Ensuring Security at HotSpots question

Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

Hello all

I access the internet via a hotspot during my lunchbreak and wanted to
ensure that I am surfing securely. I have read various PC magazine
articles and here is what I have done SO FAR to ensure privacy

1. Sygate Firewall
2. File Sharing turned off, Plug/Play turned off
3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
positively in various journals
4. Virus software always on
5. AdAware and SpyBot run every few days
6. HOSTS file modified to be "anti spyware"

what is lacking?

I hear about war drivers and others "grabbing" my packets while I
surf. I think #3 above should fix that. Anything else? Can people
with NetStumbler find ME (via GPS) while I surf? I know they can find
the AP, how about the laptop user?

Dont want to be paranoid, but thats the reality these days.

thanks!
7 answers Last reply
More about ensuring security hotspots question
  1. Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

    On 2 Nov 2004 20:57:42 -0800, Bill wrote:

    > Hello all
    >
    > I access the internet via a hotspot during my lunchbreak and wanted to
    > ensure that I am surfing securely. I have read various PC magazine
    > articles and here is what I have done SO FAR to ensure privacy
    >
    > 1. Sygate Firewall
    > 2. File Sharing turned off, Plug/Play turned off
    > 3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
    > positively in various journals
    > 4. Virus software always on
    > 5. AdAware and SpyBot run every few days
    > 6. HOSTS file modified to be "anti spyware"
    >
    > what is lacking?
    >
    > I hear about war drivers and others "grabbing" my packets while I
    > surf. I think #3 above should fix that. Anything else? Can people
    > with NetStumbler find ME (via GPS) while I surf? I know they can find
    > the AP, how about the laptop user?
    >

    If they can find the AP then they can find you. You have to be within a few
    hundred feet and any wireless detector can identify your notebook in
    operation.

    > Dont want to be paranoid, but thats the reality these days.
    >
    > thanks!
  2. Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    In <news:x3m7m8cs8ay9$.dlg@icepick.org>,
    Iceman <1c3m4n@chi-mafia.org> roted:

    > On 2 Nov 2004 20:57:42 -0800, Bill wrote:
    >
    >> Hello all
    >>
    >> I access the internet via a hotspot during my lunchbreak and
    >> wanted to ensure that I am surfing securely. I have read various
    >> PC magazine articles and here is what I have done SO FAR to ensure
    >> privacy
    >>
    >> 1. Sygate Firewall
    >> 2. File Sharing turned off, Plug/Play turned off
    >> 3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
    >> positively in various journals
    >> 4. Virus software always on
    >> 5. AdAware and SpyBot run every few days
    >> 6. HOSTS file modified to be "anti spyware"
    >>
    >> what is lacking?
    >>
    >> I hear about war drivers and others "grabbing" my packets while I
    >> surf. I think #3 above should fix that. Anything else? Can
    >> people with NetStumbler find ME (via GPS) while I surf? I know
    >> they can find the AP, how about the laptop user?
    >>
    >
    > If they can find the AP then they can find you. You have to be
    > within a few hundred feet and any wireless detector can identify
    > your notebook in operation.

    At which point they do AP spoofing... and... well, you know. ^_~

    ^reaper^

    >> Dont want to be paranoid, but thats the reality these days.
    >>
    >> thanks!


    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    iQA/AwUBQYh3TlMeYoHj2dI5EQL47gCeL7E4WN0VIDADnLWoPkYm6YTH3AMAoMX/
    FGQw9wqYLfcAQej2zUjmBK95
    =JNn8
    -----END PGP SIGNATURE-----
  3. Archived from groups: alt.internet.wireless,alt.2600,microsoft.public.windows.networking.wireless,comp.security.firewalls,comp.security.misc (More info?)

    3726414@spamhole.com (Bill) wrote:
    >1. Sygate Firewall
    >2. File Sharing turned off, Plug/Play turned off
    >3. Surf thru HotSpotVPN, a Virtual Private Network, reviewed
    >positively in various journals
    >4. Virus software always on
    >5. AdAware and SpyBot run every few days
    >6. HOSTS file modified to be "anti spyware"

    Well, if you can trust HotSpotVPN, and your firewall is any good, then
    you are pretty much covered, aren't you? In the end, you aren't
    really connected _to_ the AP, but are tunneling _thru_ it, and there's
    nothing for The Bad Ones to see.
  4. Archived from groups: alt.internet.wireless,comp.security.firewalls,comp.security.misc (More info?)

    agent10029 wrote:

    > I use a VPN sniffer,
    > same deal.. i dont need to snif fthier packets.

    It's a good thing we've got NSA/FBI field agents to troll iCafes with
    their AES cracking man-in-the-middle script kiddie apps. Now that you've
    blown Rijndael wide open (http://www.cryptosystem.net/aes/), what's the
    next stunt you'll pull with your SGI Altix 3700 Bx2 laptop?

    -Gary
  5. Archived from groups: alt.internet.wireless,comp.security.firewalls,comp.security.misc (More info?)

    On Wed, 03 Nov 2004 12:55:32 -0800, Gary <garyd@efn.org.spamsux>
    wrote:

    >agent10029 wrote:
    >
    >> I use a VPN sniffer,
    >> same deal.. i dont need to snif fthier packets.

    >It's a good thing we've got NSA/FBI field agents to troll iCafes with
    >their AES cracking man-in-the-middle script kiddie apps. Now that you've
    >blown Rijndael wide open (http://www.cryptosystem.net/aes/), what's the
    >next stunt you'll pull with your SGI Altix 3700 Bx2 laptop?
    >-Gary

    Bah-humbug. Ye software hackers are all the same. Always attacking a
    system at its strongest point (firewall and encryption) while totally
    ignoring blatantly vulnerable hardware points of access. Ask
    competent burglar if they spend minutes tinkering with the latest high
    security door lock, or if they prefer to just bypass the door and
    proceed with the theft.

