Results 1 to 6 of 6

Thread: Wireless Hotspot Security

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Wireless Hotspot Security

    It seems that wireless network hotspots are all the rage. You can't go into a Starbuck's Coffee or a Borders Books without seeing people on their laptops and PDA's hammering away at their keyboards sending the latest chain-letter email on to all of their friends.

    You can go to sites such as Wi-Fi Free Spot or Wi-Fi Hotspot List and find sites based on location and / or provider.

    So- here is my question. For those who may have experience with one of these hotspots or even just a working knowledge of their security- can you tell me what you see as the security concerns when joining a public wireless network such as a TMobile or Boingo hotspot? Between TMobile, Boingo, Wayport and Verizon are you aware of anything that makes one inherently more or less secure than the rest?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    100
    Nice question, not to sure about security danger to oneself while using these "hotspots" but also wouldnt these hotspots be open to crackers to run there attacks from?

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I have had port scan actiivity while on wifi's and once pinged one back. Of course then I was targeted for a while, but nothing got thru my firewall.
    Most all of the activity, seemed to be someone scanning a range of IP's, and it seemed to happen anywhere I connected.
    Sorry, I haven't really paid attention to most of it, because I am completely stealthed and don't get any direct attacks.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    I know their are a lot of security concerns with traveling business people. They plug into a public hotspot and are connected on the same LAN as many others. If they're not smart about their actions while connected they could run the risk of disclosing important data. Also, since everyone is connected through one router, at least in smaller places like coffee shops, sniffing can be a problem. I know there are many other security issues but I don't know the details of them. I'm always interested in learning though.
    \"I have not failed. I\'ve just found 10,000 ways that won\'t work.\" - Albert Einstein

  5. #5
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    I've used a couple of them with my laptop. The one thing to always keep in mind is any shared folder in your computer, must have a password. As someone above me mentioned, the main downfall of these hotspots is the possibility to launch an attack from them. As for everyone else being in the same LAN as you, thats when the password comes in hand y .

    cheers,

  6. #6
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    I know a little about T-Mobile hotspots. I have been DoSed while on T-Mobile, but it didn't do anything, quite honestly I didn't notice until I checked my firewall logs. All T-Mobile connections (at least in my area) go through a gateway that appears to be a Sparc Station running Solaris, I imagine there is some sort of firewall in place.

    Moddefokker, yes there is a definite possibility of launching attacks from a hotspot. I doubt T-Mobile is much of a possibility due to the fact that it requires a logon to get through the gateway, but there are many other free hotspots, and of course wardriving will give you a whole buttload of open networks that could be used maliciously.


    EDIT: The main danger in my mind of wireless hotspots is the lack of encryption. It is so incredibly easy for someone to just run Ethereal. If you have a private logon, IE T-Mobile. It's up for grabs.
    Real security doesn't come with an installer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •