Security Awareness Alert - Chicagoland Sportbikes
Chicagoland Sportbikes
 
Open Forum This forum is for all off-topic discussion.

 
LinkBack Thread Tools Display Modes
post #1 of 16 (permalink) Old 12-01-2010, 11:10 AM Thread Starter
You got the talkin' done
 
jrock's Avatar
 
Join Date: May 2006
Location: Alaska, WI
Posts: 15,711
Location: Alaska, WI
Sportbike: 2016 Honda Africa Twin & 1979 Honda CB750F
Years Riding: long enough to have fallen off a few times - glad I wear a helmet!
How you found us: Loose Lips Sink Ships, Loose Wires Cause Fires
           
Security Awareness Alert

My firm sent this out to us all today.

________________________________________
Security Awareness Alert:
Privacy when using public Wi-Fi
________________________________________

December 1st, 2010

We would like to remind all personnel that when using public Wi-Fi hotspots, like those found at Starbucks, you should avoid sending or receiving sensitive information unless you are using either Citrix or VPN for connectivity. Otherwise, you should assume that anyone connected to the hotspot can access the information you see or send.

A recent, freely available tool named Firesheep is making it easy for attackers to intercept your sessions with popular social networking sites. By simply browsing to a site that is susceptible, like Facebook.com, you open yourself to the possibility of having someone gain full access to your account with the click of a button.

This vulnerability has gained publicity in the past few weeks due to the simplicity behind the attack. In a blog posting by The Wall Street Journal, they note “the novelty of the program is how easy it makes for most anyone to take advantage of them (the vulnerabilities).”

What You Need To Know

• Affected sites include, but are not limited to, Amazon, Twitter, Facebook, Yahoo, and NY Times.

• Sites that use HTTPS for the entire session are not affected (e.g., Gmail).

• Wi-Fi hotspots that use encryption are not affected.



here is a link to the blog post:

http://blogs.wsj.com/digits/2010/10/...ivacy-problem/

If you ain't with us, then it's just bad news.
jrock is offline  
Sponsored Links
Advertisement
 
post #2 of 16 (permalink) Old 12-01-2010, 11:14 AM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,510
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
Quote:
Originally Posted by jrock View Post
...
• Wi-Fi hotspots that use encryption are not affected.
False.

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #3 of 16 (permalink) Old 12-01-2010, 11:15 AM
Registered User
 
suh-c's Avatar
 
Join Date: Jun 2007
Location: Hoffman Estates
Posts: 11,448
Location: Hoffman Estates
Sportbike: '04 CBR 600RR
Years Riding: days
How you found us: youngkow's monkey ass
           
I never use those public hotspots.
suh-c is offline  
post #4 of 16 (permalink) Old 12-01-2010, 11:26 AM
Fat guy on a sport bike
 
Pocket Rockets's Avatar
 
Join Date: Feb 2005
Location: Naperville
Posts: 3,444
Location: Naperville
Sportbike: Schwinn
Years Riding: 7 minutes and 52 seconds
How you found us: ask.com
           
FYI - Clicked on that link and had roughly 70 new explorer windows open up on my computer. Don't know if that was your intention or if someone has gotten to that website.
Pocket Rockets is offline  
post #5 of 16 (permalink) Old 12-01-2010, 11:53 AM
he who is absent foreskin
 
Loki047's Avatar
 
Join Date: Jul 2008
Location: Northshore - Deerfield
Posts: 5,704
Location: Northshore - Deerfield
Sportbike: Z1000
Years Riding: 3 years
How you found us: Search Engine
           
Send a message via AIM to Loki047
Re: Security Awareness Alert

Quote:
I never use those public hotspots.
Evo for the.win

Jordan
Loki047 is offline  
post #6 of 16 (permalink) Old 12-01-2010, 11:56 AM
Registered User
 
suh-c's Avatar
 
Join Date: Jun 2007
Location: Hoffman Estates
Posts: 11,448
Location: Hoffman Estates
Sportbike: '04 CBR 600RR
Years Riding: days
How you found us: youngkow's monkey ass
           
Quote:
Originally Posted by Loki047 View Post
Evo for the.win
what encryption do you use? i use wpa2 but i have no idea what is what
suh-c is offline  
post #7 of 16 (permalink) Old 12-01-2010, 12:02 PM
he who is absent foreskin
 
Loki047's Avatar
 
Join Date: Jul 2008
Location: Northshore - Deerfield
Posts: 5,704
Location: Northshore - Deerfield
Sportbike: Z1000
Years Riding: 3 years
How you found us: Search Engine
           
Send a message via AIM to Loki047
Quote:
Originally Posted by suh-c View Post
what encryption do you use? i use wpa2 but i have no idea what is what
I dont use any. I watch for other people trying to join and boot them from the phone.

Jordan
Loki047 is offline  
post #8 of 16 (permalink) Old 12-01-2010, 12:22 PM
Registered User
 
suh-c's Avatar
 
Join Date: Jun 2007
Location: Hoffman Estates
Posts: 11,448
Location: Hoffman Estates
Sportbike: '04 CBR 600RR
Years Riding: days
How you found us: youngkow's monkey ass
           
Quote:
Originally Posted by Loki047 View Post
I dont use any. I watch for other people trying to join and boot them from the phone.
you're just a spiteful bastard huh?
suh-c is offline  
post #9 of 16 (permalink) Old 12-01-2010, 12:51 PM
CLSB's Florida Chapter.
 