    For example, most modernish laptops have exposed USB ports. No cover,
    no protective interlocks, no authentication. On a Windoze laptop,
    plug a USB storage device into the USB port. Plug-n-play will
    automagically recognize it as valid device, add ATA drive emulation,
    and run AUTORUN.INF with the permissions of the user. If they're
    logged in as an administrator equivalent, then you have total control.

    AUTORUN.INF runs a "root kit" like script that consists mostly of
    registry changes and perhaps adds some spyware. I recently
    demonstrated a rather simplistic version of this attack. About 30
    seconds from start to cleanup on the initial run, most of which was
    plug-n-play doing its thing. About 10 seconds after that. Yeah, it
    leaves evidence of entry behind but most people wouldn't notice.
    While agent10029 is passing his captured VPN session to his trojaned
    collection of online grid computers for a parallel attack on the key,
    I've got what I want with a $15 USB dongle in 30 seconds.

    The same approach can be done via firewire, with a floppy disk (much
    slower), via CF card in a PCMCIA slot (very fast), via the ethernet
    port (much more complex), or via Bluetooth (I haven't tried that yet).

    So far, my only real problem is that I like to grab users Outlook PST
    files because most users like to store their passwords, account
    numbers, and such in email. Grab the old email, and they're mine.
    The problem is that Outlook PST files tend to gargantuan. 200-800
    MBytes is typical. That doesn't fit on my cheapo USB dongle and takes
    forever. I guess the best protection against my hacking is bloated
    Microsoft data files. Sigh.

    Anyway, if you really want to worry about security, never mind
    firewalls, encryption, wireless, and and software. Worry about
    exposed hardware.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
  6. Archived from groups: alt.internet.wireless (More info?)

    Jeff Liebermann wrote:
    > On Wed, 03 Nov 2004 12:55:32 -0800, Gary <garyd@efn.org.spamsux>
    > wrote:
    >
    >
    >>agent10029 wrote:
    [snip]

    > Bah-humbug. Ye software hackers are all the same. Always attacking a
    > system at its strongest point (firewall and encryption) while totally
    > ignoring blatantly vulnerable hardware points of access. Ask
    > competent burglar if they spend minutes tinkering with the latest high
    > security door lock, or if they prefer to just bypass the door and
    > proceed with the theft.
    >

    When it comes to attacks, the easiest way is ... geesh; the easiest.
    Have customers that want to secure thier network, whether wired or
    wireless and attempt to spend, spend, spend for software solutions. I
    usually make my presents known when I tell them:

    "It takes to long to get in via the Internet for stealing data. It is
    much easier to break into the location and take the whole network",
    along with "Social engineering is also far much easier to gain access.
    If you want secure, you not only need to secure your network, but secure
    your hardware and your people."

    Sure, they need to have data that is worthwhile to steal. Had a
    customer claim that I couldn't get into his network from anywhere...
    geesh -> 3 minutes with floppy and I could have trashed the whole nine
    yards.

    todh
  7. Archived from groups: alt.internet.wireless,comp.security.firewalls,comp.security.misc (More info?)

    On Thu, 04 Nov 2004 09:10:24 -0800
    Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

    > On Wed, 03 Nov 2004 12:55:32 -0800, Gary <garyd@efn.org.spamsux>
    > wrote:
    >
    > >agent10029 wrote:
    > >
    > >> I use a VPN sniffer,
    > >> same deal.. i dont need to snif fthier packets.
    >
    > >It's a good thing we've got NSA/FBI field agents to troll iCafes with
    > >
    > >their AES cracking man-in-the-middle script kiddie apps. Now that
    > >you've blown Rijndael wide open (http://www.cryptosystem.net/aes/),
    > >what's the next stunt you'll pull with your SGI Altix 3700 Bx2
    > >laptop?-Gary
    >
    > Bah-humbug. Ye software hackers are all the same. Always attacking a
    > system at its strongest point (firewall and encryption) while totally
    > ignoring blatantly vulnerable hardware points of access. Ask
    > competent burglar if they spend minutes tinkering with the latest high
    > security door lock, or if they prefer to just bypass the door and
    > proceed with the theft.
    >
    > For example, most modernish laptops have exposed USB ports. No cover,
    > no protective interlocks, no authentication. On a Windoze laptop,
    > plug a USB storage device into the USB port. Plug-n-play will
    > automagically recognize it as valid device, add ATA drive emulation,
    > and run AUTORUN.INF with the permissions of the user. If they're
    > logged in as an administrator equivalent, then you have total control.

    <snip>

    All of which relies on the user leaving their machine unattended. Anyone
    leaving a notebook unattended in a public place has bigger risks that
    having data stolen, they risk having the machine with the data in it
    stolen.

    You would only ever have physical access to any of my machines without
    my presence in my office, in my home, or in the house of someone I
    trust. Only employees go to the part of the office where my hardware is
    (we are small enough for everyone to recognise everyone else) and
    strangers don't get left unattended at home.

    So you have a negligible chance of applying your chosen attack method on
    any of my machines unless you engage a thief and steal the machines
    first.
    --
    Flash Gordon
    Sometimes I think shooting would be far too good for some people.
    Although my email address says spam, it is real and I read it.
Ask a new question

Read More

Wireless Security Wireless Networking