Comments on: Wireless Networking - What others can see http://www.girlgeekette.net/internet-info/wireless-networking-what-others-can-see/ Where the Girl Ends and the Geekette Begins Thu, 04 Dec 2008 22:21:50 +0000 http://wordpress.org/?v=2.7-RC1-10026 hourly 1 By: geeza http://www.girlgeekette.net/internet-info/wireless-networking-what-others-can-see/comment-page-1/#comment-127 geeza Tue, 13 Dec 2005 07:35:12 +0000 http://www.girlgeekette.net/2005/09/02/wireless-networking-what-others-can-see/#comment-127 good sh*t dude good sh*t dude

]]> By: niko http://www.girlgeekette.net/internet-info/wireless-networking-what-others-can-see/comment-page-1/#comment-126 niko Tue, 13 Dec 2005 06:36:14 +0000 http://www.girlgeekette.net/2005/09/02/wireless-networking-what-others-can-see/#comment-126 mac filters still dont stop someone from being in adhoc scanning mode... you can still manage to 'pick up' the information even if it is wep encrypted.... similar to mobile phones... hell there are police scanners which can listen in to your conversation - look how widespread both items are. there has always been insufficient security to guard all forms of communication. but it is not all about obtaining the information. most times it is harder to plan when you have to be within range and at what time and place you have to be in to get the information that you want. everyone has stumbled across information of some kind that they werent meant to see. but what good is information in the end if you dont know how to use it! mac filters still dont stop someone from being in adhoc scanning mode… you can still manage to ‘pick up’ the information even if it is wep encrypted…. similar to mobile phones… hell there are police scanners which can listen in to your conversation - look how widespread both items are. there has always been insufficient security to guard all forms of communication. but it is not all about obtaining the information. most times it is harder to plan when you have to be within range and at what time and place you have to be in to get the information that you want. everyone has stumbled across information of some kind that they werent meant to see. but what good is information in the end if you dont know how to use it!

]]> By: mark http://www.girlgeekette.net/internet-info/wireless-networking-what-others-can-see/comment-page-1/#comment-125 mark Tue, 13 Dec 2005 01:30:54 +0000 http://www.girlgeekette.net/2005/09/02/wireless-networking-what-others-can-see/#comment-125 Yup, that's scary. At least have a mac filter on your router! Yup, that’s scary. At least have a mac filter on your router!

]]> By: PhantomCircuit http://www.girlgeekette.net/internet-info/wireless-networking-what-others-can-see/comment-page-1/#comment-124 PhantomCircuit Tue, 13 Dec 2005 00:08:08 +0000 http://www.girlgeekette.net/2005/09/02/wireless-networking-what-others-can-see/#comment-124 "All of the firewalls, anti-virus programs, and security features - such as the HTTPS - have not done John any good at all because he left his wireless connection unsecure between the laptop and the WAP before it even went on the internet." You would think that someone writting an article about wireless security would know that the HTTPS crt for a major website is going to be signed with a root cert. This makes it impossible for anyone to alter that data connection between the HTTPS server and the computer from which the HTTPS connection originated without changing the cert in the key exchange, and even if you did that the browser would tlel you that the cert was selfsigned and could be compromised (but then again who the hell reads those?). And they would need to do ARP spoofing to modify the traffic which is stopped by many firewalls (see zonealarm for example). Basically you could use HTTPS from the most insecure network ever (proxy anyone?) and you would still be guaranteed a secure connection so long as the computer you are operating from does nto become compromised and the root cert doesnt get in the wrong hands. “All of the firewalls, anti-virus programs, and security features - such as the HTTPS - have not done John any good at all because he left his wireless connection unsecure between the laptop and the WAP before it even went on the internet.”

You would think that someone writting an article about wireless security would know that the HTTPS crt for a major website is going to be signed with a root cert. This makes it impossible for anyone to alter that data connection between the HTTPS server and the computer from which the HTTPS connection originated without changing the cert in the key exchange, and even if you did that the browser would tlel you that the cert was selfsigned and could be compromised (but then again who the hell reads those?). And they would need to do ARP spoofing to modify the traffic which is stopped by many firewalls (see zonealarm for example).

Basically you could use HTTPS from the most insecure network ever (proxy anyone?) and you would still be guaranteed a secure connection so long as the computer you are operating from does nto become compromised and the root cert doesnt get in the wrong hands.

]]>