January 28th, 2005, 01:30 PM
Lan-party ? web access
After reading the thread Evil Twins... http://www.antionline.com/showthread...hreadid=265466 I started a reply but reconsidered and posted it here.
Originally posted here by zencoder
... Would you go check your email, do some online banking, and log in to several web site accounts if you were at a huge lan party? Then why do it when connected to a public access point? ...
I went to a convention within the past year ( not a tech convention ) which was geared for people in the field of “ Education”. On the floor were exhibits of all kinds pushing architectural services, engineering services, managerial services, professional services, construction and building materials , and yes, computer hardware, software, services, etc. ( you get the idea ).
Anyway, A couple of major computer vendors ( won't say the names ) sponsored free “cyber cafes “ for those attending the convention, some machines were hardwired, some were wireless, and they provided access points for attendees to utilize. ( see where this is going? )
I've attended many conventions, and this one for several years and kind-of-knew what to expect as I stood there with my fresh hot cup of coffee trying to shake off the night before. I watched in awe as one after the other logged on to the hard-wired machines, did their business, and left without so much as simply clearing the cache. ( the clicking on “ save password” though made me spit my coffee ).
Now I usually look forward to going to these things just to bust some balls of vendors ( like the vendor who was offering a service utilizing software I reviewed the year before, the same software that they said could not compete with their's at the time ... now swearing up and down that the new software was better, safer, and utilized SSL2 encryption ( it did, if they knew how to configure it ) on the web-based client-server. Just happened a friend of mine showed up that day, an IT guy, and BTW a client of that company, and we looked in amazement at the IE browser, connected “live” to their server, actively servicing clients, as he discussed migration to their new system; NO ENCRYPTION! )
Anyway, back to the story. What do you think my friend and I found at the end of the hall? A company selling software ( $3000+ US ) to sniff “ your” wireless network for rouge connections and APs. ( Really nice software, appeared to combine a lot of open source stuff into a neat, easy package. But it was a little too pricey for me )
What do you think we saw during a personal demonstration? All those wireless connections in the hall ( even from the Apple booth ) all captured for review, almost all unencrypted! ( the software in question can also determine what type of encryption is used, if any. No I don't recall off-hand the name of the company. )
And here's the kicker. Me being me casually talked to numerous people who came out of the cafes and they all felt that it didn't matter, they knew about security problems, but they had nothing anyone would want anyway. And besides, this a a professional gathering, they trust each other.
Dare I say what these people were doing on line? EVERYTHING!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
January 28th, 2005, 02:48 PM
Re: Lan-party ? web access
This is a common response from many end users, 'I don't have anything of value.' or 'I don't use online banking'. They don't understand zombie's, or DDOS, or any of the other reasons why skiddies and crackers love the generally clueless (L)users.
Originally posted here by IKnowNot
....they had nothing anyone would want anyway
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
January 28th, 2005, 09:03 PM
Yea, I hate the "but I have nothing of value response" ...it shows total ignorance.