DCSportbikes.net  
» Help Support .NET!
DCSportbikes Premier Membership for 25$ per year. Discounts! Click here for full information.

Now available in the .NET Shop:



Get your DCSBN Gear!
» Shoutbox
Sorry, only registered users have the ability to use our real-time shoutbox to chat with other members.

Register now, it's free!
» Online Users: 546
4 members and 542 guests
HenryW, Sal_the_man, TonUp, Triple X
Most users ever online was 4,519, September 2, 2015 at 03:26 AM.
Go Back   DCSportbikes.net > Non-Sportbike Forums > Non-Sportbike Chat

Reply
LinkBack Thread Tools
Ever Log onto Facebook/Twitter/Flickr etc over public Wifi like Starbucks or Panera?
Unread
  (#1)
Site Owner
 
ClemsonJeeper's Avatar
 
Posts: 12,971
Join Date: March 9, 2004
Location: CashBurn, VA
Ever Log onto Facebook/Twitter/Flickr etc over public Wifi like Starbucks or Panera? - October 26, 2010, 04:52 PM

You should think again about doing that.

Basically, to dumb it down for the non-computer literate masses, when you log into Facebook or Twitter, the authentication portion (your username/password) is encrypted. Good. But after that all it does is give your login a cookie and the rest of the session is un-encrypted.

So, basically, someone can wait for you to login and listen for traffic on the free wifi network, get your cookie, and then make a simple hack to trick facebook into thinking their computer is logged in as you. And do all sorts of fun stuff including reading mail, etc.

In fact, a software engineer went ahead and made a nice pretty little plug-in for Firefox that makes it as easy as loading the add-on, sitting in a starbucks, and then double clicking on peoples logins when they pop up.

Nasty!

Eric Butler - Software Developer in Seattle WA


(O|||||||O) and (0OO\(||||)(||||)/OO0)

Help support DCSportbikes.net! Become a Premier Member today!

Katie #135.



Nudist: If Ben isnt still riding me, then I need it
B: that sounds odd
  Facebook Page Send a message via AIM to Send a message via AIM to ClemsonJeeper  
Reply With Quote
Unread
  (#2)
Dr.'s say I'm the illest
 
The Patient's Avatar
 
Posts: 2,921
Join Date: August 22, 2010
Location: Under the umbrella next to the hottest chick
October 26, 2010, 05:14 PM

Damn CJ! Thats tight! Downloaded and testing this shit out right now!
  Send a message via AIM to  
Reply With Quote
Unread
  (#3)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,592
Join Date: August 25, 2008
Location: Washington, D.C.
October 26, 2010, 05:20 PM

Reason #20 why I don't use free networks to do things like check email, banking, private accounts.

You've got to be crazy to do any of that stuff over a free network.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527

  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#4)
Officially Addicted to Posting
 
JTG40cal's Avatar
 
Posts: 7,867
Join Date: August 10, 2006
Location: Oakton
October 26, 2010, 05:21 PM

If my wireless is "secured", how secure is it (relatively)? I was watching something on a show like Dateline or something and they were driving around neighborhoods scanning for open networks. They would then knock on the owners' doors to teach them about the dangers of using open networks. To drive their point home, before they went to the house, they took the liberty of logging into personal things like bank accounts, mortgage sites, online bill pay sites, etc.


I'm not a leg humper... but I'm super attracted to how fucking stupid she is! - wildjester

Castle: rob, potbelly, stat. i brought the bike, wanna ride 2 up??
ClemsonJeeper: omg i'm in now!
Castle: fvck, did i just put that in the sb?
  Send a message via AIM to  
Reply With Quote
Unread
  (#5)
GP Champ
 
Posts: 3,459
Join Date: December 29, 2002
Location: NYC UES
October 26, 2010, 05:26 PM

Quote:
Originally Posted by Heist View Post
Reason #20 why I don't use free networks to do things like check email, banking, private accounts.

You've got to be crazy to do any of that stuff over a free network.
I would think that weak security measures are used for stupid harmless stuff like Twitter and FB. What kind of damage can you really do with that? Send out some 'buy viagra' spam? Big wow. Just logout once you are done and your exposure is very limited.

And for things that actually matter, like online banking, I would think they use real security precautions and encrypt all traffic.
  Send a message via AIM to  
Reply With Quote
Unread
  (#6)
Your Ad Here
 
Heist's Avatar
 
Posts: 32,592
Join Date: August 25, 2008
Location: Washington, D.C.
October 26, 2010, 05:26 PM

People are ridiculously unaware about this kind of stuff.
There are about 3 networks in my area that aren't encrypted with anything. Maybe that weaksauce WPA stuff.
For shits and giggles, I typed http://192.168.2.1/ in my browser and surprised - I had immediate access to their router set-up utility page.

I could do anything I wanted at that point. Change settings. Register my laptop as authorized. Shut down and password protect their own router. All kinds of fun stuff.

So whenever I do anything that may be a little .... mmmm ... not above board on the net, guess what connections I use.



“Any man who tries to be good all the time is bound to come to ruin among the great number who are not good. Hence a Prince who wants to keep his authority must learn how not to be good, and use that knowledge, or refrain from using it, as necessity requires”.

