SailNet Community - View Single Post - Security while using WiFi while cruising
View Single Post
  #18  
Old 02-17-2012
kd3pc's Avatar
kd3pc kd3pc is offline
Senior Member
 
Join Date: Oct 2006
Location: Callao, VA
Posts: 1,340
Thanks: 0
Thanked 9 Times in 9 Posts
Rep Power: 8
kd3pc is on a distinguished road
Quote:
Originally Posted by svzephyr44 View Post
WiFi sniffing is one of the least productive methods for hackers to compromise your account. First, they have to be almost in the same room (WiFi doesn't travel that far,) have some software that would seem curious in an internet cafe, and be able to spend quite a bit of time hanging out waiting for the person logging into their bank account or business account.
again, guys do your homework...the wifi at my marina could be picked up by MY boat with an Ubiquity system, over a mile away.

While not as quick, it can be, and is for some VERY lucrative. No ONE has ever asked to see what software I am running, and I would never tell someone what I am doing, IF asked...it is none of their business what I am doing at the Cafe. It is quite normal for some folks to be there all day, several days a week. See Social Engineering below. All part of the process. I am not really after your bank account right there, I am more interested in your passwords, logins and sites....that is where the real in roads can be made. Then compromise your machine, then the bank and such.

the software to sniff, is little more than an app that runs in the background on my machine...ethical hacker that I am...two other programs and I can sniff almost any wireless. Add in a password cracker, some generic keys to "standard" encryptions...and voila

The hacker, a good one, can learn more by "social engineering"...my favorite line is "excuse me, I left the password to the net, back in my room, do you have it, or should I just go to the checkin desk"...has yet to fail. Even more convincing, is to have them "enter" it on my computer....they think that they have kept things secure, because they did not know that my key logger was working....

In a job for a very large insurance company in IL...I was able to get past security at the entrance, on to a swipe access elevator, to the third floor "training room" (it was actually on the second floor, but security either did not care or did not know), and in to my room with NO credentials, no drivers license or corporate ID required anywhere in the chain....

Believe me, when the Compliance CEO read my report and listened to my presentation...he was not at all happy.

Security is in YOUR hands, no one else is going to do it for you, or as some of you have found out.....they won't even help you with YOUR account...

YMMV
Reply With Quote Share with Facebook