Re: [vox] Starbucks and 802.11b
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox] Starbucks and 802.11b
> On Thu, Feb 27, 2003 at 12:58:01PM -0800, error@lostinthenoise.net
> wrote:
>> And to top it off any jerk with dsniff will own the people that are
>> willing to pay that much for insecure wireless.
>
> Nope; they're not that stupid -- you have to authenticate over a
> SSL-encrypted website (which is cross-platform) first, and then only
> your data packets (authented via DHCPed IP and MAC, I'd assume) are
> allowed through until you log out.
I disagree.
They have you auth, but their service isn't secure, aim, pop, imap etc
look at these tools:
urlsnarf, msgsnarf, dsniff
Run them on any public network run by tmobile and then laugh.
It's so stupid, it's funny!
And then of course there is the fact that lots of people trust any
security cert that comes up.
So you can do a ssl mitm attack.
> If you don't log out (most people forget), then it would be pretty
> trivial to assume your MAC and IP.
It is trivial.
To top it off if your stack is faster than theirs is you can do certian
things with the same ip and mac while they are on.
Small stuff that won't send tons of rst flags.
I don't condone it but it's certianly easy to do.
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox
|