- Nicolo Machiavelli 1469-1527


Last edited by Heist; October 26, 2010 at 05:32 PM..
  Facebook Page MySpace.com Page Send a message via AIM to  
Reply With Quote
Unread
  (#7)
GP Champ
 
Posts: 3,459
Join Date: December 29, 2002
Location: NYC UES
October 26, 2010, 05:31 PM

Also, this reminds me of a recent poker site scandal at Ultimate Bet/Absolute. Basically, very similar vulnerability.

Check it out...
  Send a message via AIM to  
Reply With Quote
Unread
  (#8)
GP Champ
 
Posts: 3,459
Join Date: December 29, 2002
Location: NYC UES
October 26, 2010, 05:35 PM

You know there are people who keep their networks open on purpose. When MPAA sues you for downloading Avatar or something, you can easily prove that you are not the only one using that IP and it is not your mac#... (not sure that they can even grab your mac number?)
  Send a message via AIM to  
Reply With Quote
Unread
  (#9)
Site Owner
 
ClemsonJeeper's Avatar
 
Posts: 12,971
Join Date: March 9, 2004
Location: CashBurn, VA
October 26, 2010, 05:55 PM

Yeah, if your bank isn't using SSL for the entire session you need a new bank.

The reason FB/Twitter/etc don't use SSL for the entire session is because it probably takes 3-4x the overhead to service requests over SSL if not more. The amount of dedicated hardware they'd need to encrypt everything would be astronomical.


(O|||||||O) and (0OO\(||||)(||||)/OO0)

Help support DCSportbikes.net! Become a Premier Member today!

Katie #135.



Nudist: If Ben isnt still riding me, then I need it
B: that sounds odd
  Facebook Page Send a message via AIM to Send a message via AIM to ClemsonJeeper  
Reply With Quote
Unread
  (#10)
Site Owner
 
ClemsonJeeper's Avatar
 
Posts: 12,971
Join Date: March 9, 2004
Location: CashBurn, VA
October 26, 2010, 05:57 PM

Quote:
Originally Posted by JTG40cal View Post
If my wireless is "secured", how secure is it (relatively)? I was watching something on a show like Dateline or something and they were driving around neighborhoods scanning for open networks. They would then knock on the owners' doors to teach them about the dangers of using open networks. To drive their point home, before they went to the house, they took the liberty of logging into personal things like bank accounts, mortgage sites, online bill pay sites, etc.
If you secure using WEP you might as well not even secure. Most wireless access points these days don't even let you use WEP (its outdated and insecure).

If you are using WPA2 you are good.


(O|||||||O) and (0OO\(||||)(||||)/OO0)

Help support DCSportbikes.net! Become a Premier Member today!

Katie #135.



Nudist: If Ben isnt still riding me, then I need it
B: that sounds odd
  Facebook Page Send a message via AIM to Send a message via AIM to ClemsonJeeper  
Reply With Quote
Unread
  (#11)
TPG og
 
b00st's Avatar
 
Posts: 8,576
Join Date: October 9, 2008
Location: Hanover, PA
October 26, 2010, 06:00 PM

When we went to Bike Week this past May, someone setup some shit in the hotel. My laptop connected automatically, next thing I know my Gmail was sending viagra and shit to EVERYONE in my entire gmail, including old ass emails that were in the sent folder. Sucked.
  Send a message via AIM to Send a message via AIM to b00st  
Reply With Quote
Unread
  (#12)
Traction Control
 
Tecknojoe's Avatar
 
Posts: 6,969
Join Date: May 6, 2009
Location: The hell out of VA
October 26, 2010, 06:05 PM



so THAT's why all the dumb girls that i'm friends with on FB have their accounts hacked. I was wondering how they got stoled


KTM RC8R
KTM RC390 race
Yamaha R6 race
Honda CRF50 mini
  Send a message via AIM to Send a message via AIM to Tecknojoe  
Reply With Quote
Unread
  (#13)
Owner & Creator
 
Carnage's Avatar
 
Posts: 16,418
Join Date: June 11, 2003
Location: TROLL WORLD
October 26, 2010, 06:34 PM

Works on Mac but I cna't get it to work on Windows.

having problem:
firesheep.capture_interface = no value on mac it shows en1
  Send a message via AIM to  
Reply With Quote
Unread
  (#14)
TPG og
 
b00st's Avatar
 
Posts: 8,576
Join Date: October 9, 2008
Location: Hanover, PA
October 26, 2010, 06:41 PM

Aircrack and Netstumblr ftw.
  Send a message via AIM to Send a message via AIM to b00st  
Reply With Quote
Unread
  (#15)
AMA Superbike Champ
 
Posts: 781
Join Date: July 1, 2009
Location: maryland
October 26, 2010, 06:51 PM

yea I wouldn't use public wifi without a VPN
  Send a message via AIM to  
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Powered by vBadvanced CMPS v3.2.3


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
vBulletin Skin developed by: vBStyles.com
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2002-2010 by DCSportbikes.net. DCSportbikes.net is owned by End of Time Studios, LLC.