Security (was Re: [TriLUG] who else is experimenting with the sharp zaurus?)

David A. Cafaro dac at cafaro.net
Fri May 17 11:14:35 EDT 2002


Here is a scenario (this depends on how close your house is to the 
street).  A van that is painted to look like a bellsouth truck (or name 
your utility) pulls up into your neighbor hood and stops on the corner.  It 
sits there for say 45mintues 1 hr and drives away.  What could that truck 
have done?

1. 45minutes to 1 hr is enough time to pull out your WEP keys from your 
WIFI network and have full access to traffic on your net (except the SSL 
stuff).  Can also now go behind your firewall (depending on setup) and 
behave as a normal internal network client.  Unless you change your WEP 
key, he/she now has easy access to your private net when ever they feel 
like driving by again.

2. If you have standard Analog Cordless phones, if you happened to make a 
call to your bank, he/she could now have full records of your bank account 
number, pin and pass code depending on the conversation.  Also any other 
phone conversations.

3. That may even be enough time to break into some digital cordless phones, 
though I'm not as well versed on that stuff.

Multiply that by say 2-8 houses depending on how big each lot is and how 
big of an extended antenna the van has hidden inside.  Now it may not be 
worth while for someone to go to all the trouble of scanning, but maybe it 
is in a more well todo townhouse/condo type area?  I'm certainly not 
protected 100% against any of this, but I am aware of the risk I run with 
having WIFI and Cordless phones.  You just have to be aware of it, and 
gauge your risk.  Might be a good argument for a VPN over the wireless to a 
Linux authentication server :-).

At 10:58 AM 5/17/2002, you wrote:
>Have there been any cases of this?  My wireless network extends into my 
>back yard.  I have the security pretty low.  For one, if you're in my back 
>yard long enough to hack behind the firewall, I have a bigger 
>problem.  WHAT are you doing in my backyard!
>
>Secondly all sensitive transactions I do are over SSL anyhow, so if you're 
>back there long enough to crack the 128 bit encryption on my 
>banking...again WHAT are you doing in my backyard!  :-)
>
>
>M. Mueller wrote:
>
>>On Friday 17 May 2002 09:41 am, you wrote:
>>
>>
>>
>>>far.  I have gotten kismet working which is a wireless network sniffer
>>>and found 3 networks around my house.
>>>
>>
>>YIKES!  How's that for privacy?
>>
>>Here's another: call bank on wireless analog phone, enter ID and PIN, get 
>>information, end call.  Someone with a baby monitor might have heard your 
>>tone entries.  Someone more evil might have recorded the conversation and 
>>now has information that can be used to steal your identity.
>>
>>
>
>
>
>_______________________________________________
>TriLUG mailing list
>    http://www.trilug.org/mailman/listinfo/trilug
>TriLUG Organizational FAQ:
>    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html




More information about the TriLUG mailing list