This map shows the location of all WiFi users on the CMU campus. (requires Flash)
http://cmusky.org/map_usercentric.html -Sven- |
Wow! If you can now tell me which dot is me I am going to get very
afraid... -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Sven Gato Redsun Sent: Thursday, November 13, 2003 6:12 PM To: [hidden email] Subject: [FRIAM] cmu wifi map This map shows the location of all WiFi users on the CMU campus. (requires Flash) http://cmusky.org/map_usercentric.html -Sven- ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9AM @ Jane's Cafe Lecture schedule, archives, unsubscribe, etc.: http://www.friam.org |
It doesn't appear to give identifying information, but I suspect you're the
dot that keeps getting escorted from the women's dorms to the security station ;-) ____________________________________________________ http://www.redfish.com [hidden email] 624 Agua Fria Street office: (505)995-0206 Santa Fe, NM 87501 mobile: (505)577-5828 > -----Original Message----- > From: [hidden email] [mailto:[hidden email]]On > Behalf Of Keith Hunter > Sent: Thursday, November 13, 2003 4:23 PM > To: 'The Friday Morning Complexity Coffee Group' > Subject: RE: [FRIAM] cmu wifi map > > > Wow! If you can now tell me which dot is me I am going to get very > afraid... > > -----Original Message----- > From: [hidden email] [mailto:[hidden email]] On > Behalf Of Sven Gato Redsun > Sent: Thursday, November 13, 2003 6:12 PM > To: [hidden email] > Subject: [FRIAM] cmu wifi map > > > This map shows the location of all WiFi users on the CMU campus. > (requires Flash) > http://cmusky.org/map_usercentric.html > > -Sven- > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: http://www.friam.org > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9AM @ Jane's Cafe > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org > > |
In reply to this post by Keith Hunter
Keith Hunter wrote:
> Wow! If you can now tell me which dot is me I am going to get very > afraid... Well, now you've challenged me. First, I need access to the web-server (and backend database) so I can find all the dots. Since the web-page was created with Fireworks MX and Dreamweaver MX it was probably created on a Windows box (there's also a Mac version of this software). I'm at work, so the proxies prevent me from determining the type of web-server, but let's say for argument that if the developer uses Windows, the web-server is also Windows. If the admin hasn't kept up their patches, they should still be vulnerable to the Front-Pages Extensions exploit, which gives me remote access as the web-server user. I can probably obtain everything I need to know as the web-server user, but I can always get system/root access via a local privilege escalation. Next, I need access to the Wireless Andrew network so I can sniff your traffic. Since Wireless Andrew is open, I just need to war-drive the campus to pick up traffic. If I need to do this remotely, I could place a few sniffers around the campus that report back to me via their own wireless connection to a wired access point. Since the Apple AirPort Base Station is banned from campus, I suspect that I could use one either to power my sniffer wireless network or even to divert traffic and analyze it for user authentication information. I think that gaining direct access to Wireless Andrew should be doable [1]. With knowledge of the user accesses and nodes of Wireless Andrew from the web-server, I should be able to match traffic to dots. Scanning the traffic for simple identifiers such as your email address or name should make it possible to find you. If I can divert your traffic through an Apple AirPort Base Station, I should be able to not only track you but to become you, stealing your virtual identity. To summarize - first get access to the dot database, next sniff traffic for user identification, then associate the two. There's a host of alternative attacks as well as alternate attack steps. For instance, an alternate attack might involve gaining direct access to the NetMon systems via MySQL, Apache, or mod_perl vulnerabilities and then monitor you directly. Since the network admins can monitor you, I just need to become a network admin. 1. Wireless Andrew's security model requires that a user authenticate via AuthBridge (which passes the authentication on to NetReg). The on-line documentation is not clear on what is required to register a system, but there is no mention of security features such as one-time password generators. So, I think some social engineering to gain a user's authentication information would allow registration of rogue systems in that user's name. The on-line documentation of Wireless Andrew, AuthBridge, and NetReg were very useful in understanding how to perform this attack. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
If you are using, an AmBit Wireless Access Card, then you are in the
Purnell Center for the Arts, but if you are using a Lucent or a Xircom or an Intel, then there are too many others with the same card. Click on a building to see the breakdown by access cards. -Roger |
Free forum by Nabble | Edit this page |