What's new
  • ICMag with help from Landrace Warden and The Vault is running a NEW contest in November! You can check it here. Prizes are seeds & forum premium access. Come join in!

Encryption with Wi-FI

G

Guest

If I was in a coffeeshop, using my laptop....would someone be able to sniff my username and password info, and anything I'm talking on on ICMAG?

Or is everything encrypted?
 
P

pmorris

Member
when u connect up at the coffeeshop check your network settings to see if WEP or WPA is enabled. otherwise your wireless isnt secure, someone can connect to your network and can run freely available software that can monitor your network activity.
 
Last edited:
Existenzophile

Existenzophile

New member
Indicad2006 said:
If I was in a coffeeshop, using my laptop....would someone be able to sniff my username and password info, and anything I'm talking on on ICMAG?

Or is everything encrypted?
Click to expand...

Anyone behind the same router as you can sniff your traffic regardless of the network encryption. WEP can be cracked in under 15 minutes, and WPA is also a broken standard. So even unauthorized users can quickly gain access to what you belive to be a secure network THERE CURRENTLY IS NO SUCH THING AS A SECURE WIRELESS NETWORK!!!

You can however mask your traffic on open networks by using TOR. But packet sniffing is the least of your worries if you're using an open network for secure communication :/

http://tor.eff.org
 
G

Guest

Okay, thx for the responses...but it wasn't what I was looking for..

Here is the answer:

I have a packet sniffer, and was sniffing my own wi-fo node while I logged onto icmag.

Your username for the message board is in clear text.... but the password appears to be encrypted.

Also, everything you write is in clear text...I think every single thing listed on the message board... if it shows up on your screen, its been sent in clear text.
 
G

Guest

If you use a site like myspace.com..... your username and password are CLEARLY shown... so thats at least one site I found that you shouldn't use in an open wi-fi.
 
Existenzophile

Existenzophile

New member
Passwords in vBulletin since version 2.20 (i think?) have been stored on the SQL database as an MD5 hash of the password you enter plus some randomly collected data (called salt, which ensures that even if two users have the same password the MD5 hash will be different) What you are querying the database for isn't your plain text password, but the md5 hash of you password. When you log into Myspace, you are not logging into a vBulletin message board.

But like I said, if you are using an unsecure network for secure communication the least of your worries should be someone sniffing you packets with ethereal...
 
P

pmorris

Member
Indicad2006 said:
Okay, thx for the responses...but it wasn't what I was looking for..

Here is the answer:

I have a packet sniffer, and was sniffing my own wi-fo node while I logged onto icmag.

Your username for the message board is in clear text.... but the password appears to be encrypted.

Also, everything you write is in clear text...I think every single thing listed on the message board... if it shows up on your screen, its been sent in clear text.
Click to expand...

quick question, is your "wifi network" using WEP or WPA? while you are sniffing or is it off?
 
Underground Man

Underground Man

Active member
AFAIK wep/wpa only protects the network from "outsiders." So it won't hide your traffic from other users of the same access point.

Some websites/servers/whatever have secure password transmission, some don't :confused: Of course an attacker may not need to steal your password if all your other traffic is being transmitted in plain text.

Existenzophile said:
But like I said, if you are using an unsecure network for secure communication the least of your worries should be someone sniffing you packets with ethereal...
Click to expand...

I am not sure I understand your point. The internet itself is an unsecure open network, when you send a packet through it you never know where it will go. or who will be able to see it. Wireless just makes it a bit easier for a snooper to "plug-in" locally.

I agree that Tor is good for preventing local snooping. Don't use public access points without it.
 
G

Guest

pmorris - i'm using an open wi-fi...someone didn't put a password on it.
 
Verite

Verite

My little pony.. my little pony
Veteran
1. Run updated anti-virus
2. Run a firewall program, the standard one that comes with XP is good enough.
3. Purge your system of all personal information, especially laptops.
4. Stop worrying and move on because steps 1-3 have sufficiently protected you from harm ... not paranoia.
 
Existenzophile

Existenzophile

New member
Underground Man said:
I am not sure I understand your point. The internet itself is an unsecure open network, when you send a packet through it you never know where it will go. or who will be able to see it. Wireless just makes it a bit easier for a snooper to "plug-in" locally.
.
Click to expand...

The US highway system is an interconnected system of roads trafficed by 2 ton chunks of steel moving at speeds in excess of 75mph, piloted by people who actually belive George W. Bush is a republican, and that Jesus personally got them their killer new job at wal-mart.

So because it's a possibility that anyone of them at any second could have a muscle twitch that could usher me and my family to our firey demise I guess we shouldn't even take the simpliest precautions to keep that from happening? or at least indemnify ourselves in the event? Seatbelts? Gone. Airbags? Fuckem! Driver training classes? Out the window!

as long as people think like this, IT security professionals will have a functioning buisness model, and stay financially solvent. So by all means, continue helping them pay for their kids tuition.

If you take steps to protect yourself on the internet little sally won't get the barbie doll she been asking santa for since July!
:smoker:
 
Verite

Verite

My little pony.. my little pony
Veteran
As long as office dweebs keep clicking on e-mail attachments lured by the impossible to resist subject line like " 2-3 more inches on your penis with Happy® pills " ... IT people will always have plenty of dolls to dish to their kids.

And yes your analogy proves one thing for certain ... at any given second theres idiots on every highway... driver beware.
 
G

Guest

" 2-3 more inches on your penis with Happy® pills "

Hey V,ya got that link for me?clik,clik,clik....LOL :wave:
 
Existenzophile

Existenzophile

New member
Verite said:
As long as office dweebs keep clicking on e-mail attachments lured by the impossible to resist subject line like " 2-3 more inches on your penis with Happy® pills " ... IT people will always have plenty of dolls to dish to their kids.

And yes your analogy proves one thing for certain ... at any given second theres idiots on every highway... driver beware.
Click to expand...


From IT 101: How to Fix Click Happy Dipshits

Step One: Register Anonymous Email address

Step two: Create list of all all idiots in on your network (include suspected idiots for good measure)

Step Three: Send all idiots an email containing carefully conceald link to This Sweet new site!

Step four: Enjoy your new, more secure corporate environment.
 
Last edited:
You must log in or register to reply here.

Latest posts

Latest posts

Top