On the 04/01/2011 12:19, Andrei Popescu wrote: > On Lu, 03 ian 11, 12:28:25, tv.deb...@googlemail.com wrote: >> >> I wouldn't do my internet banking/shopping over such a network though... > > Would you care to explain why you find an open wireless to be more > dangerous than your regular internet connection? > > Regards, > Andrei
[paranoid penguin mode on] Hi, I wasn't thinking only about session hijacking, cookies grabbing or various phishing and spoofing which are just too easy to perform on an open network, tools like "firesheep"[1] and ready made exploit kits make it available to the mass now. I am wondering how many social websites accounts have been cracked thanks to this, many teenagers consider it a game, they don't really understand the legal implications so they are not inhibited. I saw a case of middle school student faking an access point with a laptop on an open school network, it's easy to find video step-by-step tutorials to do all kind of nasty things, I can only imagine what a seasoned black hat can do. My other concern would be the environment in which such networks exist : coffee shops, train stations, hotels lobby, school hall... It opens an exiting array of old school techniques from simply eavesdropping passwords, using phone or laptop cameras to record typing, grab a picture of a credit card. This techniques are not specific to open networks, but add those data to what you can collect over an open network and it gets really mouth watering for a pirate I guess. I know Bruce Schneier wrote a nice piece advocating open wifi hotspots, but I wouldn't use it for anything else than checking the news, and certainly not for something involving password typing. Off course if you leave in the middle of a desert and run an open network, I guess it's fine. [1] http://threatscape.com/Advisory_04_Nov_2010__Firesheep.html [2] http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html [/paranoid penguin mode] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d2322c9.5090...@googlemail.com
