Re: Wi-Fi: Essential Checklist
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Fri, 28 Nov 2008 21:16:56 -0800
On Fri, 28 Nov 2008 22:47:45 -0500, John Mason Jr
<notvalid@xxxxxxxxxxxxxxx> wrote:
In part of the article he states he doesn't believe that it is much of a
risk that his wireless will be abused
In a previous posting in this thread, I mentioned what happened when I
was running an open access point in my office. Local homeless in
campers would park outside my office making VoIP phone calls. Not a
problem, but this idiot told all his friends and my (shared) bandwidth
was soon swamped. I turned on encryption and that was the end of my
experiment in openness.
Baloney. I could have an adquately secured computah (personal
firewall) and still have problems. For example, sending un-encrypted
email and passwords (POP3, SMTP, FTP) that are sniffable via wireless
or an ethernet tap. The computer is secure, but the transport
mechanism is not.
I would consider fixing those type of problems part of making sure that
your computer is safe on a public network.
Part of that might be fixing the authors original statement. His
contention was (in my words) that if his computer was secure, then he
has nothing to worry about in a public unencrypted system. He's wrong
because of sniffing problems. Ask any user in a coffee shop if their
POP3, SMTP, and FTP passwords are encrypted or not. I've done this
and got the predictable blank looks. I know quite a few ISP's that
still use unencrypted passwords, with no provisions for SSL, TLS, or
VPN terminations.
Well, yeah. A laptop is nothing more than a small desktop with a
built in UPS (battery). Desktops, laptops, and PDA's should be
treated in the same way when dealing with security. Few are.
I agree
Something is wrong here. Nobody ever agrees with me. Are you sure?
I have 5 VPN clients on my Verizon XV6700 cell phone running Windoze
Mobile 5. All of them sorta work, with specific terminating servers.
None of them work with all the different VPN boxes and servers I have
to connect. I've given up and gone back to dragging my giant laptop
around. However, I was lusting after an Asus eeePC 900 today, and
just might buy one. Small is beautiful.
Incidentally, I have an impromptu hacking demonstration today. I shut
down the victims laptop (allegedly accidentally). When nobody's
looking, I shove in a USB dongle with a bootable Linux system
including various registry hacking utilities. I scripted one of them
to make a few key changes to the registry, and to extract a few
interesting keys. Most modern laptops will boot from USB, especially
if I hit F10(?) during the bootup to select the boot device. The rest
is trivial. Elapsed time is about 3 minutes, not including a 2nd
reboot. Perhaps the author would like to revise his position on
computer hardware security to include physical security?
I'm only a repairman. Imagine what a real hacker can do.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- Re: Wi-Fi: Essential Checklist
- From: John Mason Jr
- Re: Wi-Fi: Essential Checklist
- From: Sylvain Robitaille
- Re: Wi-Fi: Essential Checklist
- References:
- Wi-Fi: Essential Checklist
- From: John Navas
- Re: Wi-Fi: Essential Checklist
- From: John Mason Jr
- Re: Wi-Fi: Essential Checklist
- From: Jeff Liebermann
- Re: Wi-Fi: Essential Checklist
- From: John Mason Jr
- Re: Wi-Fi: Essential Checklist
- From: Jeff Liebermann
- Re: Wi-Fi: Essential Checklist
- From: John Mason Jr
- Wi-Fi: Essential Checklist
- Prev by Date: Re: Wi-Fi: Essential Checklist
- Next by Date: Re: Wi-Fi: Essential Checklist
- Previous by thread: Re: Wi-Fi: Essential Checklist
- Next by thread: Re: Wi-Fi: Essential Checklist
- Index(es):
Relevant Pages
|
