free city access

Let'sgoflying!

Let'sgoflying!

Touchdown! Greaser!
Joined
Feb 23, 2005
Messages
20,311
Location
west Texas
Display Name
Display name:
Dave Taylor
the hotel Im at in ft worth has no internet access. Just for grins I fired it up and up came a wireless thingy that I am connected to... Hammerhead or something, it automatically connected so here I am.

Is this safe and legal and ethical and all that???
 
Let'sgoflying! said:
the hotel Im at in ft worth has no internet access. Just for grins I fired it up and up came a wireless thingy that I am connected to... Hammerhead or something, it automatically connected so here I am.

Is this safe and legal and ethical and all that???
Click to expand...
No, probably not, and no.

It is not safe, at all. Unsecured wireless networks absolutely are not safe.

It is probably not legal. You are technically stealing someone elses bandwidth.

It is certainly not ethical.
 
Greebo said:
No, probably not, and no.

It is not safe, at all. Unsecured wireless networks absolutely are not safe.

It is probably not legal. You are technically stealing someone elses bandwidth.

It is certainly not ethical.
Click to expand...

Like you've never done it, right????

Dave, there are some hotels and locales that make free wireless network access available. They are, as Chuck said, not necessarily safe. I'd probably trust some of the hotel systems, others - probably not. It may just be a dumb homeowner nearby that has no clue that folks are using their bandwidth....

If you have capability to VPN, they can be fairly safe. It will be ethical if the wireless system is intended to be public and available to all.
 
wsuffa said:
Like you've never done it, right????
Click to expand...
Used an unsecured wireless network?

Yes. When I knew WHO was providing the wireless network, and I knew it was a real network and not an ad-hoc computer to computer network, and my laptop was locked down with maximum security. In hotels when the hotel provides the wireless, in conferences when the conference provides the wireless.

Never when I didn't know who the provider was.

If you have capability to VPN, they can be fairly safe. It will be ethical if the wireless system is intended to be public and available to all.
Click to expand...
It most certainly isn't ethical if you are using a wireless network not provided by the hotel and you don't know who provided it so you don't know if it was intended for public use.
 
Joe Williams said:
http://www.cnn.com/2005/TECH/internet/06/21/hotspot.hacking/index.html
Click to expand...
Excellent article. A MUST read for any wireless network users.

Those of you who are running wireless networks at home should especially read it. Then go home and change your SPID and turn off its broadcasting, and turn on your wireless's 128 bit encryption.

Failure to do so is as dangerous to your personal information as playing russian roulette is to your life.

You have been warned.
 
I know a lot of people who, when they are not actually working, leave their access points "open" for just this purpose (the use by transient visitors, not harvesting private info).

Some cities are creating wireless "clouds" for use by whomever.

Exercise reasonable care, be courteous, don't snoop.
 
Let'sgoflying! said:
the hotel Im at in ft worth has no internet access. Just for grins I fired it up and up came a wireless thingy that I am connected to... Hammerhead or something, it automatically connected so here I am.

Is this safe and legal and ethical and all that???
Click to expand...

Depends on where you are in Fort Worth, but if you are downtown, a lot of the restaurants down there have wireless access points that can be accessed from some of the hotels in the area. Billy Miners and the Flying Saucer are two that come to mind.
 
any hacker looking at my computer will be rapidly crippled by boredom unless they find excitment by heisting my vacation pictures and airplane photos, tedious correspondence with family etc.!

I think I may be wrong about the access I am using. When I called, later when I checked in, both times they said No Internet Access at this hotel. There was a 'box' in the room which I hooked up for grins but it didn't seem to connect so I opened the wireless icon and it said I was Now Connected to Hammerhead so I assumed that was the source.... however this am, HH is Not Connected and I am online. Also when I disconnect the 'box' which the hotel staff says is inop, I lose the internet connection.
Thanks
 
Greebo said:
Those of you who are running wireless networks at home should especially read it. Then go home and change your SPID and turn off its broadcasting, and turn on your wireless's 128 bit encryption.
QUOTE]

Since i know enough about computers to really screw them up........

We have a wireless air card (through T-Mobile) hooked up to our travel laptop. Pete uses this at work. Do we need to be doing something 'special' with this, or is it just like a hard wire dial up connection? It's not connected to any other computer.
Click to expand...
 
Let'sgoflying! said:
any hacker looking at my computer will be rapidly crippled by boredom unless they find excitment by heisting my vacation pictures and airplane photos, tedious correspondence with family etc.!
Click to expand...
If you do any banking online, I can have some of the information in a few minutes after accessing your system.

From your personal correspondence, I can gain your address, phone number, DMV records, from there I can get into your credit files. With care, I can do it anonymously.

I can use your e-mail settings and passwords to pretend I'm you. I can receive your e-mail (even unbeknownst to you), reply and generally make your life more confused than it already is. :D ;)

Everyone has something to hide on their computer. They just don't realize it.
 
DeeG said:
We have a wireless air card (through T-Mobile) hooked up to our travel laptop. Pete uses this at work. Do we need to be doing something 'special' with this, or is it just like a hard wire dial up connection? It's not connected to any other computer.
Click to expand...
Those cards are similar to dialup connections. They talk directly to an access server hooked into the cellular network. Different type of wireless.

While it's technically possible to gather the info, it's more difficult than eavesdropping on an unsecured wireless network. I wouldn't be too worried about it.

FYI, some of the "connection managers" (specifically Verizon's) WILL try to manage your 802.11a/b/g (WiFi) connections. Don't let them.
 
DeeG said:
We have a wireless air card (through T-Mobile) hooked up to our travel laptop.
Click to expand...
I'm not familiar with how T-Moble handles this, so you'ld need to ask them about how they ensure the security of their signal.

However I'd SPECULATE that they have some kind of protective encryption that validates you're an authorized user before giving you access.

Whereas the typical wireless home network with an 802.11b or 802.11g router gets set up wiht the simplest settings to make it easy to connect. And thus, easy to hijack.
 
Let'sgoflying! said:
any hacker looking at my computer will be rapidly crippled by boredom unless they find excitment by heisting my vacation pictures and airplane photos, tedious correspondence with family etc.!

I think I may be wrong about the access I am using. When I called, later when I checked in, both times they said No Internet Access at this hotel. There was a 'box' in the room which I hooked up for grins but it didn't seem to connect so I opened the wireless icon and it said I was Now Connected to Hammerhead so I assumed that was the source.... however this am, HH is Not Connected and I am online. Also when I disconnect the 'box' which the hotel staff says is inop, I lose the internet connection.
Thanks
Click to expand...

Dave, whether you're wireless or hardwired to the hotel system, you need to be running a software firewall of some sort (ZoneAlarm or the like). You also need to make sure that file and printer sharing are disabled. Don't let people access your computer....

Chuck, we're saying the same basic thing. IF the wireless system is intended to be public access, there is nothing unethical about using it... and I'm presuming that you have reason to know or can determine that it is public access (e.g. it's a hotel system, or a municipal system, or and FBO system...)
 
You're still best off if you can create a secure connection (VPN or the like) to a trusted network.

There are VPN routers available that will work OK on a home/small business network that has a static IP on the internet-facing side.
 
wsuffa said:
Bet I can set up a wireless node that you would think belonged to the hotel....
Click to expand...
Say "Bet you can set up a wireless node that SOME would think belonged to the hotel..." and I'll agree.

Me, I check first. I ask em "what's the identifier of your wireless network", and I also know what the different wireless icons mean. ;)

Case in point - at Tech Ed this year the provided wireless network was "TechEd2005".

The strongest signals for TechEd2005 were point to point ad-hoc networks, not wireless access points.

I took the weaker VALID points. (And frankly I think they should have been more rigorous in their connection setup.)

I'm Paranoid. And Proud Of It. :)
 
There is a lot of hysteria about open access points. Grab banking information? First of all, not many people do banking (or shouldn't at least) over unsecured access points (or even "secured" ones that you don't control), and second I've never seen any bank site that was not SSL. (In fact REQUIRED by the visa/mc certification process that at am most recently intimately familiar with!)

I'd challenge any casual hacker to crack SSL in a reasonable amount of time. Most "hackers" are just script kiddies looking at clear text, email, etc.

While I would never bank via an open wireless, the news folks that pump this hysteria never mention that the sites are all SSL/HTTPS.

The one exception to this is fake wireless sites with fake banking web sites behind them. Technically possible, but beyond the typical lazy script kiddy.

Just my 0.02.
 
sshekels said:
There is a lot of hysteria about open access points. Grab banking information? First of all, not many people do banking (or shouldn't at least) over unsecured access points (or even "secured" ones that you don't control), and second I've never seen any bank site that was not SSL. (In fact REQUIRED by the visa/mc certification process that at am most recently intimately familiar with!)

I'd challenge any casual hacker to crack SSL in a reasonable amount of time. Most "hackers" are just script kiddies looking at clear text, email, etc.

While I would never bank via an open wireless, the news folks that pump this hysteria never mention that the sites are all SSL/HTTPS.

The one exception to this is fake wireless sites with fake banking web sites behind them. Technically possible, but beyond the typical lazy script kiddy.

Just my 0.02.
Click to expand...
What I described is not something your typical script kiddie can do.

I don't need SSL breaking stuff (although I've seen it done in demos for less than 128-bit stuff). Most users bookmark banking sites and 'save' their userid and password information. Big mistake. You're referring to pulling information off via a sniffer or man-in-the-middle attack. I'm referring to infiltrating the computer itself and taking over, essentially.

You'd be surprised at how much sensitive info is stored in e-mails, too. Way, way too much. I'm watching sensitive PERSONAL info flow through to my corporate e-mail systems as some of my less-than-bright users are giving out their company e-mail addresses for PERSONAL use. Very, very stupid, especially when you have your Wells Fargo online banking notifications sent here....with balances and account numbers.
 