MoparBoyy's Avatar
 
Join Date: Apr 2004
Location: Apopka, Florida
Posts: 22,652
Location: Apopka, Florida
Sportbike: Ducati
Years Riding: 3 days
How you found us: unemployment office
           
Send a message via AIM to MoparBoyy
Quote:
Originally Posted by Loki047 View Post
Evo for the.win
you paying for the service? or hacked it?

-Mopar

1997 Dodge Viper GTS
2013 Dodge Dart Rallye
MoparBoyy is offline  
post #10 of 16 (permalink) Old 12-01-2010, 03:08 PM Thread Starter
You got the talkin' done
 
jrock's Avatar
 
Join Date: May 2006
Location: Alaska, WI
Posts: 15,711
Location: Alaska, WI
Sportbike: 2016 Honda Africa Twin & 1979 Honda CB750F
Years Riding: long enough to have fallen off a few times - glad I wear a helmet!
How you found us: Loose Lips Sink Ships, Loose Wires Cause Fires
           
Quote:
Originally Posted by Pocket Rockets View Post
FYI - Clicked on that link and had roughly 70 new explorer windows open up on my computer. Don't know if that was your intention or if someone has gotten to that website.
That doesn't happen when I click on it.

If you ain't with us, then it's just bad news.
jrock is offline  
post #11 of 16 (permalink) Old 12-01-2010, 03:22 PM Thread Starter
You got the talkin' done
 
jrock's Avatar
 
Join Date: May 2006
Location: Alaska, WI
Posts: 15,711
Location: Alaska, WI
Sportbike: 2016 Honda Africa Twin & 1979 Honda CB750F
Years Riding: long enough to have fallen off a few times - glad I wear a helmet!
How you found us: Loose Lips Sink Ships, Loose Wires Cause Fires
           
Quote:
Originally Posted by Arch View Post
False.
security team member's response:

I didn’t really have room to explain in full in the notification but the real answer is “yes and no” to whether or not access-point encryption helps avoid the problem. WPA takes advantage of per connection encryption so access points that use this (which most modern aps default to) will be safe. WEP on the other hand helps prevent anyone without the key from snooping on the session – but if the attacker has the key then you are correct, it does not prevent interception.

Further, even if WPA is enabled, an attacker could use ARP cache poisoning to man-in-the-middle all traffic and effectively intercept session.

The only real fix is persistent, end to end encryption (i.e., TLS or SSL).

If you ain't with us, then it's just bad news.
jrock is offline  
post #12 of 16 (permalink) Old 12-01-2010, 03:29 PM
Irony helps us play!
 
Arch's Avatar
 
Join Date: Jan 2006
Location: N'ville
Posts: 29,510
Location: N'ville
Sportbike: 2000 F4
Years Riding: Long enough to know better
How you found us: some hot MILF whispered it in my ear
           
Quote:
Originally Posted by jrock View Post
The only real fix is persistent, end to end encryption (i.e., TLS or SSL).
True and there are other end-to end encryption methods as well (ssh for example). An (in the middle) access device doing it with the client is not secure as you don't know who's watching on the wired/wan side

Everyone Exaggerates

We're being taken for a ride... agaaaaaaain.....


Best Auto/Moto Insurance | Motorcycle Protection Today | FREE Trade-In Quote
Arch is offline  
post #13 of 16 (permalink) Old 12-01-2010, 03:42 PM
he who is absent foreskin
 
Loki047's Avatar
 
Join Date: Jul 2008
Location: Northshore - Deerfield
Posts: 5,704
Location: Northshore - Deerfield
Sportbike: Z1000
Years Riding: 3 years
How you found us: Search Engine
           
Send a message via AIM to Loki047
Quote:
Originally Posted by MoparBoyy View Post
you paying for the service? or hacked it?
I pay for unlimited data.

Jordan
Loki047 is offline  
post #14 of 16 (permalink) Old 12-01-2010, 03:43 PM
he who is absent foreskin
 
Loki047's Avatar
 
Join Date: Jul 2008
Location: Northshore - Deerfield
Posts: 5,704
Location: Northshore - Deerfield
Sportbike: Z1000
Years Riding: 3 years
How you found us: Search Engine
           
Send a message via AIM to Loki047
Quote:
Originally Posted by suh-c View Post
you're just a spiteful bastard huh?
Extremely

Jordan
Loki047 is offline  
post #15 of 16 (permalink) Old 12-01-2010, 04:22 PM
CLSB's Florida Chapter.
 
MoparBoyy's Avatar
 
Join Date: Apr 2004
Location: Apopka, Florida
Posts: 22,652
Location: Apopka, Florida
Sportbike: Ducati
Years Riding: 3 days
How you found us: unemployment office
           
Send a message via AIM to MoparBoyy
Quote:
Originally Posted by Loki047 View Post
I pay for unlimited data.
blah, its like another $29 a month for the hotspot? not worth it.

-Mopar

1997 Dodge Viper GTS
2013 Dodge Dart Rallye
MoparBoyy is offline  
post #16 of 16 (permalink) Old 12-01-2010, 06:02 PM
he who is absent foreskin
 
Loki047's Avatar
 
Join Date: Jul 2008
Location: Northshore - Deerfield
Posts: 5,704
Location: Northshore - Deerfield
Sportbike: Z1000
Years Riding: 3 years
How you found us: Search Engine
           
Send a message via AIM to Loki047
Quote:
Originally Posted by MoparBoyy View Post
blah, its like another $29 a month for the hotspot? not worth it.
Yeah i know root FTW

Jordan
Loki047 is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Chicagoland Sportbikes forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome