Three MiFi v.v. WiFi Security?
in [UK Mobile]
|
Prev: tmobile USA
Next: Which network is this mobile on?
From: CJB on 29 Oct 2009 16:53 BBC Watchdog has done shown a convincing demo. of the dangers of accessing an email accounts via WiFi. They got someone to log into an email account using a WiFi service at a cafe. Someone else, acting as a hacker, monitored the WiFi traffic and managed to extract the username and password. This was enough to connect to the session and use the email account to send a fradulent email. The hacker could also have opened the emails to see if any had confidential information in them. If a shopping account had been used, credit card details could also have been extracted. Then the hacker locked the account so that the ownber couldn't close it himself. However the session remained alive for the hacker to use at will. So my question is: is the Three MiFi aka mobile broadband with a dongle (containing a '3' SIM card) as insecure? CJB.
From: Kráftéé on 29 Oct 2009 17:42 "CJB" <chrisjbrady(a)gmail.com> wrote in message news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e(a)v15g2000prn.googlegroups.com... > BBC Watchdog has done shown a convincing demo. of the dangers of > accessing an email accounts via WiFi. > > They got someone to log into an email account using a WiFi service > at > a cafe. Someone else, acting as a hacker, monitored the WiFi traffic > and managed to extract the username and password. This was enough to > connect to the session and use the email account to send a fradulent > email. The hacker could also have opened the emails to see if any > had > confidential information in them. If a shopping account had been > used, > credit card details could also have been extracted. Then the hacker > locked the account so that the ownber couldn't close it himself. > However the session remained alive for the hacker to use at will. > > So my question is: is the Three MiFi aka mobile broadband with a > dongle (containing a '3' SIM card) as insecure? > > CJB. You mean they missed the bit about being able to see everything which is on your screen using simple easy to source equipment, unless it is specially screened. Leave it to Watchdog to grab a small piece of a much larger picture and then try and blind their viewer with sci fi goglygook. Just keep a look out for the black helicopters. Putting it simply if enough time and effort is put into it your PC and security can be breached not matter whether it is connected via the Lan, via wifi, via mobile usb mobile dongle or using networking over the mains. Your job, if you wish to do so, is to make it as complicated as you can so they pass on by looking for the next easy mark and there in lies the problem. Most don't, either because they don't know or can't be bothered but if you want total security the best thing for you to do is turn the dam thing off and even then your security can be breached in countless ways. Paranoid enough yet, remember the black helicopters, they are out there, really...honest.
From: Graham. on 29 Oct 2009 20:12 "Kr�ft��" <kr�ft��@b&e-cottee.me.uk> wrote in message news:1o2dnXTzs5P-kXfXnZ2dnUVZ7vGdnZ2d(a)bt.com... > "CJB" <chrisjbrady(a)gmail.com> wrote in message news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e(a)v15g2000prn.googlegroups.com... >> BBC Watchdog has done shown a convincing demo. of the dangers of >> accessing an email accounts via WiFi. >> >> They got someone to log into an email account using a WiFi service at >> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic >> and managed to extract the username and password. This was enough to >> connect to the session and use the email account to send a fradulent >> email. The hacker could also have opened the emails to see if any had >> confidential information in them. If a shopping account had been used, >> credit card details could also have been extracted. Then the hacker >> locked the account so that the ownber couldn't close it himself. >> However the session remained alive for the hacker to use at will. >> >> So my question is: is the Three MiFi aka mobile broadband with a >> dongle (containing a '3' SIM card) as insecure? >> >> CJB. > > You mean they missed the bit about being able to see everything which is on your screen using simple easy to source equipment, > unless it is specially screened. > > Leave it to Watchdog to grab a small piece of a much larger picture and then try and blind their viewer with sci fi goglygook. > > Just keep a look out for the black helicopters. > > Putting it simply if enough time and effort is put into it your PC and security can be breached not matter whether it is connected > via the Lan, via wifi, via mobile usb mobile dongle or using networking over the mains. Your job, if you wish to do so, is to > make it as complicated as you can so they pass on by looking for the next easy mark and there in lies the problem. Most don't, > either because they don't know or can't be bothered but if you want total security the best thing for you to do is turn the dam > thing off and even then your security can be breached in countless ways. > > Paranoid enough yet, remember the black helicopters, they are out there, really...honest. I see your nemesis has been "outed", I'm surprised you aren't gloating with TOG et all. -- Graham. %Profound_observation%
From: The Natural Philosopher on 30 Oct 2009 05:49 Kráftéé wrote: > > Paranoid enough yet, remember the black helicopters, they are out there, > really...honest. > I know. They practice hovering over the next hill.
From: Chris on 30 Oct 2009 08:03
Kráftéé wrote: > "CJB" <chrisjbrady(a)gmail.com> wrote in message > news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e(a)v15g2000prn.googlegroups.com... >> BBC Watchdog has done shown a convincing demo. of the dangers of >> accessing an email accounts via WiFi. >> >> They got someone to log into an email account using a WiFi service >> at >> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic >> and managed to extract the username and password. This was enough to >> connect to the session and use the email account to send a fradulent >> email. The hacker could also have opened the emails to see if any >> had >> confidential information in them. If a shopping account had been >> used, >> credit card details could also have been extracted. Then the hacker >> locked the account so that the ownber couldn't close it himself. >> However the session remained alive for the hacker to use at will. >> >> So my question is: is the Three MiFi aka mobile broadband with a >> dongle (containing a '3' SIM card) as insecure? >> >> CJB. > > You mean they missed the bit about being able to see everything which > is on your screen using simple easy to source equipment, unless it is > specially screened. No, that wasn't it. I think at least, as they intentionally avoided telling 'us' how they did it. What I think they were doing were scanning for new DHCP clients on the same wi-fi subnet/hotspot as the 'hacker' and then hijacking their web sessions by cloning their cookies. All the examples they showed were for gmail, so not using a webmail account would solve that. I'm no expert, but I wonder if properly signed https sessions would also be prone to this kind of attack i.e. banking sessions I agree it was scaremongering to a degree, but it is useful to warn the public of potentially serious (to them) unsafe behaviour. The only solution they gave was to use a VPN, but I think that's probably OTT. -- The email address is a spam trap. I rarely use it. |