Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Connecting to unknown wireless networks

  1. #1
    Join Date
    Oct 2008
    Location
    /var/log/uk :-)
    Beans
    223
    Distro
    Ubuntu 12.04 Precise Pangolin

    Connecting to unknown wireless networks

    Hi all,

    If I connected my netbook to a wireless network in some sort of event where they put on free wifi for you, what in theory could someone do to my netbook? Firewall would be on, fully updated Ubuntu 12.04.

    I realise that in a wpa/wpa2 network that is using a key, the data between me and the router/ap is encrypted. Am I missing something else that is obvious and a security risk?

    I’m interested to see what sort of answers come back, I feel I have a good handle on wireless security but this question has just popped into my head.

  2. #2
    Join Date
    Jul 2008
    Beans
    2,732

    Re: Connecting to unknown wireless networks

    I have used free wifi but only through a VPN with FF. I have add-ons like No Script and Better Privacy. I usually disable Java as well. I had no issues to date.

  3. #3
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Connecting to unknown wireless networks

    Quote Originally Posted by mr-woof View Post
    Hi all,

    If I connected my netbook to a wireless network in some sort of event where they put on free wifi for you, what in theory could someone do to my netbook? Firewall would be on, fully updated Ubuntu 12.04.

    I realise that in a wpa/wpa2 network that is using a key, the data between me and the router/ap is encrypted. Am I missing something else that is obvious and a security risk?

    I’m interested to see what sort of answers come back, I feel I have a good handle on wireless security but this question has just popped into my head.
    WPA/WP2 can be brute force without dictionary (proof is here).

    Once the hacker associated with the wifi router, s/he can attack any computer within the subnet with Man-in-the-Middle attack (MiTM). Or, by other means.

    Meanwhile, it is also risky to use so-called "Free wifi" in the public area when you do not sure the said "Free wifi" is setup by the hacker or not.

    In additon, hackers can bypass the firewall too.

    Samiux

  4. #4
    Join Date
    Oct 2008
    Location
    /var/log/uk :-)
    Beans
    223
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Connecting to unknown wireless networks

    Interesting, thanks for the links. So, how would an attack bypass your firewall?

  5. #5
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Connecting to unknown wireless networks

    Quote Originally Posted by mr-woof View Post
    Interesting, thanks for the links. So, how would an attack bypass your firewall?
    Firewall is very easy to bypass.

    Samiux

  6. #6
    Join Date
    Oct 2008
    Location
    /var/log/uk :-)
    Beans
    223
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Connecting to unknown wireless networks

    So you said, how though? Web Exploit? Drive by download ?

  7. #7
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Connecting to unknown wireless networks

    One of the main worries would be session hijacking.

    This means that anyone using the same network (whether secured or not) can gain access to any of the websites that you are currently logged into using your username without knowing your password if the sites don't use https throughout. From there it is easy enough to change your password or use your online accounts for any purpose they wish.
    Last edited by Cheesemill; October 8th, 2012 at 10:11 PM.
    Cheesemill

  8. #8
    Join Date
    Oct 2008
    Location
    /var/log/uk :-)
    Beans
    223
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Connecting to unknown wireless networks

    good point cheesemill, id forgotten about firesheep. I thought that only worked on an open wireless network, not when it's encrypted and using a key?

  9. #9
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Connecting to unknown wireless networks

    Quote Originally Posted by mr-woof View Post
    good point cheesemill, id forgotten about firesheep. I thought that only worked on an open wireless network, not when it's encrypted and using a key?
    I believe that it works on any wireless network that you are connected to. Even if the network is encrypted everyone shares the same encryption keys so Firesheep will work the same as being connected to an open network.
    Cheesemill

  10. #10
    Join Date
    Mar 2011
    Beans
    701

    Re: Connecting to unknown wireless networks

    Things they can do:

    1) SSL-Strip to bypass non-HSTS HTTPS websites and read encrypted messages etc.

    2) Intercept any unencrypted messages (even easier). This includes unencrypted session cookies (I see Firesheep has already been mentioned), IM conversations, etc.

    3) Interact with any local services running on your system (cups, dhclient).
    sig

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •