Jump to content
IGNORED

it's not safe to use public wifi without a vpn

chaosmachine

By chaosmachine
in General Banter

Recommended Posts

  • Replies 107
  • Created
  • Last Reply
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

could one use this after cracking someone's wifi?

 

sure. or you could pwn everyone at the local starbucks. which is what's going to be happening all around the world, starting tomorrow, thanks to this release...

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

heard about vpn's for awhile now. i am fairly good with computers, but have no idea what that wiki is talking about. anybody have some starting points/advice for someone who isn't a computer engineer?

 

for the purposes of this thread, a vpn is basically just a way to secure your connection. like an encrypted proxy.

 

normally, when you're using wifi, your traffic goes like this:

 

your computer --> unencrypted connection --> facebook

 

because the connection is insecure, everyone on the network can see it (with the right tools), so everything you send to facebook can be seen, and anyone can grab your session information and log in as you.

 

with a vpn, it goes like this:

 

your computer --> encrypted connection --> your vpn server --> facebook

 

everyone can still see your connection, but the contents are encrypted, so they can't tell what you're doing, and they can't hijack your session.

Link to comment
Share on other sites
delet... Grand Master

delet...

Posted
Posted
The Fire Sheep is sure-footed; he is more courageous about following his intuitions and he will take the initiative in his work.

 

His creativity lies in his ability to dramatize rather than invent. He can highlight strong points and play down weaknesses. Even experimenting with vivid colors, he can still produce restful and pleasant compositions.

 

He would like to own a stately home if possible, because he is indulgent where his personal comforts are concerned and he likes to entertain lavishly. Consequently, he is likely to overextend himself financially and mismanage his own affairs.

 

Fire makes him very energetic and aggressive. He is outspoken when offended. He will exhibit an enticing personal grace but his emotionalism could, at times, defy logic.

 

When the Fire Sheep is negative, he is given to wistful thinking without realizing the benefits of his present situation. He reaches for the proverbial pie in the sky and will be sullen and spiteful when discouraged by reality.

Link to comment
Share on other sites
Guest Deep Fried Everything

Guest Deep Fried Everything

Posted
Posted

you know, i was beginning to wonder about this myself, ESPECIALLY when connecting to unsecure wifi networks via droid.

 

edit: lol

Link to comment
Share on other sites
oscillik Grand Master

oscillik

Posted
Posted

but this only applies to unsecured wi-fi right?

no, it would apply to any WiFi connection.

 

so, if you're paying a monthly fee for access to WiFi or something like that. or if your brother wanted to see what you were up to on your own home network.

 

as long as someone else has access to the same WiFi connection you're on, that same person could use this firefox extension to sniff your data. unless you're using VPN

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

but this only applies to unsecured wi-fi right?

 

no. if someone else is connected to the network (aka they know or found the key), you're still vulnerable.

 

edit: actually, it depends on how the wifi is secured:

 

Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported.
Link to comment
Share on other sites
Guest Babar

Guest Babar

Posted
Posted

Also firesheep just asked for my password. How do I know this isn't a clever bit of malware?

 

probably because it has to turn you wifi's card promiscuous mode on so that you can grab packets that are not destined to your computer (but i'm still wondering how it works as i've never been able to sniff wifi packets (=hub) without setting up a mitm).

But i doubt it would work at starbuck's : here, macdonalds offer free wifi in their restaurants, but you cannot communicate with someone else in the LAN. I don't know how it works, -the router could create a new virtual interface for each client or it could filter out packets that are destined from LAN to LAN.

But i suppose you could still intercept packets with WifiTap, a tool that allows injection of frames in a wifi connection without being authenticated and without needing that datas are redirected by the AP(router).

 

 

 

 

 

________________________,--------------b

________________________|_Access_point_|

________________________`---=----------'

_________________________,oOOb

_______________________,dOOOP____,,'''`-.___wifitap's_output

_____________________oOOOP'___,.'________\._looks_like_it_is_produced

__________________,oOOOP'___,'_____________\._by_the_AP.

________________,dOOOP____,'________________`.

______________oOOOP'____.'____________________\

___________,oOOOP'___/'________________________\

___________OOOP'___/'___________________________\

_____,''''''''''''''|__________________........OUT......

_____|_Poor_innocent|................IN|_____Hacker____|

_____|___victim_____|___wifitap_can____|_using_wifitap_|

_____'`''''''''''''''____catch_the______---------------'

______________________victim's_output

_____________________as_it_is_broadcast

 

 

 

___________

dOOOOOOOOOOO_:__authenticated_connection

_`"""""""""'

 

------------_:_unauthenticated_connection_(sniffed_or_injected)

 

 

 

 

this is just purely theoretical though, i've never used wifitap, but this is what it seems to do from what i can read.

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

doing some testing on my own network, i was able to capture sessions from my phone no problem. it's scary how easy this is now. i wouldn't be surprised to see this in the news soon. every 13 year old kid who's smart enough to run firefox will be using this... it's going to be bigger than netbus or sub7 was in the late 90s.

Link to comment
Share on other sites
Guest Scrambled Ears

Guest Scrambled Ears

Posted
Posted

is there anyway to protect oneself from this when on a VPN...not particularly privy to my roommates stealing all my best porn

Link to comment
Share on other sites
Guest Scrambled Ears

Guest Scrambled Ears

Posted
Posted

no. if someone else is connected to the network (aka they know or found the key), you're still vulnerable.

 

edit: actually, it depends on how the wifi is secured:

 

Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported.

 

dont know much about this but i thought the point of this post was that one is not safe from other users on a VPN or anyone who is able to decrypt your network key or maybe i am misunderstanding

Link to comment
Share on other sites
chaosmachine Grand Master

chaosmachine

Posted
  • Author
Posted

no. if someone else is connected to the network (aka they know or found the key), you're still vulnerable.

 

edit: actually, it depends on how the wifi is secured:

 

Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption is not yet supported.

 

dont know much about this but i thought the point of this post was that one is not safe from other users on a VPN or anyone who is able to decrypt your network key or maybe i am misunderstanding

 

you're not safe from other users on wifi. if you use a vpn when you're on wifi, you will be safe.

Link to comment
Share on other sites
kaini Grand Master

kaini

Posted
Posted

THIS IS!!!!! AWESOME!!!!!! :aphexsign:

 

 

No one share this anywhere else! Keep it as down low as possible hehe.

 

lol yeah. this is the internet.

it's on lifehacker today, haven't checked /. yet.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.