can use them; normal badguys > don't bother and it keeps us secure." Open your mouths, say it, you > know you want to. Actually, I don't want to. I just understand that wifi security is as much an oxymoron as military intelligence, and look for my security elsewhere. > (yeah guess what? Those idiots aren't your threats, they have > no interest in you anyway). I disagree - "those idiots" are the only threat to most of us. The script kiddies are a very real threat simply _because_ they'll target you at random. Those of us who have something worth stealing - by somebody who wants to invest the time - are not going to be made secure by methods this simple. -- derek -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
