Ensuring Security at HotSpots question

Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

On 2 Nov 2004 20:57:42 -0800, Bill wrote:

> Hello all
>
> I access the internet via a hotspot during my lunchbreak and wanted to
> ensure that I am surfing securely. I have read various PC magazine
> articles and here is what I have done SO FAR to ensure privacy
>
> 1. Sygate Firewall
> 2. File Sharing turned off, Plug/Play turned off
> 3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
> positively in various journals
> 4. Virus software always on
> 5. AdAware and SpyBot run every few days
> 6. HOSTS file modified to be "anti spyware"
>
> what is lacking?
>
> I hear about war drivers and others "grabbing" my packets while I
> surf. I think #3 above should fix that. Anything else? Can people
> with NetStumbler find ME (via GPS) while I surf? I know they can find
> the AP, how about the laptop user?
>

If they can find the AP then they can find you. You have to be within a few
hundred feet and any wireless detector can identify your notebook in
operation.

> Dont want to be paranoid, but thats the reality these days.
>
> thanks!

Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

3726414@spamhole.com (Bill) wrote:
>1. Sygate Firewall
>2. File Sharing turned off, Plug/Play turned off
>3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
>positively in various journals
>4. Virus software always on
>5. AdAware and SpyBot run every few days
>6. HOSTS file modified to be "anti spyware"

Well, if you can trust HotSpotVPN, and your firewall is any good, then
you are pretty much covered, aren't you? In the end, you aren't
really connected _to_ the AP, but are tunneling _thru_ it, and there's
nothing for The Bad Ones to see.

Archived from groups: alt.internet.wireless,comp.security.firewalls,comp.security.misc (More info?)

On Wed, 03 Nov 2004 12:55:32 -0800, Gary <garyd@efn.org.spamsux>
wrote:

>agent10029 wrote:
>
>> I use a VPN sniffer,
>> same deal.. i dont need to snif fthier packets.

>It's a good thing we've got NSA/FBI field agents to troll iCafes with
>their AES cracking man-in-the-middle script kiddie apps. Now that you've
>blown Rijndael wide open (http://www.cryptosystem.net/aes/), what's the
>next stunt you'll pull with your SGI Altix 3700 Bx2 laptop?
>-Gary

Bah-humbug. Ye software hackers are all the same. Always attacking a
system at its strongest point (firewall and encryption) while totally
ignoring blatantly vulnerable hardware points of access. Ask
competent burglar if they spend minutes tinkering with the latest high
security door lock, or if they prefer to just bypass the door and
proceed with the theft.

For example, most modernish laptops have exposed USB ports. No cover,
no protective interlocks, no authentication. On a Windoze laptop,
plug a USB storage device into the USB port. Plug-n-play will
automagically recognize it as valid device, add ATA drive emulation,
and run AUTORUN.INF with the permissions of the user. If they're
logged in as an administrator equivalent, then you have total control.

AUTORUN.INF runs a "root kit" like script that consists mostly of
registry changes and perhaps adds some spyware. I recently
demonstrated a rather simplistic version of this attack. About 30
seconds from start to cleanup on the initial run, most of which was
plug-n-play doing its thing. About 10 seconds after that. Yeah, it
leaves evidence of entry behind but most people wouldn't notice.
While agent10029 is passing his captured VPN session to his trojaned
collection of online grid computers for a parallel attack on the key,
I've got what I want with a $15 USB dongle in 30 seconds.

The same approach can be done via firewire, with a floppy disk (much
slower), via CF card in a PCMCIA slot (very fast), via the ethernet
port (much more complex), or via Bluetooth (I haven't tried that yet).

So far, my only real problem is that I like to grab users Outlook PST
files because most users like to store their passwords, account
numbers, and such in email. Grab the old email, and they're mine.
The problem is that Outlook PST files tend to gargantuan. 200-800
MBytes is typical. That doesn't fit on my cheapo USB dongle and takes
forever. I guess the best protection against my hacking is bloated
Microsoft data files. Sigh.

Anyway, if you really want to worry about security, never mind
firewalls, encryption, wireless, and and software. Worry about
exposed hardware.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Archived from groups: alt.internet.wireless,comp.security.firewalls,comp.security.misc (More info?)

On Thu, 04 Nov 2004 09:10:24 -0800
Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

> On Wed, 03 Nov 2004 12:55:32 -0800, Gary <garyd@efn.org.spamsux>
> wrote:
>
> >agent10029 wrote:
> >
> >> I use a VPN sniffer,
> >> same deal.. i dont need to snif fthier packets.
>
> >It's a good thing we've got NSA/FBI field agents to troll iCafes with
> >
> >their AES cracking man-in-the-middle script kiddie apps. Now that
> >you've blown Rijndael wide open (http://www.cryptosystem.net/aes/),
> >what's the next stunt you'll pull with your SGI Altix 3700 Bx2
> >laptop?-Gary
>
> Bah-humbug. Ye software hackers are all the same. Always attacking a
> system at its strongest point (firewall and encryption) while totally
> ignoring blatantly vulnerable hardware points of access. Ask
> competent burglar if they spend minutes tinkering with the latest high
> security door lock, or if they prefer to just bypass the door and
> proceed with the theft.
>
> For example, most modernish laptops have exposed USB ports. No cover,
> no protective interlocks, no authentication. On a Windoze laptop,
> plug a USB storage device into the USB port. Plug-n-play will
> automagically recognize it as valid device, add ATA drive emulation,
> and run AUTORUN.INF with the permissions of the user. If they're
> logged in as an administrator equivalent, then you have total control.

<snip>

All of which relies on the user leaving their machine unattended. Anyone
leaving a notebook unattended in a public place has bigger risks that
having data stolen, they risk having the machine with the data in it
stolen.

You would only ever have physical access to any of my machines without
my presence in my office, in my home, or in the house of someone I
trust. Only employees go to the part of the office where my hardware is
(we are small enough for everyone to recognise everyone else) and
strangers don't get left unattended at home.

So you have a negligible chance of applying your chosen attack method on
any of my machines unless you engage a thief and steal the machines
first.
--
Flash Gordon
Sometimes I think shooting would be far too good for some people.
Although my email address says spam, it is real and I read it.