"Free Wi-Fi" Scam In the Wild

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

Free is still free for me

[LinuxGeek]

Well, they would have a really difficult time turning my linux based portable into a zombie. I guess that would be risk free wifi for me, Yeah! Oh, and while in public, I use stunnel to a secure server. Sniff all of the data you want while I use your free wireless.

Re:Free is still free for me

[SuperKendall]

Well, they would have a really difficult time turning my linux based portable into a zombie.

No kidding - is this article really an ad for Linix and/or MacOS X?

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice.

Re:Free is still free for me

Yes Scam the Scammer

Re:Free is still free for me

[Austerity+Empowers]

I agree, I use these all the time at airports (pay for WiFi in an airport with $2 waters and $1.50 small bags of chips? nfw). I know they're up to no good, but good luck trying.

Re:Free is still free for me

stunnel is also vulnerable to man in the middle attacks

Re:Free is still free for me

[spellraiser]

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.

Re:Free is still free for me

"I guess that would be risk free wifi for me..."

No doubt. I always check public APs first with KisMAC if I'm using my MacBook and kismet if I'm using my Linux laptop. I think TFA should not sound so generic. As described, this is a problem for Windows users and it should say it.

Re:Free is still free for me

[singularity]

This is one of the funniest threads I have read in a while, partly because I turned to a friend while reading the Slashdot write-up and said "Wow, they still give Internet access? My machine is secure enough, I would use that instead of paying the $7.95/day they want in some airports!"

Then I read this thread.

And pointed out my UserID to the same friend.

Too bad - I have actually seen that "Free Wi-Fi" ad-hoc network in a few airports in the last month or so (I think in Midway airport in Chicago). I did not join it, since I knew the SSID of the official wireless service (and knew that it was paid access)

In interesting thing to do is to join the network, fire up a Bonjour Browser (or your other favorite ZeroConf browser) and see available services. If people are sharing their iTunes libraries, if they have a ZerConf chat program, and so on...

Re:Free is still free for me

[Nutty_Irishman]

I know what you mean, I use that "Free Wi-Fi" every time I'm in the airport with no problems. Now I have freewifi.exe process running all the time, even when I'm not in the airport! Haha, take that, suckers!

Re:Free is still free for me

[Jon+Abbott]

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.

Four- or less -digit userid! Get it right! :^)

Re:Free is still free for me

[vinmar]

Four-or fewer-digit userid! Get it right!

Re:Free is still free for me

[slyborg]

And pointed out my UserID to the same friend.
...who secretly rolled their eyes and promised self to find cooler friends....

Re:Free is still free for me

[Marxist+Hacker+42]

I think I saw this in Portland while looking for a MetroFi link at the Hilton during the Microsoft Vista Launch. I couldn't get it to connect to my Windows Mobile phone- and now I know why. The OLAP processor probably rejected the ActiveX.

Re:Free is still free for me

[LinuxGeek]

If you use a CA, stunnel is quite secure. If you search, certificates are available for less than $20/year.

Re:Free is still free for me

[AndroidCat]

Hmm. How big is the user id gap lost in the Great Fire or Big Whoops (where my first uid was lost)?

Re:Free is still free for me

[Fbelch]

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.

Yup... your absolutely right!

Re:Free is still free for me

[WaZiX]

if ($userid >= 4 digits)
{
FuckWith($user) = false;
}

There, now we can all agree!

Re:Free is still free for me

[arodland]

I think you inverted your logic. But hey, thanks for the free pass.

Re:Free is still free for me

[Zaatxe]

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.

Oh, my! That's the first time I notice someone with a four-digit userid here! Did he walk with dinossaurs?

On a side note:
AC: How do you know it's a he?
Me: you got to be new here

Re:Free is still free for me

[DamnStupidElf]

...who secretly rolled their eyes and promised self to find cooler friends....

Out of a set of 2030 possible people, right?

Re:Free is still free for me

[chris+macura]

if($user.id <= 9999)
{
$user.fuckwith = false;
}

:-P

Cheers.

Re:Free is still free for me

dude ...
it's like a universal law. man-in-the-middle attacks
are untwartable. there's NO way arond it. even wit quantum
da-ha-ha. with quantum whatnot u can just figure u got someone
in ze middle.
use stunnel what not. if u have a man in the middle ure full open
to being listend in, OBVIOUS!
so ...
by the way, it's with everything u do, EVERYTHING.
"trust makes the world go round (or not mr. scrub)".

Re:Free is still free for me

Too bad - I have actually seen that "Free Wi-Fi" ad-hoc network in a few airports in the last month or so (I think in Midway airport in Chicago). I did not join it, since I knew the SSID of the official wireless service (and knew that it was paid access)

Although that was wise not to join in, don't trust the SSID names either. I could use their name and you would be none the wiser. Maybe even copy thie pages including credit card info.

Nothing wireless can be trusted, use it, VPN through it is OK, but NEVER give out information on it and NEVER trust it -

That being said, my portable is Linux, and I only allow VPN/IPSec in or out. If I can't connect without providing personal information I don't use it.

Re:Free is still free for me

I think he meant: "Out of a set of 6 billion - 2030 possible people"

Re:Free is still free for me

None of this will protect you from a man-in-the-middle attack.

Re:Free is still free for me

[Intron]

This isn't a Win vs. Lin issue. Stunnel is available for Windows, too. What happens when you think you are on a free network, you try to Stunnel to your server, and you get the error:

WARNING: DSA key found for host ftp.initech.org
in /home/intron/.ssh/known_hosts:35
DSA key fingerprint 67:12:6f:2c:cd:a1:67:8b:ea:86:c8:b8:8b:c3:9d:34.
    The authenticity of host 'ftp.initech.org (206.246.226.45)' can't be established,
but keys of different type are already known for this host.
RSA key fingerprint is 02:a9:63:fe:6f:2e:ae:f4:53:4c:9c:8b:8b:7d:5c:8e.
    Are you sure you want to continue connecting (yes/no)?

Do you say "I must be the victim of a man-in-the-middle attack?" or do you say "Someone must have updated the key on the server"

Lots of people will hit yes and continue, cause they really need to log in and download that confidential financial report with all of the account numbers and passwords in it. Then they're hosed.

Re:Free is still free for me

[HUADPE]

A much better trick I found while stuck in Houston for a few hours was finding the nearest chair and plug to one of the airline "clubs" that offer free wireless. Sit outside and bask in the electromagnetic waves of free internet.

Re:Free is still free for me

I have actually seen (and used) one of these wireless access points at an airport, I think it was either Providence or Baltimore. I had my suspicions on its legitimacy and actually considered that it might be acting as a proxy to try and gather private data. I can't remember if I tried to ssh from it, but I didn't stay connected for long. Typically if someone is attempting a man in the middle attack, it is pretty noticeable. Here is an example (derived from the example above) Note: The lameness filter made me take out a lot of the @ symbols used in this message.

@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@
The RSA host key for ftp.initech.org has changed,
and the key for the according IP address 206.246.226.45
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/intron/.ssh/known_hosts:35
@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
02:a9:63:fe:6f:2e:ae:f4:53:4c:9c:8b:8b:7d:5c:8 e.
Please contact your system administrator.
Add correct host key in /home/intron/.ssh/known_hosts to get rid of this message.
Offending key in /home/intron/.ssh/known_hosts:7
RSA host key for ftp.initech.org has changed and you have requested strict checking.
Host key verification failed.

Re:Free is still free for me

[Nirvelli]

I also ran into a network like this, at John Wayne Airport in Orange County.
I noticed that it was kind-of suspicious because (1)It had horrible bandwidth, and (2) it was computer-to-computer.
I was a bit surprised to see this on slashdot though.

Re:Free is still free for me

[mcrbids]

That's funny. But I have something even funnier.

I'm a software developer, and we present our products at a number of tradeshows. One of our products is server-based, and at the time, Internet connections were spotty at best, so I set up a duplicate of the server on a laptop. Combined with a pocket-wifi spot, it acted as a hotspot, with all routing tables mapping to self.

In short, it was its own entire Internet, with a single IP address. DNS was configured so that * mapped to that one IP address. The name of the hotspot was our company. So if you connected to this "hot spot", you got our website (hosted locally) no matter what address you went to.

We had problems at these conferences, with other vendors accusing us of hacking their websites, or hijacking the Internet! Some of the situations were simply comical!

Anyway, it's not hard to do, if you're familiar with Linux services. It took me a few hours to set it all up and test it.

Re:Free is still free for me

[necro2607]

err, debugged:

if ($userid = 4 digits)
{
FuckWith($user) = false;
} ;)

Re:Free is still free for me

[Some+guy+named+Chris]

Braggart.

Re:Free is still free for me

I don't understand how a windows computer could become a zombie simply by having filesharing enabled. I supposed an attacker could place an executable on a user's writeable share directory, but the user would still have to run the executable in order for his or her computer in order to actually become "infected". The only thing I can see this type of ad-hoc sharing being good for is to snoop personal information either by acting as a proxy for the user or sniffing unencrypted traffic.

Re:Free is still free for me

[Reverend528]

err, debugged:

if ($userid = 4 digits)
{
FuckWith($user) = false;
}

Not really, you've just introduced another bug in assigning 4 digits to every user id. and it's still assigning false to a function call, which makes no sense.

Re:Free is still free for me

I think he meant: "Out of a set of 6 billion - 2030 possible people"

I think he meant that the lower one's ID is, the cooler they are. The original guy was #2031 on Slashdot, so theres 2030 people cooler than him here somewhere ;)

Re:Free is still free for me

[Phroggy]

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot. Thanks, I'll, uhh, keep that in mind.

Re:Free is still free for me

[Alan]

Four digit UID?

Bah, kids these days.

Re:Free is still free for me

[radish]

I don't like assigning values to functions :)

user.fuckWith = userId.length() <= 4;

Re:Free is still free for me

[RAMMS+EIN]

Ow, come on. Just because you're jealous that they have a lower ID than yours doesn't mean you should go telling people not to fuck them.

Re:Free is still free for me

[Phroggy]

Yeah, hi.

Re:Free is still free for me

What's wrong with
user.fuckWith = userId > 9999;

And I thought it's the low numbers you don't want to bother.

Re:Free is still free for me

[aeoneal]

I dunno. Linux zombies of the badger variety have been around for some time ;-)

Re:Free is still free for me

[greg_barton]

Hush up, kiddo. Your jealousy shows.

Re:Free is still free for me

[Main+Gauche]

"The next time I see a "FreeWiFi" I'll jump on and thank them hardily"

That's not the thanks they were looking for.

Re:Free is still free for me

[bitingduck]

I've seen it a couple times in LAX and Burbank. It shows up pretty obviously as a computer to computer network in OS X. I tried at least once to exploit it (from OS X) to surf but it wasn't actually hooked up to the world.

Re:Free is still free for me

[alienmole]

No, he meant that someone who has to brag about their /. uid doesn't really qualify as cool.

Re:Free is still free for me

[alienmole]

Aren't you going to tell us to get off your lawn?

Re:Free is still free for me

[Degrees]

Bummer is that I was at a conference this last weekend, and someone there clobbered us this way. I saw the Free Wi-Fi network, but didn't bother connecting as I knew the conference network had a different ID. Still, the infected machine completely clobbered the wireless access point. My four hours for training to ssh into the server and install/configure/test turned into less than ten minutes of connectivity and a whole bunch of presentation slide watching.

Re:Free is still free for me

[Per+Abrahamsen]

You don't have a four digit /. user id, you are not cool.

Re:Free is still free for me

[Phil06]

More smug than a San Francisco bicyclist with a four digit /. used ID

Re:Free is still free for me

[foamrotreturns]

/me thanks heaven (and Mark Shuttleworth) for Ubuntu.
You know, this attack has been around for a LONG time, but in an even deadlier form called the Evil Twins attack. Basically, an Evil Twins attack involves the attacker creating an access point (NOT an ad-hoc network) out of one network card, and using a second to relay that traffic to the real AP. They set their rogue AP's SSID to the same string as the target network, making client computers completely unaware that they are on a rogue network, and likely to connect to the rogue AP, even if they have their computers set to only connect to "trusted" networks. For the more anal clients that check the MAC address of the AP, that can be spoofed too.
More info on the Evil Twins attack: http://www.pcworld.com/article/id,120054-page,1/ar ticle.html
This is why it's always in your best interests to tunnel ALL your traffic to a remote, known-secure connection whenever you are on any kind of wireless network.

Re:Free is still free for me

[bendodge]

if ($userid >= 4 digits)
{
FuckWith($user) = false;
}

There, now we can all agree! Since we're all fixing the "4 digits" and ">" parts, let me do it in GML:
if StringLength(userid) <= 4
{
F***With(user)=0;
}
And userid isn't a string, but GML doesn't have $ signs for string anyway!
Thbbbbpt.

Re:Free is still free for me

[necro2607]

sorry dude, slashdot messed with my post, I had [less-than symbol]= but looks like it parsed my less-than symbol as HTML (even though I selected "plain text" mode)..

Re:Free is still free for me

[Lord+Flipper]

hardily

...heartily

No offense, nothing personal... every 2000 (or so) illiterate spellings something just 'clicks' and then resets.

Re:Free is still free for me

[mybadluck22]

<?php

function FuckWith(&$user)
{
return ($user->id >9999);
}

?>

I guess...

Re:Free is still free for me

[yet+another+coward]

Fewer, tool.

Re:Free is still free for me

[gwyrdd+benyw]

In real languages, functions can handle returning l-values just fine. In fact, this can even be done in perl, which resembles the syntax that you are using above (e.g. $variables).

Re:Free is still free for me

[mibus]

Can you be my friend?

(Please?)

Avoid ad-hoc connections

[GreyPoopon]

To avoid this, just avoid ad-hoc connections. That will work until the perps start using Infrastructure (Access Point) connections with a bridge to the real one. You can even set up Windows XP so that it won't allow you to make ad-hoc connections.

Re:Avoid ad-hoc connections

[Wanker]

Uh, they already use Infrastructure connections. Bummer, eh?

