Security (was Re: [TriLUG] who else is experimenting with the sharp zaurus?)

Andrew C. Oliver acoliver at apache.org
Fri May 17 11:31:34 EDT 2002 

David A. Cafaro wrote:

> Here is a scenario (this depends on how close your house is to the 
> street).  A van that is painted to look like a bellsouth truck (or 
> name your utility) pulls up into your neighbor hood and stops on the 
> corner.  It sits there for say 45mintues 1 hr and drives away.  What 
> could that truck have done?

;-) my wireless net doesn't really work in the front yard that well :-)

>
> 1. 45minutes to 1 hr is enough time to pull out your WEP keys from 
> your WIFI network and have full access to traffic on your net (except 
> the SSL stuff).  Can also now go behind your firewall (depending on 
> setup) and behave as a normal internal network client.  Unless you 
> change your WEP key, he/she now has easy access to your private net 
> when ever they feel like driving by again.

yeah all the stuff I don't do over VPN (work stuff) or SSL is generally 
ending up public anyhow.  Now if they hacked into my desktop (since 
they'd be behind my firewall) that would be a bit more interesting, but 
we generally bank on line over SSL.  

Lets talk likelyhood per amount of effort.  Its fairly unlikely I'd be a 
target due to the pure lack of gain.  General hacking over the net is 
another story because kids in Korea can do it with little chance of 
getting caught and low skill and effort so the low pay off (being 
annoying) is probably worth it.

Heck with older portable phones I used to sometimes pick them up on my 
FM radio...  Just not really worth doing for the most part.

>
> 2. If you have standard Analog Cordless phones, if you happened to 
> make a call to your bank, he/she could now have full records of your 
> bank account number, pin and pass code depending on the conversation.  
> Also any other phone conversations.

Nope my cordless phones get dropped in water at least once every 2 
years.  We boiled one once..

>
> 3. That may even be enough time to break into some digital cordless 
> phones, though I'm not as well versed on that stuff.

Then they'd hear me tell 1,000,000 telemarketers never to call me again.  

>
> Multiply that by say 2-8 houses depending on how big each lot is and 
> how big of an extended antenna the van has hidden inside.  Now it may 
> not be worth while for someone to go to all the trouble of scanning, 
> but maybe it is in a more well todo townhouse/condo type area?  I'm 
> certainly not protected 100% against any of this, but I am aware of 
> the risk I run with having WIFI and Cordless phones.  You just have to 
> be aware of it, and gauge your risk.  Might be a good argument for a 
> VPN over the wireless to a Linux authentication server :-). 


Now I have a better question.  How do I extend my vulnerability (my 
wireless network) further into my backyard without more wires?   I've 
got the Linksys wireless hub/cable router and it works okay but about 
half way into the back yard it quits (and its not very fast).  Is there 
some form of wireless repeater that will communicate with a base and 
client so that the signal strength is increased and extended?   :-)  

-Andy

>
>
> At 10:58 AM 5/17/2002, you wrote:
>
>> Have there been any cases of this?  My wireless network extends into 
>> my back yard.  I have the security pretty low.  For one, if you're in 
>> my back yard long enough to hack behind the firewall, I have a bigger 
>> problem.  WHAT are you doing in my backyard!
>>
>> Secondly all sensitive transactions I do are over SSL anyhow, so if 
>> you're back there long enough to crack the 128 bit encryption on my 
>> banking...again WHAT are you doing in my backyard!  :-)
>>
>>
>> M. Mueller wrote:
>>
>>> On Friday 17 May 2002 09:41 am, you wrote:
>>>
>>>
>>>
>>>> far.  I have gotten kismet working which is a wireless network sniffer
>>>> and found 3 networks around my house.
>>>>
>>>
>>> YIKES!  How's that for privacy?
>>>
>>> Here's another: call bank on wireless analog phone, enter ID and 
>>> PIN, get information, end call.  Someone with a baby monitor might 
>>> have heard your tone entries.  Someone more evil might have recorded 
>>> the conversation and now has information that can be used to steal 
>>> your identity.
>>>
>>>
>>
>>
>>
>> _______________________________________________
>> TriLUG mailing list
>>    http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ:
>>    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
>
> _______________________________________________
> TriLUG mailing list
>    http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>

More information about the TriLUG mailing list