GoFuckYourself.com - Adult Webmaster Forum - View Single Post - anyone who used there laptops in phoenix READ THIS

onlineriches · 04-02-2008, 12:44 PM

As mentioned above using public Wi-Fi of any kind including passworded is asking for trouble. A router's WEP/WPA encryption key can be cracked in less than 10 minutes, allowing the attacker to sniff all packets being transmitted through the air.

If a site login form uses SSL, the credentials will be protected, however not all sites force SSL logins.

Rowan was on point when he said data can be added or modifed when passing through the third party device. Special firmware placed on a basic router can insert malicious code to compromise specific browsers such as Safari, IE, or Firefox and execute malware on a target system. Simply opening your browser and visiting any site while connected to this network may be all it takes to become compromised.

For my final project last year we had the task of creating and playing with Linksys firmware to accomplish certain tasks, such as loading websites upside down and reversing graphics or fonts, replacing the sites graphics with our own custom graphics, and hijacking DNS requests for destination sites as well as monitoring all traffic.

Some tips for when on the road:

- Always use a VPN to encrypt all data on strange networks (http://www.steganos.com)
- Use foreign DNS servers, not the devices DNS server
- Do not use common browsers such as IE, Firefox, or Safari
- Kaspersky Internet Security Suite
- Avoid logging into sites which do not use SSL to protect credentials
- Ensure you do not use anyone elses USB devices or CDs (malware loaded autorun)
- Use common sense
- TRUST NO ONE >8)

04-02-2008, 12:44 PM
onlineriches Confirmed User Join Date: Apr 2006 Posts: 308	As mentioned above using public Wi-Fi of any kind including passworded is asking for trouble. A router's WEP/WPA encryption key can be cracked in less than 10 minutes, allowing the attacker to sniff all packets being transmitted through the air. If a site login form uses SSL, the credentials will be protected, however not all sites force SSL logins. Rowan was on point when he said data can be added or modifed when passing through the third party device. Special firmware placed on a basic router can insert malicious code to compromise specific browsers such as Safari, IE, or Firefox and execute malware on a target system. Simply opening your browser and visiting any site while connected to this network may be all it takes to become compromised. For my final project last year we had the task of creating and playing with Linksys firmware to accomplish certain tasks, such as loading websites upside down and reversing graphics or fonts, replacing the sites graphics with our own custom graphics, and hijacking DNS requests for destination sites as well as monitoring all traffic. Some tips for when on the road: - Always use a VPN to encrypt all data on strange networks (http://www.steganos.com) - Use foreign DNS servers, not the devices DNS server - Do not use common browsers such as IE, Firefox, or Safari - Kaspersky Internet Security Suite - Avoid logging into sites which do not use SSL to protect credentials - Ensure you do not use anyone elses USB devices or CDs (malware loaded autorun) - Use common sense - TRUST NO ONE >8)