Even worse, their 200mW cards will out-power the real 40mW access points so Windows will prefer to use the attacker's "closer" "access point".

http://www.remote-exploit.org/backtrack.html

Re:Avoid ad-hoc connections

[drinkypoo]

And also note that Windows XP doesn't even let you BE an Access Point unless you use one of the like two wireless chipsets for which there is still a management utility (i.e. you're not forced to use the Windows XP wireless networking.) I was somewhat dismayed when I ugpraded my laptop from win2k to winxp and found that I could no longer be an access point. Then I went to linux, and now my nic doesn't work at all! Now that's progress. (Someday I'll see if ndiswrapper will do the job, but I am using a centrino machine now.)

Re:Avoid ad-hoc connections

[GreyPoopon]

Even worse, their 200mW cards will out-power the real 40mW access points so Windows will prefer to use the attacker's "closer" "access point".

Wouldn't this make it easier for a security force to locate perpetrators?

Re:Avoid ad-hoc connections

[Zadaz]

Are there security forces with RF triangulation gear?

At best security would walk around looking for people using laptops and ask them what they're up to. With a 200mW signal that's a much larger area to patrol. Of course the perps run it in their travel bag so no one will see it.

Re:Avoid ad-hoc connections

[bfields]

To avoid this, just avoid ad-hoc connections.

Only connect to networks you can trust, right? Because school and office networks are never hacked....

No thanks. I'd rather connect to whatever network I like, and rely on end-to-end authentication; all the convenience of being able to use any network, and *more* secure. What a deal.

Re:Avoid ad-hoc connections

[Wanker]

Wouldn't this make it easier for a security force to locate perpetrators?

Guess what happens when the attacker sees a bunch of guys running around with RF triangulation gear?

It's very hard to zero in on the location without giving away what you're doing since it involves changing position, checking signal levels, and repeating the process. When the attacker sees this, all he has to do is power off the live-Linux-based Backtrack and poof! All the physical evidence of his misdeed is gone and now he's just another traveler finishing his E-mail and heading off in search of an overpriced soda.

Re:Avoid ad-hoc connections

[maxume]

I imagine it would be possible to do a reasonable imitation of casual while wondering around with a pda for a few minutes:

http://www.stumbler.net/readme/readme_Mini_0_4_0.h tml

There are probably even better solutions out there that tell you which way to go, without you actually having to think "Stronger signal down that hall" or whatever.

Re:Avoid ad-hoc connections

[samkass]

I fell for this one at the Huntsville, AL airport yesterday. The "scan" functionality on my wireless card (which doesn't use the standard XP wireless panel) doesn't differentiate ad-hoc and infrastructure networks, so I actually voluntarily joined myself to the network. Luckily I don't have any open shares and have good firewall software, but it's really easy to make this mistake when you're desperate for connectivity.

Incidentally, the "real" airport wireless signal was completely drowned out, so even if you connected to correct SSID on the infrastructure point you got no connectivity because the ad-hoc network was stomping on all the bandwidth.

Re:Avoid ad-hoc connections

[AndroidCat]

Note to self: turn off sonic screwdriver sound-effect when Palm is scanning.

Re:Avoid ad-hoc connections

[ewanm89]

All you need is a laptop with a hidden directional antenna. Connect, watch the signal as you turn the antenna around, head in direction were it is strongest and if you see a drop scan a bit more. Works for any radio signal as long as you have a receiver (hand held scanner) with a meter on the right frequency. The only problem is for most people modifying/replacing your antenna on your wireless card is illegal as it is a transmission device.

Re:Avoid ad-hoc connections

[morgan_greywolf]

ndiswrapper will do the job, and works just fine with centrino (2100) chipsets.

Re:Avoid ad-hoc connections

[drinkypoo]

the centrino is working fine. I have a wonky prism-based PCMCIA card for my other machine (it's an Avaya card) and it's the one that's not working.

Re:Avoid ad-hoc connections

[karnal]

No, the grandparent to this post is stating that you should specify the card to only accept "infrastructure" connections.

That will bypass any ad-hoc connections presented to the wireless card/utility. And if you're using an ad-hoc network in your business.... ew.

Re:Avoid ad-hoc connections

[bfields]

No, the grandparent to this post is stating that you should specify the card to only accept "infrastructure" connections.

Fair enough. The point still stands, though: what I personally want my laptop to do is connect to whatever network works, and not limit itself by silly ideas as to which is more "secure"; the security should be end-to-end. The idea of relying on the network itself for the security of anything more important than, say, my slashdot id, is a little frightening anyway.

Great!

[Rob+T+Firefly]

Now I can take a well-configured Linux lappy to the airport, hook up through these bad guys, and make extra sure to do everything illegal, immoral, and dangerous I can think of over their pipe without a smidgen of guilt. Woo and yay!

Re:Great!

[LinuxGeek]

Now I can take a well-configured Linux lappy to the airport, hook up through these bad guys, and make extra sure to do everything illegal, immoral, and dangerous I can think of over their pipe without a smidgen of guilt. Woo and yay!

Sounds like a great idea. If you have enough time between flights you may want to fire up nmap and nessus against *.fbi.gov and *.cia.gov and just wait... and watch...

Re:Great!

[AusIV]

This assumes they're actually connected to the internet. If all you're trying to do is make a bot out of somebody's laptop, you just have to get them to connect to you long enough to transfer some files. Eventually they'll figure out that there was something wrong with that access point, but most people wouldn't think the access point had infected their computer, just that it was down at the moment.

That said, if you can actually get a connection using such an access point, I'd say there's no better connection for doing dubious deeds.

Whatever happened to free airport Wi-Fi?

[sokoban]

Does anyone in here remember when airports used to usually have free wireless internet access? In 2001, it seemed like most of the nice airports offered free wireless access as a courtesy to customers, but now the only one I see doing that is my local airport (bluegrass int'l). Now every other airport seems to have some silly $15 wireless internet access service. Even expensive hotels now are starting to charge for wireless access, though they usually still have free wired access.

That's it, I'm sick of all this mother fucking nickel and dimeing in these motherfucking airports.

Re:Whatever happened to free airport Wi-Fi?

[CRCulver]

Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent.

Re:Whatever happened to free airport Wi-Fi?

[LegionX]

Maybe that's one of the reasons for the nickel'in and dime'in.

Re:Whatever happened to free airport Wi-Fi?

[sokoban]

I just looked it up and found a nice list of US airports that have free access:
http://www.travelpost.com/airport-wireless-interne t.aspx

It also has international airports, neato.

Re:Whatever happened to free airport Wi-Fi?

Some airports still have them. The bluegrass airport in Lexington, Kentucky still does.

Re:Whatever happened to free airport Wi-Fi?

But isn't that the way these things always work?

If you're the only one offering a service people want, you can charge a lot for it.

When competition starts moving in, you try to beat them by lowering prices.

When lowering prices doesn't work anymore, you offer it for free.

Finally when EVERYONE'S offering it for free or for a negliable fee and you're no longer "better than everybody else" service, feature or price-wise, there's no point in offering it for free so you can start charging for it again.

Re:Whatever happened to free airport Wi-Fi?

[sokoban]

Which I mentioned in my post. I live in Lexington.

Re:Whatever happened to free airport Wi-Fi?

[paeanblack]

Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent.

It's that kind of juvenile behavior that kills off free wi-fi services. They are there for people to check itineraries, keep in touch with their friends/family/colleagues, and other minor conveniences. They don't exist for jackasses to park on for days to download movies.

"Free to use" does not mean "Free to abuse". If you want more bandwidth, pay for it yourself.

Re:Whatever happened to free airport Wi-Fi?

[CastrTroy]

They got rid of it because they realized they have a monopoly on internet access and flights, so there's no point in giving away the internet. It's not like people are going to go to a different airport if the other one has free internet. You go to the airport that your plane flies out of. and usually there's only 1 major airport in each city.

Re:Whatever happened to free airport Wi-Fi?

[CRCulver]

Vienna has offered this connection for years now with no terms of service to agree to, no throttling of bandwidth, and no firewalling. They really don't care what it's used for, and it's obviously not threatening profitability.

Re:Whatever happened to free airport Wi-Fi?

[timbck2]

It's generally the smaller airports that do. Albuquerque International Sunport (ABQ) for example.

Re:Whatever happened to free airport Wi-Fi?

[Z1NG]

Here you have to get there 36 hours early just to get through security in time.

Re:Whatever happened to free airport Wi-Fi?

[anagama]

Aside from the jackass component, how about the idiocy? Personally, I'd much rather pay for a few dvds than sit in an airport for 36 hours to get them "free".

Re:Whatever happened to free airport Wi-Fi?

[WMD_88]

Ft. Lauderdale International Airport still had free wi-fi as of March 2006.

Re:Whatever happened to free airport Wi-Fi?

I got to the airport 36 hours early so I could get several films through Bittorrent

Your time must be worth very little to you.

Re:Whatever happened to free airport Wi-Fi?

[MotorMachineMercenar]

"Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent."

So let me get this straight: you're in Vienna, arguably one of the best cities in all of Europe full of hot Viennese chicks and excellent Austrian beer. Instead of perusing that selection you CAMP OUT ON A FRIGGING AIRPORT FOR ONE AND A HALF DAYS DOWNLOADING PR0N.

You, sir, are either the biggest loser ever to tread this earth, or the King of Geeks.

P. T. Barnum...

[eviloverlordx]

said it best: "A sucker is born every minute".

Re:P. T. Barnum...

[TodMinuit]

Thanks to Windows, they are unknowingly born every clock cycle. And so goes the easy-of-use vs. security tango.

Re:P. T. Barnum...

[NoTheory]

Odd, because P.T. Barnum probably never said that.

Re:P. T. Barnum...

[CodeArtisan]

said it best: "A sucker is born every minute". Except P.T. Barnum never said this.

http://www.historybuff.com/library/refbarnum.html/

Re:P. T. Barnum...

[Lorkki]

And so goes the easy-of-use vs. security tango.

If I'm not mistaken, it's a song that Microsoft themselves started. No wonder really, because their real problem is that they can't let go of native backwards-compatibility with ancient APIs or they stand to risk losing their lock-in status with customers. Without that obstacle, they could've gotten rid of much of their security problems long ago.

Due all respect, I'd say that Mac OS X and current desktop-oriented Linux distributions are all more secure and easier to use than Windows XP.

Washington Dulles too

[Hokie06]

I've seen this in the B terminal of Dulles Airport, everytime I fly out. I guess it could be someone who works there or something. But since it was ad-hoc I never connected.

Re:Washington Dulles too

[flynt]

I've seen this in the B terminal of Dulles Airport, everytime I fly out.

Are you sure it's not you?

Re:Washington Dulles too

[The+MAZZTer]

I saw one at Logan Intl (Boston). I couldn't connect to the Internet through it, it disappeared right after I tried to use it, ha. I don't think I have to worry about my portable being a zombie though, since it's a Nintendo DS. :)

Not that hard in Vista

[jfurdell]

When you connect to a network, a little wizard pops up asking you if it's "Home", "Work", or "Public Location". Choose Public Location and sharing will be disabled automatically.

Re:Not that hard in Vista

[Pxtl]

That's very nice. How considerate of them to make a workaround to avoid the fact that machines on your local network can pwn your OS and turn it into a zombie by using a service that was supposed to provide the 40+-year-old concept of transferring files.

If I implement file and printer sharing on my PC, I think it's reasonably fair to expect it to (a) share the files in folders I have marked shared, and (b) share the printers I have marked shared... and nothing else.

Re:Not that hard in Vista

[Llywelyn]

...just what I need, another pop-up to deal with when I start up the computer.

Re:Not that hard in Vista

[jimicus]

No kidding. I get this every so often from people at work: "How can I stop C: on my PC from being shared?". I don't mind saying "You can't" (straight up, on an NT4/Samba domain you can't do that - don't know if it's still true for Active Directory domains), what I do mind is having to justify why you can't - after all, the next question is always "Why not?".

Re:Not that hard in Vista

[nine-times]

Excellent point. In a similar vein I've always wondered if software-based client firewalls are a step in the wrong direction. Shouldn't these ports be closed by default? And if you do open them for a particular service, shouldn't we expect that the service would be fairly secure? I mean, sure, if you enable remote logins on your machine, leave the admin/root password blank, and go around hooking up to strange/open wireless networks, you're asking for trouble. It doesn't matter if it's in an airport or whether it's an ad-hoc network. You could be in your own home connected to your own wireless network, and if the network is open and your computer is insecure, anyone within range can have full access to your computer.

Re:Not that hard in Vista

"How can I stop C: on my PC from being shared?"

Have your firewall drop TCP/UDP traffic on ports 135, 137:139 and 445 like the viral plague it is.

Re:Not that hard in Vista

I've managed it.
1. Become SYSTEM.
2. Open explorer to My Computer
3. Open share properties (be careful: do not open folder security)
4. Open share security
5. Change permissions to deny for all.

Re:Not that hard in Vista

[DavidTC]

The entire thing is fucking absurd. I'm sorry, but the idea that people walk around with insecure machines they have to add something to do close ports is just mind-boggling.

Re:Not that hard in Vista

[OmnipotentEntity]

Why is it that you have to hack a solution in Windows (using, of all things, a commandline (you need the "at" command to become SYSTEM) oh the irony)? When in Linux you can configure samba using only (web-based) GUI tools.

This begs the question though, what happens when you open Security? (Probably crashes explorer.exe)

Seriously, people actually pay money for Windows?

Re:Not that hard in Vista

Where is the point-n-click option? That's too hard! Windows is suppose to be easy! That sounds like what those "hippies" have to do in Linux. This sucks.

Re:Not that hard in Vista

This begs the question though, what happens when you open Security?

It raises the question. To beg the question means something completely different.

Re:Not that hard in Vista

Yeah, like those dubasses running Linux who havent ADDED iptables or similar packet filter packages.

Still think your so damn witty?

