![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cellioGo read ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.
No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
(no subject)
Date: 2010-10-28 03:18 am (UTC)(no subject)
Date: 2010-10-29 01:42 am (UTC)