![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cellioGo read ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.
No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
(no subject)
Date: 2010-10-28 01:34 pm (UTC)I understand that there's a security opening for people to access your login credentials to a variety of sites, but I don't entirely understand whether my own system is at risk. Would you know?
FWIW, I have a Verizon FiOS WIFI network that's password protected with a WEP key. I generally use Google Chrome as my browser, though my kids use IE. That about reaches the limits of what I know about it.
All that said, I live on a rural gravel road where none of the houses nearby is likely to be in range of my WIFI, and there's no casual outside car traffic because it's a dead-end street, so I would think my risk is low anyway...
OTOH, I use a password-protected corporate WIFI at work on IE... but I have no control over the security settings there except on my own laptop.
(no subject)
Date: 2010-10-29 01:53 am (UTC)All that said, given where you live I think you are considerably less vulnerable than many of us.
As for work, I would tend to assume that (1) they probably have it locked down and (2) an employer might be sniffing traffic anyway to see who's abusing the internet access. If it really needs to be private I won't do it from a work machine/network.
(no subject)
Date: 2010-10-30 12:58 am (UTC)Wired connections are safe for one reason only: switches are so cheap that they've all but replaced hubs, and switches won't forward arbitrary traffic normally. There are ways to defeat that in most switches, though, so it might not be wise to rely on this (although you can't easily apply them repeatedly, so if you have 2 or more switches between you and a potential attacker you are probably safe. For now, at least.)
Verizon's Actiontec routers default to WEP, but can be configured for WPA2 Personal in the Wireless settings. Make sure all your devices support WPA2; some portable gaming platforms (for example most/all? Nintendo DS series) only support WEP.