Re:Not that hard in Vista

[MightyYar]

From the article you pointed to:

Modern usage

More recently, "begs the question" has been used as a synonym for "invites the question" or "raises the question," or to indicate that "the question really ought to be addressed." In this usage, "the question" is stated in the next phrase. For example: "This year's budget deficit is half a trillion dollars. This begs the question: how are we ever going to balance the budget?" This usage is often sharply criticized by proponents of the traditional meaning, but it has nonetheless come into common use as a result of its use in the media, especially by people unaware of its original use. Argument over whether this usage should be considered incorrect is an example of the debate between linguistic prescription and description.

I think it's fair to say that we knew what he meant, and there was no reason to correct him. You added nothing to the conversation, whereas he did.

Red flags on first page of article

I'm not going to bother reading the whole thing because the first page was so bad.

1) They'll be able to read your user names and passwords for financial web sites
Only if you're dumb enough to not use SSL.

2) Having file-sharing on will allow them to make you into a zombie
Only if you have your shares horribly misconfigured.

3) The hacker will change your wi-fi settings
Again, only if you have your shares horribly configured.

*Maybe* Windows is broken enough to allow someone to do this just based on a single wi-fi connection, but I doubt it.

-Andrew

A marketing exploit. Sorta

[hypermanng]

I've never seen anything pernicious and accidental* come into a corporate network except through the marketing folks. They always seem to be the ones who like the use gadgets they don't understand, leave extraneous services on because they seem kinda neat and so on. They're exactly the sort of people who connect to ad-hocs all day long. After all, if their computer is compromised, it's IT's problem.

The summary is right - anyone who is a big enough geek to read /. isn't the sort of person the perpetrators are looking for.

*Pissed off IT guys have occasionally been foolish enough to actually sabotage their employers. This is pure shitting where you eat, no matter how big an asshole your CEO is (or whatever).

remote host

[TheSHAD0W]

If you have a box that's permanently on the net, a machine at home that's always on, a web server, etc, set your laptop up to always tunnel its connections through it. That way, even if someone 0wnz the connection you're on, so long as your software firewall is good, you're set.

Re:remote host

[Ankur+Dave]

I do this to bypass filtering proxies using an SSH server on my home machine listening on 443, plus Squid on the same machine. The problem is that, since all Web content has to go through my cable modem uplink, Internet access becomes very slow -- 350kbps in my case. So I'm not sure if this solution is practical as an always-on kind of thing.

Re:remote host

[TheSHAD0W]

A web host certainly works better. But considering that this way you're more secure, I strongly recommend it. Remember, any time you're using wi-fi, or even if you're connected to a hard-wired uplink, people can be sniffing your traffic.

The article is not entirely correct

[raddan]

But because you're using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.

While this is true for HTTP, which is in the clear, banking, financial, and e-commerce websites use SSL (or should, anyhow), which makes man-in-the-middle attacks impractical (though not impossible). I have seen these "hotspots" myself, in areas of Boston near hotels, and I've connected to them via my BSD laptop. I wasn't able to actually get any connectivity through them. I've been wondering if these were set up by someone maliciously, or if these are pwned machines. Kinda makes me want to walk around with netstumbler until I find these guys.

Re:The article is not entirely correct

Don't forget, if they have setup the network, then they can also set the DNS server your connection will use. If they have control of the DNS server, they can assign whatever ip address they want to whatever domain name they want, which opens up the door all sorts of naughtiness...

It's been around for a while

[Siener]

I saw this in November in Heathrow airport in London, England - an ad hoc wireless network called "Free Wi-Fi". Obviously I wasn't stupid enough to connect to it.

Re:It's been around for a while

However, you are too stupid to realize that he can't do anything if you connect to a banking site with SSL, and he can't really do much anyway if you just browse the news.

Re:It's been around for a while

Why didn't you walk around until you found the strongest signal and unplug the closest computer? Or, as a true /. reader would do, sit down and talk to the person for a while to see what they can really do?

It would seem to me that unless they are exploiting the known flaw in the Broadcom drivers or have an unknown tunnel into your system, the most they could do would be to drop a file into a shared folder (like StartUp) to activate at a later date. And that would only happen to people who have Full Control/Write and Anonymous Logon access to their c$ share. That's got to be a VERY small percentage of people. But maybe that sit-down and your follow-up report to /. would answer my questions, too.

Re:It's been around for a while

[kalirion]

However, you are too stupid to realize that he can't do anything if you connect to a banking site with SSL, and he can't really do much anyway if you just browse the news.

Couldn't they get access to your gmail account just by you visiting any google site? Of course this assumes that you have cookies turned on.

Universal free wi-fi

[adambha]

And when wi-fi becomes a universally available free commodity (who else is betting on it?) what trickery will we see then?

Relay?

[zlogic]

Or the bad guy could set a relay with the real internet and get all your passwords, that's why I use SSL in public APs. But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

Re:Relay?

[Vellmont]

But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

I never thought about that, but that's an excellent point. It's a good reason not to trust web based mail sites.

In fact, it calls into question the security of all websites, since they start out in unencrypted mode. How often do you check when logging into a secure website that it's really using https, and not http?

Re:Relay?

[indigest]

Most banks offer a SSL encrypted login page but don't explicitly encourage people to use it. For example, if you go Washington Mutual's homepage, you can login, although the login page is not encrypted. With a little bit of digging, however, you can find the SSL encrypted login page. I assume they make you work for the encrypted page to avoid the overhead of creating an SSL connection with every person that happens to visit the WaMu homepage. I am not a web developer, but I think that if a form posts to an HTTPS site, then the form data is encrypted before being sent. However, there is no way to know whether a form intends to post to an HTTPS site except by digging through the page source. Perhaps this is why a lot of banking sites are now using the two page login sequence.

Gmail has a secure login page as well but you have to explicitly type in https in order to get to it.

These open WiFi networks are really scary. A criminal could park his car next to Starbucks with a laptop and an AP in the trunk. The AP would broadcast an SSID with the name "Starbucks" and forward almost all packets transparently. However, for banking websites, the laptop would form an SSL connection to the bank and forward an unencrypted page to the user. A lot of people wouldn't notice that the connection wasn't secure, especially if all other websites seemed to be working fine. I don't know if a hacker would really want to read your Gmail, but he would be thrilled to get the login info for your bank!

It is too easy to get screwed (and not even realize it) using an open WiFi network. At least if you physically lose your credit card or know that a hacker has gotten your information, you can cancel or freeze your accounts. But if you don't know your account has been compromised, it could be totally drained by the time you realize it. My advice is don't do anything requiring a login on an open WiFi network unless you use a secure VPN tunnel to a machine that you trust. Also, don't keep very much money in your checking/ATM account; invest it or put it in a savings account where it is not as easy to clean you out in one shot.

I switched away from Bank of America partially because they required me to enter my card number and PIN as part of the login process. They claimed it was secure because you entered the two pieces of data on two consecutive web pages. But I might not notice if that second page was not SSL encrypted but was otherwise identical to the real page. WaMu requires an Internet-only login and password. If a hacker somehow got my online banking login info, he/she would not be able to clean me out through an ATM. But if my BofA info had been stolen online, they would have been able to make a fake ATM card and withdraw everything in the account.

Another scary thing that I just realized is that phishers could use the same trick that I mentioned above. They could set up a similar sounding banking website except forming an HTTP connection rather than an HTTPS connection. However, they would forward the data so that it would seem to the end user that everything is fine. They could even create an unsigned certificate and use SSL between the phishing server and the user. Of course, the user would have to accept the certificate, but most people just blindly click "Accept", don't they? I don't know if phishers are using this technique yet, but I would definitely watch out for it in the future.

Re:Relay?

[zlogic]

Another scary thing that I just realized is that phishers could use the same trick that I mentioned above. They could set up a similar sounding banking website except forming an HTTP connection rather than an HTTPS connection. The real problem is that most banks wouldn't ask you for ALL personal information that most phishers do, they prefer to copy it from some real document as well as see you in person. The phisher may get you CC number (if it's posted) or some other kind of information, but most banks don't show ALL info online. My bank only shows my name and a 30-digit account number that doesn't mean anything. No expiry date, no address and no CC number.

Re:Relay?

[indigest]

That's great that your bank doesn't transmit any sensitive information over the SSL encrypted connection. However, I know that when I had Bank of America, the default login was your ATM card number and PIN. So I think it's safe to say that at least some of their customers regularly login with their ATM card number and PIN. While you might think that it is the fault of these users for not changing their login/pass from the default, I think BofA also should share a lot of the blame for not FORCING their users to use a different login/pass.

Re:Relay?

[bitingduck]

Most banks offer a SSL encrypted login page but don't explicitly encourage people to use it....
Gmail has a secure login page as well but you have to explicitly type in https in order to get to it.

Huh? The Wells Fargo front page defaults to SSL, as does Gmail-- I just typed "Gmail.com" into two different browsers (one of which I reset first) and got an SSL encrypted page.

Maybe someone at google saw your post and fixed things.

Re:Relay?

Perhaps you should look at what is happening in the http POST, it is https, which is all that matters:

Quick question

[the_humeister]

If you're somehow connected to this ad hoc network, but use encrypted access to other computers, are you still ok? eg. if I ssh to my home computer, or use access an https site am I still ok?

Re:Quick question

[Vellmont]

eg. if I ssh to my home computer, or use access an https site am I still ok?

As long as you exchange keys with the actual end host, and not the man-in-the-middle, you're fine.

If the Man-in-the-middle tries to give you his own SSL key, your browser will throw up an error message that the key is invalid. If you click "accept key", then you're hosed and the attacker can read all your traffic.

As far as ssh goes, if you've connected to the host before, SSH will (or at least on the clients I've used) throw up a big warning message that someone is trying to hack you. If you haven't connected, no such warning will appear and if you type in your password the attacker will get your password, and everything you type in your ssh session.

Everyone share

[jsnipy]

It seems to a non issue if you don't have open shares and you don't have have blank or simple passwords along with default user names.

Wrong

I was there when he said it. Wikipedia doesnt know everything.

Stinkhead

Re:Wrong

Heh. Good one.

at DEN, SAT, MCO, and LAS too

[ThingOne]

As I travel, I see this appearing at more and more airports. I am curious if they are changing the zombie computers to offer their own ad-hoc "Free WIFI" and send the sniffed information to a central collection point. I have also seen this in hotels in major cities. It's a boon for more identity theft.

Article does not explain the zombification process

[dudeman2]

Connecting to the "Free Wi-Fi" and having your passwords and data sniffed is one thing, but how easy is it for the attacker to turn a Windows XP system into a zombie, merely by connecting to an attacker's wireless network?

Assumption #1. You run Windows XP, SP2, up to date with security patches
Assumption #2. You have Windows Firewall installed and configured for maximum security
Assumption #3. You are not sharing your folders on the network, or if you are, you're not allowing guest write access

(Now, I know how many Windows users do not follow #1,#2,#3 above..) but assuming they do, is a zero-day exploit required in order to zombify their PC?

ad-hoc networking == filesharing?

[Vellmont]

The article says that if you connect to another host via an ad-hoc network, you somehow turn on filesharing in Windows (presumably to your entire HD). I wasn't aware of this feature in Windows. Can someone confirm it and provide some references, because the last people I'll trust to get the facts straight are journalists.

Far easier to get good scam info...

[Lumpy]

linux laptop advertising as a wifi hot spot.

It runs it's own DNS and httpd.

you connect, it looks real. Log into your yahoo account with a legit looking cert, hmmm yahoo is having trouble, I'll try ebay. I logged in but it also has trouble, I'll try again.. oh it works!

Really easy, thwarts all the "this certificate does not match as you control everything the client side sees, then dump them off to your link to wifi or your cellular net connection.

you can probably get tons of real logins you are ready for collecting.

Moral of this? do not trust open accesspoints, they might not be legit.

Re:Far easier to get good scam info...

Although many users will ignore the warning, it's not possible to make a legit-looking certificate just because you "control everything the client side sees". Client Web browsers know the public keys of all the Certificate Authorities and will complain if a site presents a certificate that isn't signed by a known CA.

Re:Far easier to get good scam info...

[fizbin]

Okay, but tell me - how often do you regularly see firefox warnings about certificates signed by random CAs? I see at least one or two a week. How likely do you think it is that someone's going to notice this?

When even Google AdSense can't get the whole "do https properly so that people don't get trained to click past error messages" thing right (granted, it's a different error in google's case), how closely are people really going to look? Granted, they might get slightly suspicious the third of fourth time this happened, but for people just trying to check some news sites and their corporate email before boarding they might only see one such error message.

Re:Far easier to get good scam info...

[goarilla]

one little question:

Client Web browsers know the public keys of all the Certificate Authorities and will complain if a site presents a certificate that isn't signed by a known CA.

are these public keys of Certificate Authorities present in clear text in the source code of the
client, if so it wouldn't be 2 hard to find them in the (gecko) firefox code (and forge them??? -- is this possible?)
can someone please elaborate on this one since i really don't know squat about
these certificates and would like to inform myself about them

Re:Far easier to get good scam info...

The public keys are easily available, but you need the private key to generate certificates, which only the Certificate Authorities have access to.

Re:Far easier to get good scam info...

[gronofer]

Just a moment, if this was correct, SSL would be pointless because any untrusted link on the Internet would be vulnerable.

Just because you control everything the browser sees, doesn't mean you can generate an SSL certificate for an arbitrary domain and get the browser to accept it as genuine.

Re:Far easier to get good scam info...

[rthille]

Google really should fix that. They are redirecting from http://google.com/adsense to https://google.com/adsense, but they should be redirecting to https://www.google.com/adsense.

However, whenever I get one of those warnings, I at least look to see why. And I'm certainly more likely to care about an error with one of the big providers than with some site I expect is too cheap to but a real cert.

How would you tell?

[lwriemen]

Doesn't running Windows already turn your computer into a zombie?

Re:How would you tell?

[CmdrGravy]

Not neccessarily but it can turn it's users into zombies.

Re:How would you tell?

[isaac]

Not neccessarily but it can turn it's users into zombies.

That's MacOS. "Jobs.... Joooooobs...."

Re:How would you tell?

[steveo777]

It's not Windows. It's sol.exe

Install malware?

[frakir]

Erm... and how exactly will someone turn p2p client into a zombie? I mean you can access shared volume if it is not password protected, but run anything?

Or was this dude letting share his entire HD including OS?

Others OS's at risk?

[hoser]

Trying not to be the arrogant Mac user my friends kid me about being (at least I think they're kidding), I've gotta ask:

Is Mac OS X at risk to these kinds of attacks?

Re:Others OS's at risk?

[Vellmont]

Is Mac OS X at risk to these kinds of attacks?

As far as a man-in-the-middle attack goes, of course. The attack is a property of the networking technology, not the OS. If you connect to a wireless network, then connect to your bank or whatever via SSL, then blindly accept the error message that's going to come up when the SSL certificate comes up (since the attacker is going to give you his own SSL cert, not the real one), the attacker can read anything you send to the other side, and anything that comes back to you.

The only solution is to not accept invalid SSL certs, or setup your own VPN tunnel.

Re:Others OS's at risk?

[RFaulder]

OS X's Airport menu in the menubar will place these networks in its own grouping, called "Computer-to-Computer networks". I keep Windows Sharing off in the Sharing preference pane, and also never connect to a computer-to-computer network unless I know who's computer it is. There's always a "Free WiFi access" computer in my building on campus, I wonder how many people he dupes....

Re:Others OS's at risk?

[Overzeetop]

This is a question based on an utter lack of understanding of OS X, but i'm going to ask it anyway:

Is the administrator password on an OS X machine non-trivial by default, and do most people set their passwords to be non-crackable by a short (say, 1-2 hr airport stay) session?

Presuming that the password is trivial or insecure (play with me here), does the default (or common) setting on OS X allow a telnet session to be established over the wifi link?

Now were getting deep, but hang with me...give the two above, couldn't a common or system module be trojaned and inserted into such a laptop?

Here's why I ask. 80% of my Linux experience is on a TiVo, and most of that with very simple things, but including kernel hacks developed by others. I telnet in, change the kernel, and the magic happens on the next reboot. Of course the tivo system has no password, but some systems are pretty poorly secured (password1, or a common word), and you can get a telnet session pretty quickly. With root access, a remote attacker could simply change the file permissions, insert a trojan - including adding a new program to call at start up if they wanted to be transparent about it - and go on their merry way.

Now, I'll admit that laptops aren't usually good zombie machines, as they aren't likely to be running continuously, but it seems possible to do the above with a non-technical laptop user at the help on a shared wifi link.

Re:Others OS's at risk?

[Vellmont]

Is the administrator password on an OS X machine non-trivial by default

I'm not a Mac guy, but I'm pretty sure the admin account is disabled by default. I'm also pretty certain that OS X doesn't accept telnet connections, nor is it running an ssh server.

Re:Others OS's at risk?

[Megane]

Presuming that the password is trivial or insecure (play with me here), does the default (or common) setting on OS X allow a telnet session to be established over the wifi link?

First of all, an "admin" account on OS X is merely an attribute of any account. Either it's a member of the admin group or it isn't. The first user created is automatically an admin. All that really allows you is the privilege to authenticate for super-user access, but then you have to re-enter your login password to do so. Most importantly, root and all the other standard unix usernames have logins disabled. If you know what you are doing, you can set a password to allow root logins, but if you know that much, then you are probably smart enough to know better.

And it isn't even possible to enable telnet on OS X unless you really know what you are doing. I could probably figure it out if I cared, but it's not worth the effort. Only SSH can be enabled via the GUI.

So now how exactly are you going to insert a trojan? Really, the only way in is to hammer SSH with a bunch of user/pass guesses and get lucky, and I have seen exactly that happening in logs, though they are obviously attacking Linux systems, as root is one of the accounts guessed. Someone has to both have an obvious username and an easily guessed password, at which point they were asking for it anyhow. This is why allowing root logins (vs using sudo) is a bad thing: the bad guys already know half of what they need to get in.

Re:Others OS's at risk?

At least I know my OS X file sharing is OFF. I can't say that about my XP laptop.

Re:Others OS's at risk?

[node+3]

As far as a man-in-the-middle attack goes, of course.

Which is to say, of course not, since man-in-the-middle isn't what's being discussed in the article. The article discusses two things: packet sniffing and file sharing.

Packet sniffing is something any OS is subject to, so just make sure you use SSL.

Man-in-the-middle attacks are also (as you said) something any OS can fall prey to, so never trust a questionable certificate on a public network (ie: when your browser tells you a website's certificate has some problem).

The file sharing aspect is something you need not worry too much about on the Mac. You have more than a few layers of protection here.

First, it's off by default. Generally, you'd know if you enabled it.
Second, if you only enabled Mac file sharing, the odds of the attacker having the means to connect to it are minimal.
Third, even if he does, or if you enable Windows file sharing, you will need a password to access anything except for public drop boxes. Drop boxes are write-only folders (ie. other people can put things in, but cannot access, or even list, the contents of the folder. In OS X, your Public/Drop Box folder in your home directory is a drop box).
Fourth, even if (etc, etc), your attacker almost certainly does not have a Mac OS exploit to drop into your computer. He could, were he to get to that point, access your files, however. Not a pleasant thought, but the probability of it getting to that point is extremely small.

Re:Others OS's at risk?

[Overzeetop]

That was my question. Having all the standard usernames turned off by defult is what I was looking for. Not having a tn server running by defult, and not being able to determine a login easily are the barriers I would expect...but then again I would expect Windows to close all incoming ports by default, too. We all know how often that occurs. I agree that root logins are foolish, but the situation in the windows world has been aggravated by third party developers requiring root access to run all processes. Fix the system and break the software. *shrug* I think MS is like politicians - no backbone to make the hard decisions. Just add to the overhead to bandaid a problem instead of fixing it.

Re:Others OS's at risk?

No, OS X has all servers including ssh and telnet disabled by default.

Re:Others OS's at risk?

[Vellmont]

Which is to say, of course not, since man-in-the-middle isn't what's being discussed in the article

The article is quite confused about exactly what it's talking about. If the article was worried about packet sniffing, then which SSID you connect to, or if it's ad-hoc or infrastructure mode would means nothing. The vast majority of public wireless networks are unencrypted, so anyone can sniff them at anytime. That's why I assumed the author is worried about MiM attacks. Really I think the problem is the author of the article doesn't understand what's going on much at all, but has a rather simple understanding of how networking, computers, and encryption work.

Free AP network

[tdos20]

Free access point connections aren't secure either as what you're sending isn't (usually) encrypted it can easily be picked up by someone nearby sniffing your packets

I was scammed at an airport yesterday

[CrazyJim1]

They charged me 8$ for internet access, but never gave me connection to the internet. Stupid Boston Airport(Logan)

Re:I was scammed at an airport yesterday

[skiflyer]

I had that happen at O'Hare not too long ago, wrote them a nice email on my phone, and had my $8 refunded to my credit card before I landed in NYC.

Re:I was scammed at an airport yesterday

[Zadaz]

So someone running a local server at the airport just got your cc number and associated details...

Sounds like a pretty good deal to me.

Vista disables file sharing by default.

[DraconPern]

Vista disables file sharing by default unless you tell it the current network connection is a home or work network.

Re:Vista disables file sharing by default.

[philipacamaniac]

XP disables most file sharing by default, too. You have to put things in the "Shared Documents" folder for any File Sharing to work, unless you explicitly agree to enable File Sharing in other locations.

Re:Vista disables file sharing by default.

[UncleTogie]

Vista disables file sharing by default unless you tell it the current network connection is a home or work network.

So, the only safe place to use it is somewhere other than work or home? Lovely.

Not just airports

[dropshot]

I saw exactly this at the National Archives in College Park, MD. I told the local IT bubbas, but they just gave me blank stares. It was particularly disturbing because the average researcher at the archives won't have the technical sophistication to realize what's going on, and will then take their zombified system back to a university network.

Re:Not just airports

Only posting as AC due to the nature of this issue. I work in a large bank (no wi-fi allowed). after reading this article, the first thing I did was pull out my PDA and wouldn't ya know it... Free Public Wi-fi. It must be coming from multiple places because all three floors show it as full 5 bars on my wi-fi scanner. Damn, looks like some more OT this weekend...

This honeytrap is widespread

[spyrochaete]

I've seen connections like these available in airports and hotels. I actually tried to connect but my crappy 802.11b NIC wouldn't let me.

WinXP makes it very obvious that it's an ad-hoc network and not a WAP. The icon is completely different. I guess I'll be avoiding those connections from now on.

Re:This honeytrap is widespread

[AndroidCat]

Annnd your XP knows that the other end is an ad-hoc network and not a WAP because? Anyone? Anyone...?

You'd be better to check the evil bit on the packets.

Re:This honeytrap is widespread

[spyrochaete]

Becaaaause it clearly says "Ad hoc network" instead of "Wireless Access Point" in a bold font on the connection manager, complemented by an icon depicting 2 laptops communicating instead of one wireless antenna broadcasting. Couldn't be clearer.

Re:This honeytrap is widespread

[AndroidCat]

That's how you know, not how Windows XP knows.

Talk about naive!

[BillGatesLoveChild]

> Of course no one reading this would fall for such an elementary con.

Too right! This is Slashdot! The big ./! No way we'd fall for something like that.
Not like we're n00bs! ha ha.

> The article gives detailed instructions on how to make sure your
> computer doesn't connect automatically to any offered network,

{Sound of frantic typing, hyperventilating and weeping}

So that's what that is...

[It+doesn't+come+easy]

I see those ad hoc computer connections on airplanes all the time (I fly the friendly skies about every two weeks). I thought they might be the airline offering a way to connect to the internet while in the air. Fortunately for me I never allow ad hoc connections on my computers and always have file sharing turned off except for when I'm specifically transferring data. Maybe I'll try to locate the computer offering the connection the next time I see it in the list.

Better yet...

[KingSkippus]

Help other folks out. Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too, and let everyone else (at least, everyone who connects through you) safely use the scumbag's paid wi-fi connection for free.

But if you must have some innocent fun, you really should have your machine mirror images so that they're returned upside-down. Not all of them, just a very few that meet some criteria based on a hash of the user's MAC address or something. Imagine their confusion when their buddy's laptop shows the picture normally and they're sitting there thinking, "What the...!!?"

Re:Better yet...

[ajs318]

Someone's been reading this, haven't they? :)

If / when I ever get any wireless kit, I will change the name of my neighbours' unprotected router (currently set to the make and model name; a quick Google search revealed the default password) to "pWn3d", have my router emulate theirs but with suitably distorted graphics, and see what happens. Jut a shame I can't listen in on their call to tech support ..... but I could, if I had what fone phreaks once referred to as a "Sky Blue Pink Box with Yellow Spots On". Oh, wait, such a thing already exists!

Now, that does sound like serious PHUN!

Re:Better yet...

Well .. I can't find it now but there was a wireless Goatse hack somewhere in which every image was replaced by the goatse image.

  A.C.

Tosser...

[Dogtanian]

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice. And people wonder why some Linux and Apple supporters have a bad reputation for being fanatical.

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile. The fact that this person's behaviour happens to be driving people towards my OSs of choice is purely incidental. You probably realise this, and I doubt that you were serious about thanking the guy, but I bet that your f****d up zealotry, morality and ideology are genuine; you really would place a microscopic (and questionable) "blow" against Microsoft over thieving scum like this escaping justice. You really think that MS-enabled crime (let alone this particular scam) is the only crime they're going to commit?

Re:Tosser...

[El+Torico]

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile.

Right. Call me cynical, but I don't think that the police would be interested or even capable of doing anything.

Re:Tosser...

[Dogtanian]

Right. Call me cynical, but I don't think that the police would be interested or even capable of doing anything. Which was precisely why I said "if I felt they'd do anything worthwhile". And either way, it still doesn't excuse "Super Kendall" treating low-life thieves/conmen (who'll probably be stealing from someone's granny next week- sans laptop) as some sort of open-source heroes...

Re:Tosser...

[unix_core]

Open source heroes? Then at least Eric Raymond won't come over and shoot them.

Re:Tosser...

[SuperKendall]

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile. The fact that this person's behaviour happens to be driving people towards my OSs of choice is purely incidental. You probably realise this, and I doubt that you were serious about thanking the guy, but I bet that your f****d up zealotry, morality and ideology are genuine; you really would place a microscopic (and questionable) "blow" against Microsoft over thieving scum like this escaping justice.

As noted, reporting to the police would be ineffectual.

I'm not looking for a "blow" against Microsoft as much as something that moves people to more secure systems, whatever those happen to be. And unfortunately it happens to be true that people only seem to care about things like that when bad things happen to them - as with backups.

So I feel empathetic, but not sympathetic, towards people affected by things like this - and while I don't condone the actions of those engaging in this behavior I do at least recognize that some good can come from even criminal activity such as this.

What I feel is really poor is your apologetic stance, basically playing whack-a-mole with security issues by trying to stomp down every security breach as it pops up without considering the broader picture and how to reduce the fundamental security problems instead of blaming only the people who take advantage of security flaws like this while doing nothing to advance a cure to the deeper problem. I think you need to reexamine what is zealotry and what is a healing approach for the industry as a whole.

Re:Tosser...

[Zanthor]

What I find amusing is that you think most computer users have a "Choice" in which OS they run... my shop runs Windows XP, that means all 250 of my supported users run Windows XP, they don't get to choose.

Unfortunately I can also say without a doubt that wireless connectivity is so convoluted that the average user would fall for this. Explaining to Joe Salesman to view wireless networks and trying to explain to him the different types of authentication he may run into while traveling from Iowa to Texas (I found 4 in my one way trip) is just horrible.

Re:Tosser...

[RealGrouchy]

And people wonder why some Linux and Apple supporters have a bad reputation for being fanatical.

Don't blame the poster; blame the people who modded it up.

- RG>

I've Seen This

[Eukaryote]

I have seen this at my Law School (at a state University), actually. There is often a computer-to-computer network called "Free Public Wifi."

Good thing I have a mac...

Re:I've Seen This

FUD You can't get infected by connecting a Windows PC to a rouge wireless network.

Why just ad hoc?

[BubbaFett]

With Linux and the hostap driver I can set up a legitimate access point. Ad hoc isn't a necessary part of this scam, and I don't see how avoiding ad hoc networks will prevent anything.

grasshopper

what you see are fellow client nodes, like yerself.

Re:grasshopper

[raddan]

If fellow client nodes are calling themselves "Free Wi-Fi", then the world is a fucked up place, my friend. That is the whole point of the article. Can you read?

Re:Article does not explain the zombification proc

[giminy]

It's hard for an article to explain anything if you don't read it.

From TFA:

In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing [emphasis mine], the attacker can have complete run of your PC, stealing files and data and planting malware on it.

You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.

Reid

Old problem, Old solutions

[frostilicus2]

Besides the possible risk from malware infection if you have enabled file sharing, this really is the same man-in-the-middle attack that was so prominant in the 80's and early 90's. A problem which has been mostly fixed by the adoption of SSH over telnet. And is practically non-existant over HTTP today beacuse of the use of SSL on servers. And with regards to malware, how does this differ from picking up some spyware from the pr0n site you "accidently" visited?

I see no problem here that cannot be solved by adopting the same principles that you would use for ordinary domestic internet access:

1) Turn on your firewall and close all open ports.
2) Don't send sensitive data over an unsecured network.

forget about the network

[rsw]

The network isn't the problem here, your computer's configuration is. All of my machines can safely connect to an untrusted network (and they do---my non-firewalled, non-NATted internet feed) without being turned into zombies.

The message here shouldn't be "don't connect to untrusted networks," it should be "secure your machine."

Once you do that, these guys are just being nice and giving you a free connection!

-rsw

not just airports

[tlm2021]

Going for spotty wireless access in my dorm room, I click on my airport icon and there's usually 2 or 3 computer-to-computer networks named "free wi-fi" or "free high speed." Yay for making making it easy to tell that's bogus. I turned off my sharing and put up all my firewalls once, and got on just long enough to find out they're not even smart enough to give the promised internet access to keep you busy. It's just a flat-out, try and screw you scam.

Hey! I seen that.

[WarlockD]

I have been to a few airports in Chicago and Dallas recently and scanned those. Never stupid enough to connect to them, (ad-hoc mode is off) but enough to be curious.

Stupid idea

[Dogtanian]

Help other folks out. Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too, and let everyone else (at least, everyone who connects through you) safely use the scumbag's paid wi-fi connection for free. That's the kind of geeky too-clever-for-your-own-good thing that will get you into trouble if the real criminal ever gets caught... or even if he doesn't. Suppose the police (or whoever) at the airport know about this scam and are investigating, and pick up *your* connection. Now you're messed up with this thing; you might know that you're innocent, but they don't, and explanations like "But... but... I was just having some fun at the guy's expense and making it safe for everyone" won't go down well.

How sure are you that you can prove that you're not involved, especially when you've been arrested and subject to police questioning? Under ideal circumstances If you were in control of things, you could probably put together a good case, but fancy playing against a prosecutor and police who genuinely believe that you were involved and want to make you look bad?

And (so the police will want to know) since you obviously knew this guy was up to no good, why didn't you report it?

Doesn't sound such a good idea now.

Re:Stupid idea

[Schraegstrichpunkt]

How sure are you that you can prove that you're not involved, especially when you've been arrested and subject to police questioning?

You have nothing to worry about, since the judge will throw out the case as soon as you get your hearing (habeas corpus... oh crap.

Re:Stupid idea

[nittibang]

Um... Cops arent that smart.... Neither are the Fedz... Hell the last airport I was at... (name to be mentioned never on /.) had an access point listed as "*insert-name-of-airport* Control Tower" , After some network snooping and the fact that my flight was getting ready to board I decided against doing anything naughty... Hopefully someone has locked it up but in todays times they probably could care less about a "wireless access point" because if it is at the airport it must be secure! Cough.. Cough..

Re:Stupid idea

[Dogtanian]

The problem is that if the whole system (including the judiciary) is stupid or incompetent, it's all to easy to get caught up in it.

And even if you're eventually proved innocent, who wants all that hassle just to carry out some smart (but stupid and ill-advised) "stick-it-to-the-thief" stunt?

More interesting idea

How about instead just recording the stream of data as the laptop user connects to his email or surfs (assuming he doesn't use a secure vpn). Grab copies of all his company email, files, browsing habits etc. Laptop-wireless-tapping like phone-tapping.

Hi, I'm (pwn3d) on the bus...

[AndroidCat]

The YRT regional bus service is trying to make wi-fi access from their buses work. (Last time I checked, the AP was answering but not connecting to anything. They claim some buses are working.)

Once people get into the habit of using it, it should be easy to board the bus with a laptop and create a bandit AP that looks like the real one. (A working bandit since it could just proxy to the real AP for internet access.) A fine man-in-the-middle only "visible" to the riders, and easy to shutdown and swap buses if there's any sign someone has spotted the bandit.

Oh yes... Their standard name for the bus AP is .. default.

Re:Hi, I'm (pwn3d) on the bus...

[AndroidCat]

Two additional points that I forgot:
1. I'm assuming that they'll later add some encryption. Otherwise a man-in-the-middle isn't needed for most data theft.
2. The display sign at the front of the bus runs Windows XP on HP hardware, uses wi-fi to load advertising and news and is probably a local IP address on the bus lan. I wonder if it's firewall from the bus wi-fi?

Scaremongering.. here's a *different* analysis

[Dynamoo]

The article is full of "could"s and "possibly"s. It's sheer speculation.. and indeed, scaremongering.

I've seen this several times before, and the best article I've seen on it is here. That's a lot more level headed, and it refers to the "Free Public WiFi" SSID as a virally spreading phenomena, but most likely not a virus or honeypot.

The problem is that Windows handles Ad Hoc WLAN networks in a rather bizarre way.. once you've connected to the Ad Hoc network, your computer will likely become *part* of the Ad Hoc network and will consequently rebroadcast the SSID, advertising to others. This means that the SSID slowly spreads out just like a biological virus.

Yes - it *could* be used as a man-in-the-middle attack or some sort of botnet, so the advice to steer clear of Ad Hoc networks you don't know about it very sound indeed. My experience of seeing the "Free Public WiFi" SSID definitely fits in with that theory.

I fell for this...

... at a doctor's office a couple days ago. I thought I'd see if the office had a Wi-Fi connection I could use for the 3 hours I would be there with my MacBook and saw "Free Wi-Fi" listed. I was a little curious why it was listed under computer-computer networks, but tried connecting. Didn't seem to get me an external connection so I gave up. Fortunately I 1) have a Mac, and 2) only have remote login (SSH) enabled with a good password. But thanks for the warning!

Stuart

Just saw this yesterday...

[Doctor+Memory]

I just moved into a new office and I was checking the ports to see which were live. I hit a dead one and my laptop automagically tried to connect via WiFi. I saw a bunch of unsecured access points, and a couple of ad-hoc networks. One was hpsetup (a wireless print server maybe?), and one was Free Public WiFi. This is in downtown Lincoln, NE (yes, they have computers here).

Disturbingly, one of the unsecured wireless networks is labelled Itgadmin's PowerBook G4 17". More disturbingly, another is labelled WF Conf Room. I'm across the street from the main Wells Fargo branch...

Re:Just saw this yesterday...

[Planesdragon]

I'm across the street from the main Wells Fargo branch...

A smart company will have a public, untrusted, gardenwalled network for, oh, salespeople and other bank's VPs. It shouldn't be connected to the bank's actual system, and if properly done will actually increase security of the bank's network by giving less legitimate reason for anyone to try and connect to the bank, letting IT (and the M-16 carrying security guards) treat every connection attempt as an attack.

Silly Americans

It's an American obsession to nickel and dime the world. Every airport I've been to in the EU has had free wifi, usually it's extremely fast too.

Re:Silly Americans

American airports are known for this. These are the only places I know where change machines return you 75 cents for every dollar put in.

Just Ad-hocs? Um, no.

[lordsimian]

Um, this doesn't just apply to ad-hoc networks... Any monkey running linux with Hostapd can set up an full Access Point that your laptop will happily connect to even when ad-hoc networking is turned off. If this monkey is clever, he'll use the same open SSID the airport/coffee house/hotel is using. You can go on and on about SSL and vpns and so on, but the bottom line is the attacker has control of the WLAN you are connected to at the very lowest levels. The attacker has complete freedom to record and/or tamper with anything you send or receive while in transit.

Gimme your lunch money

[cirby]

...newbie.

And especially don't mess with user ID 007

[StressGuy]

Besides his computer savvy, he's the only known slashdotter to actually have a sex life.

Now, if you'll excuse me, I need to don my asbestos underwear.

Re:And especially don't mess with user ID 007

[larry+bagina]

CowboyKneel and CmdrTaco are known to have a sex life, if you know what I mean (*cough*turd burglars*cough*)

Re:Article does not explain the zombification proc

[mspohr]

OK, so the hacker can "plant malware" and files...

Just how does the hacker get the malware file to run on your computer... it seems there must be another step here... TFA was vague on this point. I'm not an expert.

ad-hoc or access point

[norpan]

Wireless network cards can be set up as access points to. So just looking for if it's an ad-hoc network does not protect you. Turn off all sharing when connecting through public access points and use encryption.

There you go - free wi-fi!

Re:Article does not explain the zombification proc

[Bazman]

Hmmm C: drive icon... right click... sharing... read-write... anyone... anytime... anywhere...

There, that should save me having to bother sharing out individual folders on my home network - far too fiddly...

Re:Article does not explain the zombification proc

[dudeman2]

I read TFA including that section. Unfortunately without benefit of your [emphasis], I ended up thinking "there must be more to it than that." Thanks for the response. Perhaps next time you can try a constructive reply without the sarcasm.

The whole thing boils down to:

1) Clueless user connects to "Free Wifi" and has filesharing enabled with guest write access
2) Attacker uses file sharing to put malware on PC
3) Clueless user proceeds to run the malware and gets zombified.

All in all a time consuming, inefficient way to amass a zombie network. If you're just looking to phish a (presumably well heeled) businessperson, then maybe it's worthwhile.

Re:Article does not explain the zombification proc

[philipgar]

This still doesn't explain about the zombification process. First of all, most file sharing is read only unless you have a password used, most home users don't really do much filesharing, but generally it's a read only thing, but second of all even if you have your entire folders mounted as read/write, how exactly does that allow this machine to turn you into a zombie? Last I heard writing files to your my documents folder (it's really difficult to share other folders than this) can not actually execute code.

I guess if your entire hard drive was shared, there is a possibility that they could write the file to a startup directory on it that automatically launches it on your next reboot . . .

This article really read as a lot of FUD to me. Possibly unpatched machines are affected, but they give a solution of disconnecting from the net. I just don't get it, the solution, it appears to me would be to oh, I don't know, patch your computer and use sane practices (like not sharing your whole hard drive as read/write/execute (apparently) with anonymous access).

Now the problem of them being able to steal credit card numbers and such is an issue. This is an issue that effects all OSes, so everyone should think bout it. however, if you check that the ssl keys you accept are valid for the site in question, then you should be alright. While they can perform a man-in-the-middle attack, that does require changing what keys a website uses (or possibly disabling encryption). As far as aim passwords and such go, well if you don't use it for important stuff, what are they going to do with it?

I read this entire article and really just want to read something from someone who knows anything about security, and not some idiot who read about something like this and proposes an even more idiotic solution. There is truth that you must be careful connecting to any wireless network that you don't know, also your machine needs to be patched etc. a little common sense goes a long way in this matter.

Phil

Saw this at DFW a few months ago...

[Kormac]

I was stuck in Dallas Ft. Worth because of a delay on a connecting flight. When I was near my gate, I noticed a few ad-hoc networks, one labeled "Free Internet" and another one labeled "BFW" (I guess they didn't know the correct airport code) :)

I was surprised no one tried to use "T-Mobile" as their SSID (since DFW has a Starbucks Wi-Fi point).

Kormac

I saw this happen at a Panera a month ago

[wingfoot]

During the major wind storm that hit the Northwest before Christmas and knocked out a lot of power, I went searching for net access and finally found a Panera Bread Co. that had power (and free wifi). Everything was good for a bit... Then the access point went down. A minute later a new "Free wifi" connection showed up and sure enough it was an ad-hoc connection... Needless to say I left and went to another place.

My Hotel Has this...

[Mr.+Flibble]

Where I am currently staying there is a similar network for free wi-fi at my hotel. Which is nice, because the hotel charges for their internet service (bastards).

Sadly, my Mac can't seem to respond to the netbios requests... At least I have lots of fun with kismac around here. :)

Secure VPNs Not Noted in Article

[BoRegardless]

Should have had at least a brief discussion, as any laptop with business uses ought to have a way to do secure transmissions.

Portland

It would be pretty funny if they were running this scam in Portland, because Portland's airport actually *has* free Wifi throughout the airport. (Lousy cell phone service though).

- A Portlander

Re:Portland

[Marxist+Hacker+42]

And of course, the city is currently rolling out free wifi in the downtown core, miles from the airport; which is where I found my "Free WiFi" adhoc connection that wouldn't work on my T-Mobile MDA.

Re:Portland

[pluther]

They actually have it in the airport, too, and have for a couple of years at least.

The ssid isn't "Free WiFi", though. As I recall last time I used it, it was something-pdx. Though of course,it would be easy for someone to set up any ssid. They could even use the same name as the legitimate one, I guess.

Windows machines do tell you whether the connection is infrastructure or ad-hoc ("access point" or "peer to peer" is how XP SP2 lists it), though I guess it's too much for the average user to know what the diffference is. And, who knows, it might just be someone being nice and sharing their connection.

Re:Portland

[Marxist+Hacker+42]

Yeah, but actually there are four legitimate free Wi-Fi groups in Portland:

1. Portland Airport Free WiFi, ssid "flypdx"
2. Personal Telco Underground WiFi Group, ssid "www.personaltelco.com".
3. Independant coffee shops, hotels, and internet cafes, various ssids
4. Metro-Fi, the new downtown and expanding out towards all of Metro area wifi cloud, ssid "MetroFi-Free". If you see "MetroFi-TestFree" this indicates an access point that isn't connected to the Internet yet but will be coming soon.

net stop server

[enharmonix]

Um, problem solved?

(Hint: Win+R)

i don't get it.

[no+reason+to+be+here]

are you saying that Mac users are unemployed? and thus crave employment the way zombies in the movies crave brains? i mean, most Mac users i know have jobs, usually pretty good ones.

or maybe it's the stereotype of the mac user as the artsy humanities student who has no job prospects. but, so many /.ers seem to use macs.

i guess there's some geeky reference in there that i just don't see...

Re:i don't get it.

[Dimentox]

Steve Jobs, how so many mac users practically worship him..

Re:i don't get it.

[no+reason+to+be+here]

uhh, yeah, umm, you see, i was trying to be funny. i guess i should have inserted a in there to make it more obvious.

St Louis, MO

[greg_barton]

I saw this in the St Louis, MO airport a few weeks ago. Luckily I use a Mac Book. :)

Re:St Louis, MO

[Buran]

Our airport sucks ass anyway. The main terminal hasn't been rebuilt in decades and shows it. The airport doesn't have a lot of traffic, and yet a brand new shiny runway that NO ONE EVER USES (with the occasional exception) got built (and killed the spotters' lot that people like me enjoyed for decades before that). A nice fat waste of money that could have gone to actually improving what visitors see when they get off their flight.

I fly Southwest out of the East Terminal, which is much easier to navigate. Oh, and I'm looking forward to moving this summer. I grew up in St. Louis, but it can't get its shit together. That, and I have a love interest elsewhere ...

(Yes. I'm on Slashdot, female, and have a love life.)

In Soviet Russia...

In Soviet Russia, WIFI free you!

hmm

[ajs318]

One of the reasons I've resisted wireless for so long (apart from the fact that by the time I've even unwrapped my first wireless router, there will be a whole new standard out running at ten times the speed and the kit will be twenty pounds cheaper) is that you don't know what's on the end of it. A cable can be followed. RF can't. If someone wants to play silly buggers with a wired network, they've got to get physical access to your cables. But no wires means no traceability!

With a bit of readily available software, such as Linux and hostap, you can turn a laptop (or SFF mobo plus suitable battery; a 12V/8AH lead-acid is about the right size for a good day's phun while you're away doing other things) into a great wireless hacking tool (that looks just like a real live wireless router, not an ad-hoc connection). You can snarf logins, passwords and credit card details on their way to the real website without even having to stop with a fake error message. This works even if they're using SSL; you just have to accept incoming SSL requests, let them get decrypted on your machine, and pass them on to the real internet via SSL (classic MITM hack; Bob thinks you're Alice and Alice thinks you're Bob). Your certificate probably won't be recognised by their browser; but if you put in the name of the place where you're working your scam, they might just think it's perfectly normal because they're going through that place's gateway and accept it anyway. Other people's ignorance can be your best friend.

One last word: Don't rush it. Leave awhile between snarfing the data and making use of it. That way, they're less likely to suspect you. If someone connected through a "free wi-fi" network one morning and got stuff bought on their card the same afternoon, they might remember the "free wi-fi" when trying to think what they'd done. If a couple of weeks elapse before you make your hit, it's less likely to come back on you. Oh, and getting stuff delivered to your own address is even stupider than answering the telephone in a house you're burgling!

Why in airports?

[acoustix]

How are these malicious networks getting into the airports? People aren't allowed in the waiting areas unless they have a ticket for a flight. So where are these wi-fi signals coming from???

Nick

Re:Why in airports?

[jweller]

I guess one possibility is to just buy and not use a ticket. southwest always has one way tickets on their website for about $50. Assuming you could make money this way by stealing CC numbers, then spending $50 and a few hours of your time to get $500 or more is a reasonable venture.

Re:Why in airports?

[Shadyman]

No one says you have to be In the post-security waiting areas.

Wi-Fi and liability

[jsnipy]

I wonder when we will see a liability case where, a user connects to a free wifi, but insteads connects to another one the maliciously setup to trick users (i.e. a name that sounds similar "Starbuks"). Then that user user tries to sue the establishment/collect damages for not ensuring the establishment has secure .

Re:Article does not explain the zombification proc

It's now a question of what would happen in an ideal world, where everyone tries to keep their systems secure. It's a question of what happens in the real world, where not everyone tries to keep their systems secure.

Do you really think it significantly matters whose machine you're taking over, if you just want a zombie?

I don't get it

[Salsaman]

You join a network, and it forces you to run a p2p program or something ? How does that work then ?

Hmmm.

[Beefslaya]

My Mac doesn't seem to have these issues.

Re:Article does not explain the zombification proc

[Vellmont]

I had much the same thoughts on ad-hoc networking enabling file-sharing of an entire directory. I've yet to hear anyone say anything intelligent on the subject yet.


While they can perform a man-in-the-middle attack, that does require changing what keys a website uses (or possibly disabling encryption).


Well, the more troubling attack is disabling encryption. Most sites start out in HTTPS, and then have a link to the secure sight. If there's a man-in-the-middle, he can change all the links that send you to https://website.com/ to http://website.com./ Then just continue acting as a proxy and figure out which URLs should really be contacting the HTTPS sight, while continuing to talk to the client/victim in http. Sure, the victim could look down at what's supposed to be a "secure" website, but how often do you do that? I haven't in the past.. but I'll certainly try to more now.

Re:Tosser... (said the Tosser)

[node+3]

your f****d up zealotry, morality and ideology are genuine

Windows has had serious architectural and procedural flaws for over a decade now, which Microsoft is fully aware of, yet has done very little to address, and it's "fucked up zealotry, morality and ideology" to hope that people will wise up and switch?

I'd highly prefer MS wise up and fix their OS, but they won't. Ever. They're just not that kind of company, never have been, never will be. On this, I would *love* to be proven wrong by MS's future actions.

I don't see how it's "fucked up zealotry, morality and ideology" to hope people will switch away from such a dreadful and dangerous product. I hope people will stop eating products with high fructose corn syrup and trans-fats. How is there anything wrong with such a position, *whatsoever*?

Personal experience

[Brian+Gordon]

I saw this at the airport in Columbus, OH. I guessed at the time that it was some kind of scam, but I was confident in my computer's security so (since the airport's wifi wasn't working) I just used the scam network.

Bullshit

if you have file sharing enabled, your computer becomes a zombie

So the attacker magically knows what users are allowed access to various shares and what their passwords are?

If you believe this article I have a bridge to sell you...

Someone COULD redirect these sites to get info

[StandardCell]

It isn't inconceivable that someone could redirect these sites to their own "special" versions in order to get the username and password for a banking or other login, then display another page that the login didn't work or to come back later due to maintenance. Then the perp can go in and do the damage.

"Secure" gmail

[DamnStupidElf]

Just connect to https://gmail.google.com As far as I can tell it keeps everything in the SSL session as long as you use it. Of course everything you sent and received went through the public Internet at one point anyway...

Re:"Secure" gmail

[zlogic]

What if the relay routes SSL as well, with a certificate generated on the server? You'll get a warning that the cert isn't properly signed but most people don't understand these warnings and click OK anyway.

Re:"Secure" gmail

[DamnStupidElf]

What if the relay routes SSL as well, with a certificate generated on the server? You'll get a warning that the cert isn't properly signed but most people don't understand these warnings and click OK anyway.

Your ISP or any router in between could do the same thing anywhere, anytime you're on the Internet. If you don't check the SSL certificate, it's your own fault.

Re:Article does not explain the zombification proc

[node+3]

The whole thing boils down to:

1) Clueless user connects to "Free Wifi" and has filesharing enabled with guest write access
2) Attacker uses file sharing to put malware on PC
3) Clueless user proceeds to run the malware and gets zombified.

1) "Clueless" implies fault of the user. It's unreasonable to expect your average user to have the technical acumen of your average geek. Given that other OSs do not have these issues, I am more inclined to blame Windows for being so easily made insecure by a "clueless" (read: average) user than I am the user.
2) Yes.
3) The user need do nothing. If you have read/write access to C:, you can install anything you want and have it run automatically.

Re:Article does not explain the zombification proc

[node+3]

even if you have your entire folders mounted as read/write, how exactly does that allow this machine to turn you into a zombie?

And if someone replaces "Daily Report.doc" with "Daily Report.doc.exe"?

I've seen this 1st hand

[DenialX]

Flying home for thanksgiving I was sitting out Regan National Airport for a few hours. I pulled out my MBP to see if i could get a signal anywhere. There were a free wifi's ad-hoc, only they didn't offer any net access. And had no itunes for me to listen too. I turned off my wireless at that point.

Re:Just Ad-hocs? Um, no.

true! excellent point!

Actually its really easy to tell in Vista...

[haplo21112]

Ad Hoc nets are displayed as three little computers in a triangle, accesspointed nets are a single large computer Icon. Futher hoveing over your netowrk connection Icon will tell you exactly what sorts of networks you see and are/can connect to.

gmail Can start with a Secured Connection

[Skippyboy]

try this: https://mail.google.com/mail/ (gmail) It starts a secured connection, and stays secure. I use it at work - since stupid WebSense blocks all webmail accounts that don't start with a secured connection.

Re:Article does not explain the zombification proc

i seriously doubt they care about the computer as a zombie there are much better ways to get that... but what is dangerous is you get the ceo's and the people who don't know the difference on here and they go in and they send they check their email... that gives the attacker the login and password to email. that also gives them domain info. this then leads to where they now have a login and password to the server somewhere and from that you now can start to work on the box... so the real key is the info being gained from it. if nothing else you start to spy on the ceo's email of company x and you start finding out LOTS of information about what happens.

that is the bigger danger than a zombie machine.

"hide known extensions"

[ClioCJS]

People who willingly hide the file extensions from their display deserve what they get! :)

Re:"hide known extensions"

[node+3]

People who willingly hide the file extensions from their display deserve what they get! :) Windows XP does this by default.

And no, they *don't* deserve it. If there was a warning dialog which said, "Doing this might cause you to get pwn3d", you might have a point. The problem is that there's no reason to expect your average user to understand the implications involved.

Every so often, bad weather during the winter leads to a few deaths due to people using charcoal barbecues in the house. It's not reasonable to suggest those people deserve what happened to them. If they didn't understand the risk (and many people don't) they are victims of their own, reasonable ignorance. If the heat is out, your stranded at home in a blizzard, and all you have is a barbecue, what do you think your average person is going to think?

It's the same with many Windows exploits. People use the OS the way its design promotes, and develop habits accordingly (such as blindly clicking "next, next, next" during software installation). Yes, education and vigilance would stop many of the problems, but the level of education and vigilance is above and beyond what is reasonable to expect.

Blaming the user is foolish. Why not fix the OS?

Re:"hide known extensions"

[pipingguy]

The irony seems to be that XP does this by default in order to save inexperienced users from themselves (by, say, accidentally deleting a critical file) but in doing so opens said users to attacks from slimy bastards that want to infect computers. On the other hand, can a file labelled .doc actually be a .exe?

Use terror to your advantage!

[dekkerdreyer]

Connect to the free wifi, read a few extremists websites, post jihadist hatred, say something bad about the US president, and then search for some kiddie porn (think of the children!) In the US, the guy connecting to the real network connection will be shot on sight within minutes.

Would it be possible?

[Some_Llama]

How about triangulation the wireless connection offering Free Wifi with signal strength as a guide.. it would seem possible to narrow down the AP to a Radius of Meters (50 or so?) and the people with the laptops in that area could be talked to...?

Re:Would it be possible?

[dlhm]

I was thinking abut trying this in my airport, I need to write some good software for it.

Re:Article does not explain the zombification proc

[DerGeist]

No, I've seen people do that and they give up as soon as Windows says "Applying this to folders and files..." and the progress bar crawls along as it touches each file on their HDD. Due to their impatience, they realize sharing one folder is a much better idea. Security through laziness ... I like it!

Useless article

[operagost]

It's nice that they tell you how to distinguish the bogus ad-hoc networks from the access points, but they like to use "your pwn3d" scare tactics without providing REALLY useful general tips, like:

1. Use a firewall.
2. If you must have shares, at least create users with strong passwords and set the permissions.
3. Don't transfer sensitive information over ANY wireless connection unless it's over a secure tunnel. What makes you think people aren't connecting to legit access points and sniffing your link?

Strawman, backpedalling and all-round pack of lies

[Dogtanian]

What I feel is really poor is your apologetic stance, Your whole reply is so messed up, I don't know where to begin. I'll start here though, because it's one *hell* of an obnoxious strawman if I ever saw one.

basically playing whack-a-mole with security issues [etc, snip] At no stage did I even mention MS's security holes, let alone attempt to justify them. I didn't even mention security issues at all. It must take a hell of a lot of chutzpah to claim otherwise (and to try to shift the ground of the argument to distract attention from what you originally said).

Your original message, spoke of your desire to "thank [the thief] hardily for moving yet another Windows user even closer to an alternate choice".

I criticised you (and your zealotry and screwed-up moral priorities) for glamourising a lowlife conman and applauding his (totally incidental and minor) blow against MS, disregarding the more serious aspects of the crime. That's it.

MS's security model may be broken, it may be inexcusable, but this absolutely does *not* justify your highly dubious glamourisation of a thief simply because they make MS look bad.

As noted, reporting to the police would be ineffectual. As I acknowledged when I said "if I felt they'd do anything worthwhile".

I think you need to reexamine what is zealotry and what is a healing approach for the industry as a whole. Either your misrepresentations (both of the basis of the argument of and what I said) were quite deliberate, or you need to stop your quite incredible kneejerk assumptions about the other person thinks.

Since you bring the issue up, I'll give you my true opinion. I'm a Linux user (and would appreciate more people moving to Linux, as I implied in my original message). I also dislike the amount of security holes in Windows XP, and (as I said) if this moves people to more secure OSs, reducing the monoculture and forcing MS to clean up its act, that's good.

However, it doesn't excuse, let alone justify the thief's behaviour.

I do at least recognize that some good can come from even criminal activity such as this. As I already said myself... the difference being that whether or not something good came out of it, it wasn't thanks to the intentions of the thief; and I didn't imply that (on-balance) this was a good thing. You did just that when said you wanted to thank the thief, and when you omitted any consideration of the negative aspects of his actions whatoever.