Ya, I get a kick out of idiots sending personal email via corporate systems, and are amazed that the IT folks just may see it. (Or that it is backed up and retained.) Bad plan.

I'm a bit curious about the saved login info. How exactly would you be able to get that off my pc? Most folks don't share the root, and I doubt that you could browse my registry (where IE saves it). Just curious.
 
sshekels said:
I'm a bit curious about the saved login info. How exactly would you be able to get that off my pc? Most folks don't share the root, and I doubt that you could browse my registry (where IE saves it). Just curious.
Click to expand...
I won't go into details, primarily because I don't want my name associated with stuff like that. It is available on the Internet with a Google search, though. Just takes a little digging.

Remote Registry service along with "Simple File Sharing" is the culprit in a lot of these cases. No password associated with the administrator account. Various types of programs already installed (including most flavors of IM) have vulnerabilities, especially if they aren't updated regularly. There are other ways, as well. A well 'tied down' system can be safe but most installs of Windows aren't tied down by default.

I've done it here at my office, with some tools I've picked up at a Whitehat Toolbox class put on by Laura Chappel. It's helped me tie down my workstations even more.
 
Now thats a scary service. Only windows... Sigh....
 
Brian Austin said:
If you do any banking online, I can have some of the information in a few minutes after accessing your system.
From your personal correspondence, I can gain your address, phone number, DMV records, from there I can get into your credit files. With care, I can do it anonymously.
I can use your e-mail settings and passwords to pretend I'm you. I can receive your e-mail (even unbeknownst to you), reply and generally make your life more confused than it already is. :D ;)
Click to expand...

I thought about that while typing the last response, decided I would just wait for the comment to arise, but here is what I was thinking: ;)


here is I:
no online banking,
i do the rare credit card purchase but always check 'do not remember this information next time this page is loaded'.
I no longer am recognized by paypal, last purchase was POA 'donation'; since then I have declined their (bonafide) requests to continue to use their service and now I can't use them.
my address, phone number, dmv records I assume are already available
what is a 'credit file'? a credit report? I don't care if anyone reads that. Now if you can change my credit report that would interest me.
I thought about the password thing as such: yeah you could log on to duats and file a bunch of bogus flight plans, go to POA and make me look like an a$$ (wait. I already do that) or go to the Gaston flyin website and cancel my attendance :hairraise: or post emails/read emails of mine.
I am relying on the low yield or high boredom factor to keep people out of my computer I guess!
I already have the win-doh's firewall set up, the antiviral stuff, the zonealarm thingy was a nuisance and any other protection seems at this point to be to user unfriendly to justify at my low risk level.
Basically I have few secrets! :yes:
 
Greebo said:
Say "Bet you can set up a wireless node that SOME would think belonged to the hotel..." and I'll agree.

Me, I check first. I ask em "what's the identifier of your wireless network", and I also know what the different wireless icons mean. ;)

Case in point - at Tech Ed this year the provided wireless network was "TechEd2005".

The strongest signals for TechEd2005 were point to point ad-hoc networks, not wireless access points.

I took the weaker VALID points. (And frankly I think they should have been more rigorous in their connection setup.)

I'm Paranoid. And Proud Of It. :)
Click to expand...

So I take my spare wireless access point and/or router, set the SSID to match the hotel, plug it into the wired network connection in my room (or a back-back wap/router, take your pick) along with a packet sniffer, and off we go....
 
The trick is you have to have content on the back side... Now if you proxy the "good" sites, monitor the traffic in the middle, you have enough cash to fly to Gastons!!!

Er...Nevermind...

{slinking}away{/slinking}
 
wsuffa said:
So I take my spare wireless access point and/or router, set the SSID to match the hotel, plug it into the wired network connection in my room (or a back-back wap/router, take your pick) along with a packet sniffer, and off we go....
Click to expand...

True enough - further illustration that wireless access in public areas isn't something to be trusted further than you can throw it. :)
 
wsuffa said:
So I take my spare wireless access point and/or router, set the SSID to match the hotel, plug it into the wired network connection in my room (or a back-back wap/router, take your pick) along with a packet sniffer, and off we go....
Click to expand...
Or...if you're in MY network, the other AP's detect the rogue AP and send me a text msg to my phone. Just like if you're not an authorised device on my network and try to plug in to any active ports...which shut down at the same time as the text msg goes out. :D

It's possible to lock down any network with enough time or money. It really depends on how much effort the engineer wants to put into it.
 
There is always someone out there better than you are. If THEY want your data, they've got it. You just have to make it either too boring or too difficult for them to get at. :)

As far as 'borrowing' someone else's access, just make sure you do no harm. I've borrowed open access points for sending a quick email or getting yahoo directions. If the person has left the AP open, they probably never even knew you were on there.
 
You must log in or register to reply here.
Back
Top