>From today's New Mexican:
Jane's adds wireless Internet access Jane's Coffee Shop has added free "Wi-Fi" wireless high-speed Internet access. Customers with PCs that have wireless communication ports will now be able to surf the Internet and check e-mail at this three-room caf?, set in a historic adobe house on East DeVargas Street, just behind the Chapel of San Miguel. To connect, PC users can search for Jane's network, provided by Comcast, via their computer's "find" function. The service will also work outside on Jane's shaded front patio. In addition, the caf? plans to add a rent-by-the-hour public computer with Web access this fall. Jane's owner, Jane Mitchell, said she was so impressed with public Wi-Fi when she used it to make travel arrangements and to e-mail friends on a recent trip to London that she decided to offer it at her caf?. Jane's is open weekdays from 7 a.m. to 6 p.m. and Saturdays and Sundays from 7:30 a.m. to 6 p.m. |
Stephen Guerin wrote:
>>From today's New Mexican: > > Jane's adds wireless Internet access Now us bad guys just wait for folks to use Jane's (or Starbucks or ....) and we can snag your login credentials to your primary wireless network. Recently, on the Full-Disclosure list, a participant suggested an attack that combines social engineering and wireless hijacking. MS Windows computers (and possibly Macs, although I haven't checked) maintain a list of acceptable wireless access points. If one has wireless at work, then that network's security credentials will be installed on one's system for seamless access while at work. An attacker can find out the challenge protocol of the work network by simply war-driving past and failing to authenticate. If the attacker then takes that information and sets up a wireless access point at a wireless cafe frequented by folks from that business, those folks' computers will log in to the apparent business network in preference to the wireless AP of the cafe. The fake AP then cuts off the connection, letting the computer fall back to the cafe AP. Afterward, the attacker uses the credentials to gain access to the business network. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
RedfishGroup's Wireless Network Access
Username/Password none/none Please WAR-park in our lot and we'll bring you out some coffee :-) ____________________________________________________ http://www.redfish.com [hidden email] 624 Agua Fria Street office: (505)995-0206 Santa Fe, NM 87501 mobile: (505)577-5828 > -----Original Message----- > From: rcparks [mailto:[hidden email]] > Sent: Wednesday, June 02, 2004 12:49 PM > To: The Friday Morning Applied Complexity Coffee Group > Subject: Re: [FRIAM] Jane's Cafe adds wireless Internet access > > > Stephen Guerin wrote: > >>From today's New Mexican: > > > > Jane's adds wireless Internet access > > Now us bad guys just wait for folks to use Jane's (or Starbucks or > ....) and we can snag your login credentials to your primary wireless > network. > > Recently, on the Full-Disclosure list, a participant suggested an > attack that combines social engineering and wireless hijacking. MS > Windows computers (and possibly Macs, although I haven't checked) > maintain a list of acceptable wireless access points. If one has > wireless at work, then that network's security credentials will be > installed on one's system for seamless access while at work. An > attacker can find out the challenge protocol of the work network by > simply war-driving past and failing to authenticate. If the attacker > then takes that information and sets up a wireless access point at a > wireless cafe frequented by folks from that business, those folks' > computers will log in to the apparent business network in preference to > the wireless AP of the cafe. The fake AP then cuts off the connection, > letting the computer fall back to the cafe AP. Afterward, the attacker > uses the credentials to gain access to the business network. > > -- > Ray Parks [hidden email] > IDART Project Lead Voice:505-844-4024 > IORTA Department Fax:505-844-9641 > http://www.sandia.gov/idart Pager:800-690-5288 > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > > |
Stephen Guerin wrote:
> RedfishGroup's Wireless Network Access > > Username/Password > none/none > > Please WAR-park in our lot and we'll bring you out some coffee :-) I might take you up on that if I get up your way. That reminds me of another amusing article I found through slashdot. A Comcast subscriber allowed as how he intended to remove all security from his home wireless AP in response to the spate of MPAA-inspired letters to Comcast customers about possible movie warez. His logic - if he has no security, then he has an automatic explanation of why his computer might have advertised some warez. This is a variant of the now popular defense for crackers - "I wuz hacked". -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
Free forum by Nabble | Edit this page |