So I feel empathetic, but not sympathetic, towards people affected by things like this - and while I don't condone the actions of those engaging in this behavior. (My emphasis above). Your original quote: "The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice." That sounds like condoning it to me.

You're backpedalling now. You blatantly lied about what I'd said, and you're trying to distract attention from what *you* originally said. Go to hell.

Well.....

[dami99]

I'm far from the worlds #1 expert in wifi sec... but I am CISSP and GSEC certified.

Wireless security 101 ->
If you are doing anything that requires security, don't use wireless. ... and running linux is hardly a end-of-all-problems security solution, sorry linux geeks. (Of which I am one.. well more of a BSD geek really.)

Public access points are foolish to even connect to , and using them to access/transmit any confidential info is twice as bad. (.. and as such should be against most corporate IS policies, if wireless itself is not completely banned.)

Re:Tosser... (said the Tosser)

[gstoddart]

Windows has had serious architectural and procedural flaws for over a decade now, which Microsoft is fully aware of, yet has done very little to address, and it's "fucked up zealotry, morality and ideology" to hope that people will wise up and switch?

Switch? No. Hoping they get pwn3d however might get you into the zealotry camp.

If the face of OSS people is "ha ha, sux0r, you got r0bb3d ya lus3r n00b", people are not going to have a very positive impression of the kinds of people who are Linux proponents. And, they're going to be less likely to listen to any of the rational arguments about why Windows might not be all that it's cracked up to be.

I call to your attention yesterday's Dilbert Cartoon to bolster my point. =)

Cheers

guy

I was on a plane to england, and i saw this once we were @ 40000ft.
so it was a 1 in 300 odds that someone on the plane was broadcasting this.
also it might have been the originator

Not just airports

[fishdan]

I've seen these scam networks on trains and subways in the Boston. And I'm sure it's happening elsewhere. Think of all the good stuff you could get if you were to compromise every computer on the Long Island Railroad going home from NYC. I'd imagine you'll see this exploit on express buses on routes to/from financial centers, and the potential for industrial espionage is quite high as well.

Re:Article does not explain the zombification proc

[multipartmixed]

A man-in-the-middle attack which changes https:/// URLs to http:/// and proxies them is only trivially different from one which proxies https on the inbound and outbound side.

That said, creating the key required to re-encrypt would be quite difficult, as it would
  a) have to be signed by an appropriate CA
  and
  b) reference the proper domain

Re:Well..... one more thing.

[dami99]

Ohh.. one more thing.

Wireless NICs can be setup to look like APs.

Not connecting to ad hoc networks is *not* a way to secure yourself from this.

My God... did you actually read what I said?!

[Dogtanian]

See this reply where I address the issues in more depth. I'm not repeating everything I said there.

Windows has had serious architectural and procedural flaws for over a decade now, which Microsoft is fully aware of, yet has done very little to address, and it's "fucked up zealotry, morality and ideology" to hope that people will wise up and switch? No, it's "fucked up zealotry, morality and ideology" that when someone is going around attempting to steal from and con people, "SuperKendall" wants to thank them (for ****'s sake!) simply because a minor aspect of their behaviour is that it *might* strike a small blow against Microsoft.

Ignoring the fact that this was never their intention, merely a side-effect. Ignoring the other consequences of the theft, and the fact that the thief will be free to offend again, possibly not conning/stealing info via Windows insecurities next time. (Oh NOES!!!!!! Is conning some old lady out of her life savings still acceptable if it doesn't involve striking a blow against MS).

That's what my original criticism was about, and I was very clear. You're an idiot if you think that it was a defence of MS or their products. So, are you really endorsing SuperKendall's position, or are you just stupid?

trolled!

[ClioCJS]

I actually agree with what you said :)

VPN

Whenever out and about I use VPN to Netscreen at my house and surf from a terminal server there.

mobile?

How about something for mobile? Neither https://m.gmail.com/ nor https://m.gmail.com/mail stays secure after the login.

Of course I did.

[node+3]

Dude, you're reading way too much into this. Do you honestly think "SuperKendall" would really thank the person? Do you think he *really* thinks the criminal involved is a good person and is doing a good thing and should be commended?

Of course not. What he wrote is meant to convey, "I hope people learn from this just how awful Windows security is, and take appropriate action."

If he does mean what you inferred, then I'd agree with you (not nearly as strongly as you had put it, you make him sound like Hitler or something).

That's what my original criticism was about, and I was very clear. You're an idiot if you think that it was a defence of MS or their products. So, are you really endorsing SuperKendall's position, or are you just stupid? So, to quote your subject, "My God... did you actually read what I said?"

Where, at all, did I say you were defending MS or their products? Where? Please, post it, make me look like a moron.

To answer your question, I am endorsing SK's position, his position is not what you think it is (although if he wishes to clear up the matter, I reserve the right to change my answer if I'm wrong about his position), and no, I'm not stupid.

Re:Of course I did.

[Dogtanian]

Dude, you're reading way too much into this. Do you honestly think "SuperKendall" would really thank the person? No, which is why I stated in my original reply that "I doubt that you were serious about thanking the guy".

Do you think he *really* thinks the criminal involved is a good person and is doing a good thing and should be commended? No; what I really think is that he's so bound up in his anti-MS zealotry that he only sees (and cares about) what will- in reality- likely be a very minor individual blow against MS, and disregards everything else.

Where, at all, did I say you were defending MS or their products? Where? Please, post it, make me look like a moron. You stated here that

Windows has had serious architectural and procedural flaws for over a decade now, which Microsoft is fully aware of, yet has done very little to address, and it's "fucked up zealotry, morality and ideology" to hope that people will wise up and switch? when my criticism was of SuperKendall's moral priorities, and had nothing to do with this. SuperKendall accused me here of being an apologist for MS, which is about as bad a misrepresentation and downright blatant fabrication of my position as you could get.

I appreciate that you didn't go this far (if your reply was not intended as an endorsement of SK's similar but more extreme position, please accept my apologies). Nevertheless you completely got the wrong end of the stick when you implied that the focus of (or indeed *anything* in) my argument could be construed as a counter-attack against criticism of MS's lousy security.

I am endorsing SK's position SK's stated position was that he would like to thank the thief. I know that what he was *thinking* was "Yay! Another blow against the evil M$", because he sure as hell didn't think (or care) about any of the other aspects of the situation. Hence, blinkered zealotry.

I'm sure that wasn't the impression he intended to convey, but it revealed his mindset perfectly.

Re:I've seen this 1st hand ditto

[WillAffleckUW]

I was flying from Santa Barbara to Seattle and found the same thing at LAX, a few days after Christmas.

But since I only wanted to play the Sims, I just turned off the wireless card on my laptop.

Had to save battery power as I was stuck there for three hours waiting for a flight that kept getting delayed.

The Airport's computer told you?

[mmell]

R-2, you know better than to trust a strange computer!

Fort Lauderdale

[dlhm]

I see this every single time I am in Ft. Lauderdale airport. Which is once a month. The airport wireless sucks sooo bad, that users may try to connect to another one that says "free".

I've seen this in coffee shops

[bombastinator]

I've seen this same thing in two coffee shops in the Minneapolis/Saint Paul area. They were both places which had free but non-open access. i.e. places where you have to log in or get some kind of code number or something. One was a Caribou in Roseville and the other was some restaurant in Minneapolis (I forget where)
In an area that small it might be possible to catch the perpetrator if one could target him/her narrowly enough. Does anyone have any suggestions on how to do that?

Tis True ...

[Joe7Pak]

Saw this, this week, at Baltimore's BWI airport. Didn't log in, as I'm cynical enough to know what's going on. TAANSTAAFL.

Re:Tosser... (said the Tosser)

[node+3]

If the face of OSS people is "ha ha, sux0r, you got r0bb3d ya lus3r n00b" Who said that? His point was, as I read it, that it's things like this which highlight the security issues of Windows.

Misrepresenting him does not help your point. He never said anything remotely like, "ha ha, sux0r, you got r0bb3d ya lus3r n00b".

That's like dismissing Al Gore's film by mockingly pretending he said, "we should all turn vegan and live in mud huts".

I call to your attention yesterday's Dilbert Cartoon to bolster my point. =) Oh, well, if it was a punch-line in a comic... Surely I concede! :-P

Certainly, nothing wrong with criticizing SuperKendall's choice of wording, but I was responding to the attack, "your fucked up zealotry, morality and ideology". Dogtanian seriously jumped the gun on that one.

Re:I just have to do this

[Bucc5062]

If Userid.length = 4 Then
        FuckWith(User) = False
Else
        FuckWith(User) = True
End If

Or for older folks

If Len(Userid) = 4 Then
        FuckWith(User) = 0
Else
        FuckWIth(User) = 1
End If

or in the grand language

IF Lengthof User Is Less then 5 Then FuckOff
Else Perform 0500-FuckMe

Re:Tosser... (said the Tosser)

[gstoddart]

Who said that? His point was, as I read it, that it's things like this which highlight the security issues of Windows.

Misrepresenting him does not help your point. He never said anything remotely like, "ha ha, sux0r, you got r0bb3d ya lus3r n00b".

I think I was more agreeing with the criticism of SuperKendall's wording of thanking someone for driving more people away from Microsoft. But, I certainly have witnessed more than a little bit of that overzealous attitude I was referring to. Here on Slashdot, there seem to be an awful large amount of people who figure the best way to advocate Linux is to hope people running Windows suffer extreme misfortune and then rubbing their face in it.

That's like dismissing Al Gore's film by mockingly pretending he said, "we should all turn vegan and live in mud huts".

If I get a girl in a grass skirt and a coconut bra out of the deal, I'm all over it. ;-)

Oh, well, if it was a punch-line in a comic... Surely I concede! :-P

*laugh* OK, fine. As long as you concede, that's the main thing (kidding).

I didn't mean to infer that the poster had said such things. But, it's a sentiment I see expressed here on Slashdot with great regularity. I suspect that Dogtanian was also reacting to that attitude which makes OSS people seem so unpalateable to many people.

The way it was expressed, it seemed like more of that "fucked up zealotry, morality and ideology" whereby anyone with the misfortune to get stung by the fact that MS is so damned insecure has clearly comitted a crime against human intellect and deserved what they got. Which doesn't really help anyone who is seriously trying to put forth the argument that Windows is lacking in a lot of areas.

Cheers

Um,,,

And (so the police will want to know) since you obviously knew this guy was up to no good, why didn't you report it?

Because he knew he'd be wasting his time?

Re:Um,,,

[Dogtanian]

The implication was that this question would be asked in court, and could make you look bad (if not downright suspicious) for not reporting it.

You must be a real party to be around.

"but this absolutely does *not* justify your highly dubious glamourisation of a thief simply because they make MS look bad."

They didn't glamorize the thief. They were just happy that Windows users were getting screwed. And they opined that if that's what it took to get them to switch away from a bad OS, then ultimately it was for the good.

I don't see anything wrong with the sentiment. ....oh... BTW , if you ever let the police know about this kind of scam, do as all a favor and tape the phone call. It will be absolutely freakin' hilarious.

Now, there's a really high horse over there.... you might want to crawl up on it and ride away.

Re:You must be a real party to be around.

[Dogtanian]

They didn't glamorize the thief. They were just happy that Windows users were getting screwed. And that sums it up; did not give a toss about anything else other than that Windows users were getting screwed. Zealot; enough said.

How about...

[gnu-sucks]

...not enabling file sharing? Or if it's a browser exploit, not using IE?

I don't know, I haven't used windows since 3.1, but this sounds kind of silly to me.

Well,

[tkrotchko]

The way around this is to buy the salesmen an EVDO card and let them use that. That way you can control their access and you don't have to worry about some poor salesman endangering your network.

Re:Better yet... meshing.

[mungewell]

Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too So given the crowd here, why wouldn't you mesh the ad-hoc network and extend it's range....

Seriously though, it's not hard for the service providers to prevent this happening. Scan for 'free' networks, connect to known site, detect which account is passing this information and disable it.

It's probably in their interest too.
Simon.

Re:Article does not explain the zombification proc

[Vellmont]

That said, creating the key required to re-encrypt would be quite difficult, as it would
    a) have to be signed by an appropriate CA
    and
    b) reference the proper domain

You misunderstand. Since you start out at the site via http (I misstyped), the attacker only need change https:/// links to http://./ The victim goes to the website, and clicks on an http:/// link (which should have been https on the REAL non-proxied site). Thus the victim NEVER GOES TO THE SECURE SIGHT, so there's no need to spoof an SSL certificates. It still looks exactly like the real sight because it's proxied. The only difference is you're connecting to the attackers proxy via http, not https.

Different matter

[SuperKendall]

This isn't a Win vs. Lin issue. Stunnel is available for Windows, too. What happens when you think you are on a free network, you try to Stunnel to your server, and you get the error: ...

That's why I don't connect to any services that use simple SSL or anything when on a public WiFi.

But for browsing Slashdot or other news sources - well, who cares who gets my Slashdot password? The problems caused by it leaking are too minuscule.

It's the automated Zombification/infection that is the big problem I see, people do need to be warned to be careful about what they browse in public. But on a windows box connected to a "rogue" WiFi agent, anything you browse (with IE) or even just having open shares means you have problems.

Re:Article does not explain the zombification proc

[RAMMS+EIN]

Just FYI: when talking about web sites, it's "site", not "sight".

This is not just at airports

[JohnnyGTO]

I actually saw this at Humboldt State University yesterday. Except the clowns didn't have the connection to the internet set up nor were they able to do much with a firewalled MacBook Pro. Scanning the area for WiFi I found "Free Public Wifi".

Re:Strawman, backpedalling and all-round pack of l

[Afecks]

I think this type of argument stems from the attitude some people have regarding their operating system of choice. Some people believe their operating system is more secure and feel the need to belittle the security of other operating systems. Those of us with level heads know that all human designs are prone to error. Relying on others to take care of your own security is foolish. Be it Microsoft, Apple or anyone else.

Free Public WiFi

[emlyncorrin]

I've seen several ad-hoc networks called "Free Public WiFi". I wondered about them and found this blog. It seems there is a "feature" in Windows where after you disconnect from a wireless network, it will continue broadcasting the SSID as an ad-hoc network. Other people then see it, try and connect, and then start broadcasting it themselves...

ettercap

[pestie]

Ettercap will let you launch an MitM attack against HTTPS. Yes, the user's browser will throw warnings about invalid signatures, but in practice, 99% of people click "yes, go ahead anyway!" Even the ones that bother to check the certificate will see it's full of perfectly legitimate-looking information and assume "it's just a glitch." It's really scary, but that's what almost all non-IT people will do.

Re:Article does not explain the zombification proc

Yeah, that's where I do my bank transactions, the Airports and coffee shops. Because I would not want the police to know who transferred all that Nigerian money!!!

TFA is way over hyped. To be zombified you have to be stupid enough to give write access share to "Documents and setting \ [user name] \ Start Menu \ Programs \ Startup", or some similar "startup execution" location or file such as the registry database.
Windows does not let you do that easily be default (several "are you sure").
Do we really need to talk about people starting to execute unknown EXE found in a "write share" directories?
Basically, if it happens you deserve it.
A lot worst, making thousands of victims are the "Press Yes on the certificate dialog to install our Make Money Fast toolbar".

captcha 'exploits' - How a propos

FUD Nonsense

[Deadplant]

You join it and, if you have file sharing enabled, your computer becomes a zombie. That is just wrong.
Move along folks, nothing to see here.

Let me repharse that for ya: users who don't keep their systems up-to-date with the latest security patches and users who blindly accept invalid ssl certificates will get owned.
p.s. risk increased somewhat when wireless networks are involved.

why do articles written for complete newbies get posted here on slashdot?
This is supposed to be "news for nerds" not techno-fluff peices for CEOs and US senators.

Re:FUD Nonsense

[Deadplant]

oops, i meant "Alaskan senators"

Re:Article does not explain the zombification proc

[giminy]

TFA was not intended to be a HOWTO. Articles that come in glossy-coated magazines never are. The reason it was posted to slashdot was, I think that it garnered some big-time attention, and the particular attack hasn't been mentioned anywhere on slashdot before. I think the slashdot crowd can engineer ways to do the exploit, and defend against it, and we'll all get rich no matter which side of the fence we decide to play.

As for a HOWTO, it depends on the situation. If we make the assumption that user file sharing is on, as TFA says (and you assumed away in your initial post), there are quite a few avenues.

I believe the implicit assumption from TFA is that "Filesharing enabled" means that some directory is read+write to the public. This isn't that uncommon for home computers. Users don't want their kids to have to remember passwords. "After all, we only use filesharing on the home network." Heck, the last time I installed Windows XP it created a password-less administrator accounts during the install process. Anyway, here's your howto:

1) Drop your payload in the shared folder.
There are a lot of ways to get the user to execute the payload:
2) a web proxy that does meta-refresh to file:///path/to/file might work (not 100% sure if that would work? I haven't actually used Windows for any great length of time in years).
2 [alternate 1]) Web proxy that says, "[path] is standard Windows software that allows you to use Free Wi-Fi service. Please run [path] in order to connect to the internet. [link]. [optional: As the software is already installed on your computer, security is guaranteed!]" 99% of the idiots that have filesharing on will do what the browser tells them in order to get their precious free Wi-Fi.
2 [alternate]) If that won't work, there are a lot of other ways to get a user to open something. Even just putting it there could be enough. Average user will see the file some day and say "hey, I haven't seen that before, I wonder what it does [double-click]." The payload doesn't have to deploy right away, perhaps it takes time.
3) ??? [alternate: make computer into a zombie]
4) Profit!

The interesting thing about using this method to deploy a zombie program is that it is very very very difficult to track down. If the initial injection of malware is done using a remote attack, forensics people have a reasonable shot at tracking the source (or at least tracking the next link in the chain, and eventually finding the source).

Assuming the attacker gets the zombie software on even 10 computers this way, (s)he now has 10 computers that can be used to launch zero-days against yet other PCs, remotely. Forensics folks won't have any meaningful logfiles to analyze to look back at the initial injection vector. Assuming the malware does nothing to clean its tracks and the computer logs everything, all they'll find is that the payload was put there by a wireless device with [forged mac address] at some date and time. Not much to go on when looking for a perp. I'm sure there were a lot of people at the airport that day, and a lot of people watching in the observation deck/waiting outside for a loved one/using a pringles can antenna in their car. The only other avenue they'll have for tracking is to find the controller. And if the controller uses TOR or something, good luck :).

There are probably better ways to get a user to execute an already-installed-executable that I don't know about. Others can probably chime in.

Reid

on linux

[towsonu2003]

how do you find out whether it's an ad hoc if you're using linux? iwlist something... ? thanks

Bullshit flag raised -- this article is CRAP!!!!

[Uhlek]

Wow. What a bunch of alarmist crap.

The "Free Wi-Fi" stuff you see in airports aren't all, or even mostly, scams. Whenever someone sees one of these ad hoc networks and attempts to connect to it with a Windows machine, the Windows machine then broadcasts out that as a possible ad hoc network. It then carries that ad hoc network name with itself as you move.

That's how the SSID has spread so far and wide, and why it is so prevalent.

You should be *ALWAYS* careful when using ANY public wifi hotspot. Your traffic can be easily monitored or hijacked with very simple tools, none of which require setting up your own rogue AP or a fake ad hoc network.

Computerworld got had by a security firm looking for some free advertising. Way to go!

Fanatics

[Per+Abrahamsen]

> And people wonder why some Linux and Apple supporters have a bad reputation for being fanatical.

Really? Who are those people?

I have never seen anyone question the fact that some Linux and Apple supporters are fanatical. Not even the fanatical Linux and Apple supporters themselves.

Re:Article does not explain the zombification proc

[Chapter80]

How about putting an exectable into a Start-up folder or changing an executable that is known to start (a driver?) so that it runs a zombie program.

It may not immediately start up, but it could soon enough - next reboot. Next time a certain program is run (Word, Excel, IE, etc).

Seen in Seattle on Tuesday

[metalwheaties]

I saw this while at a meeting on Elliott Avenue West (around 351) on Tuesday 22jan2007 - ad hoc network showed up called Free Wifi. It disappeared in the space of 30 minutes while I was investigating further.

Re:Article does not explain the zombification proc

[Bert64]

If you control the network, you could setup a transparent web proxy that pushes browser exploits with every page you view.

Re:Article does not explain the zombification proc

[Beryllium+Sphere(tm)]

There's software to rewrite web pages on the fly, which could be used to splice in an IE exploit (if, hypothetically, you knew of one that hadn't been patched :-)). Or just redirect to a site that does driveby downloads for your business associates.

Easy Countermeasure

[bughunter]

I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile.

Someone in the vicinity of my office (in a Chatsworth CA industrial park) was broadcasting a wireless network titled "Free Public WiFi" for the past couple of weeks, and since I'm using OS X, it appeared under my AirPort status menu as a peer-to-peer network. These come and go, and I routinely ignore them. That is -- until I saw this ComputerWorld article on Slashdot.

It could have been a coworker, or someone in an adjacent building, or someone parked on the street... the signal strength was 5 bars on a WinXP notebook one cubicle away. It could have been an intentional scammer, or a victim of a scammer's trojan, implanted via a public hotspot. So I forwarded the ComputerWorld URL to everyone in the office, summarized the scam and the risks, and asked folks to run their spyware/adware scrubbers if they had used a public hotspot recently.

And I created my own peer-to-peer network "Free Public WiFi is a CON!"

Within hours, the "Free Public WiFi" was gone. No telling who it was or what their intentions, but at least it's gone.

Now all the crooks need to do is "charge" instead

[filosofo]

. . . so they get people's credit card info and catch all those savvy travelers on the lookout for "free" APs.

Re:I just have to do this

[jonasj]

If Userid.length = 4 Then
                FuckWith(User) = False
Else
                FuckWith(User) = True
End If

Needlessly verbose. Try FuckWith(User) = (Userid.length > 4) (or rather user.fuckWith = (user.id > 9999) )

Re:I just have to do this

[Bucc5062]

You called me out. I wanted to troll for C++/Ruby/PHP/Python/C#... oh hell the list is endless programmers who hate .net.

variation:

FuckWith(User) = IIf(Len(UserId)5,False,True)

No matter how you write it, the business spec is dont 'fuck with /. users that have numbers less then 4 digits. :-)

I saw a cell today

[accessdeniednsp]

I saw a cell today in Raleigh, NC (near Crabtree Valley Mall) labeled "Free WiFi" with no encryption. I thought that was ... odd.

I didn't join it, but even if I did, I use Linux (no Samba either) and I already had my iptables firewall configured.

Very interesting, tho, now that I come home and read this. Very curious...

Saw this in Sydney (SYD) last week

[laptop006]

Saw that I got no connection so I just disconnected.

Screenshots of it in action

[lakiw]

I've seen this scam in the wild at St Louis airport. I have screenshots if anyone wants them. I didn't even know that this was a current issue, (I haven't had internet access for a while because the hotel I was staying at charges extra), but when I fired up my computer, I saw "Free Airport wireless", and "Free Public Wifi", as peer to peer connections. It was weird, so of course I started taking screenshots. I didn't try to connect to them though since I had a customer computer that hadn't been patched in forever.

Re:I just have to do this

[jonasj]

What does the code have to do with .net? It's just plain (horrible) VB, isn't it?

Re:Tosser... (said the Tosser)

[Dogtanian]

node 3: Who said that? His point was, as I read it, that it's things like this which highlight the security issues of Windows. His point was that he'd like to thank the thief- and I quote:-

SuperKendall: The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice. He thanks the thief and endorses his behaviour because it might give MS some bad publicity.

Handily (and/or stupidly) disregarding the fact that the thief's behaviour/motives had nothing to do with this, happily disregarding the consequences of the theft on the victim and happily disregarding the fact that he has endorsed (if giving thanks isn't endorsement I don't know what is)- and by his previous actions and omissions glamorised- the behaviour of a petty lowlife thief.

Certainly, nothing wrong with criticizing SuperKendall's choice of wording, but I was responding to the attack, "your fucked up zealotry, morality and ideology". Dogtanian seriously jumped the gun on that one. Jumped the gun? There was no gun to jump. SuperKendall said what he said; it was wrapped up in one stupid, narrow-minded sentence, but everything I said was fairly drawn from it.

I stand by what I said. SuperKendall didn't; in fact he avoided mentioning what he had said originally (and blatantly misrepresent what *I* said), and tried to re-paint the exchange as a discussion about MS's lousy security.

Either that or he was too stupid and obsessed with this issue to see that it transparently wasn't the point of my criticism; which is probably true- it would explain the messed-up ethics in his original comment.

Re:Strawman, backpedalling and all-round pack of l

[Dogtanian]

True; it doesn't change the fact that Windows XP has some serious issues with security, however...

Re:Tosser... (said the Tosser)

[Dogtanian]

The way it was expressed, it seemed like more of that "fucked up zealotry, morality and ideology" whereby anyone with the misfortune to get stung by the fact that MS is so damned insecure has clearly comitted a crime against human intellect and deserved what they got. It was more than just that; it was that SuperKendall actually supported the actions of the thieves and wanted to thank them. It's not just messed-up morally, it's downright blinkered and stupid to think the thief's choice of behaviour had anything to do with an anti-MS agenda. Or, for that matter, to disregard the fact that most of the thief's scams will have nothing to do with Windows, but just as likely stealing from vulnerable old people and the like.

Real-life thieves and conmen aren't like those in "Hustle", the majority are morally bankrupt vermin who don't give a toss about anyone else. SuperKendall would like to "thank" them.

The unacceptable face of Linux zealotry.... these sorts of views make all of us Linux users look bad, unfortunately.

Re:I just have to do this

[Bucc5062]

The original snippet was vb.net beacuse is uses the Length property, a feature not found in VB. As to horrible? Beauty is in the eye of the beholder. Having seen many a programming language in my career the horrible thing is missing the beauty in each language.

Anyway, way off topic and time by now.

So the moral of the story is...

[epp_b]

As long as the network you're connecting to is named "linksys", it's OK, right? Right??

Re:I just have to do this

[jonasj]

The original snippet was vb.net beacuse is uses the Length property, a feature not found in VB.

Not necesarrily... You never said |Userid| was a string, it could be an instance of some class that had a |Length| property? :-P

Saw this a lot this week

[Gyorg_Lavode]

I flew through DC and Logan this week and saw this a couple of times. I assumed it was some kind of scam. It's interesting to see it confirmed here though.

Can't you do this in AP mode?

[diamondmagic]

Couldn't you run a network in access point mode? If that would be too hard, just use a wireless router, with the WAN connected to a network bridge...
And I would like to know *why* simply connecting to a network allows others on the network to automatically read and change your files.

Re:Can't you do this in AP mode?

[epp_b]

And I would like to know *why* simply connecting to a network allows others on the network to automatically read and change your files.

Because, evidently, you didn't even read the summary, let alone the article.

I saw this in downtown Seattle

[scottru]

for those who live in the city, it was around Denny & Aurora - I was stopped on a bus scanning for local networks and saw something that looked exactly like this - a "Free Wi-Fi" network that was peer-to-peer. I didn't connect to it, something seemed fishy, but they're out there, and not just in airports...

Am I the only one that sees the benefits?

[Kryztoval]

Windows users will become a computer that: first infect others, second share internet That's a hell of a nice choice!! I don't mean to enforce that practice, i consider that damn foul play, but... think about it, if i could give away 10% of my badnwith to wireless users... I would!! If everyone did that we could have free wireless all over the country and count of being able to connect from almost everywhere... So, if you happend to know how to do that the easy way (say a router that can broadcast 2 SSID's one private with password and 90% of the bandwith and another with a public, free, and 10% bandwith) hell, I'll do that!!!! and i'll even convice a lot of people to do it! Well, coming back to that, file sharing for all, writing permissions, loging into an ad-hoc network, really simple scam, isn't it?