Slashdot Mirror
Herding Firesheep In NYC — Do Users Care?
An anonymous reader writes "Following the Firesheep uproar, I spent some time telling people who don't read Slashdot about the vulnerability that open WiFi networks create in what seemed like the most effective way possible: by sidejacking their accounts and sending them messages about how it happened. The results were surprising — would users really rather leave their accounts open to intruders rather than stay off Facebook at Starbucks? The link recounts the experience, and also lists some rough numbers of how many accounts could be compromised at a popular NY Starbucks location."
You would be arrested. Breaking into someones house to point out that you can break into their house still leaves you with a breaking and entering charge. Even if you caused no damage and took nothing, you're still going to jail brainiac.
Sidejacking?
Don't be so foul!
People leave themselves signed into facebook all the time in my university library. Some people just don't care that much.
I hope his guy well. But there's gotta be somebody who thought up the idea of sending him a cease and desist letter just for the fun of it - or extracting a few thousand dollars from him.
... that some users might weigh the costs of security against the costs of being insecure and opt to be insecure. As an example, I don't generally lock the doors of my car. I've found that if I do, people that want to get in when I'm not there break the windows and take what they want anyway. Locking my car doors merely causes the extra headache of replacing the glass alongside whatevever gets stolen. Yet the author of TFA would consider me a moron for being within the universe of people that have an intruder yet still refuse to lock their doors.
Bingo. The article he linked to talks about VPNs. Seriously, WTF? The threat Firesheep poses is basically this - some guy harassing strangers in a Starbucks. Maybe if you're very unlucky a friend/enemy doing the same. Weigh up the options, which is easier - ignoring the occasional douchebag who causes trouble in Starbucks vs buying service from a VPN provider. It's not surprising most people choose the former and you don't need an experiment to realize it!
I wonder if the problem isn't linked to the spread of specific remedy rather than actual understanding. We've all told confused relatives and friends to delete random messages appearing in their accounts, and to avoid clicking on links or buying products that promise some online miracle. That's possibly what those last hold-outs in TFA were reflexivly doing. In effect we're trained people to behave in a way that was understood to improve security, without providing them the context to protect themselves in any other situation. Like teaching a child not to stick their hand into the sitting-room fireplace but failing to mention that stoves, heaters, and engines all get bloody hot too. Hell that's a flawed lesson as well...they should have been taught about heat and burning as concepts. I'm not really sure how to solve the issue though. At the end of the day a large portion of the population lack the skills, time, interest, or motivation to learn about what is becoming the increasingly complicated world of computer security. I'm a proud geek and I couldn't tell you how secure firefox add-ons are, or which virus scanner does the most reliable work, or how the hell to stop random ports blah blah blah
That being said only 5 out of 20 actually ignored the advice. Of those another 1 took a little more effort but finally learned his lesson. That's not bad odds considering.
... that some users might weigh the costs of security against the costs of being insecure and opt to be insecure. As an example, I don't generally lock the doors of my car. I've found that if I do, people that want to get in when I'm not there break the windows and take what they want anyway. Locking my car doors merely causes the extra headache of replacing the glass alongside whatevever gets stolen. Yet the author of TFA would consider me a moron for being within the universe of people that have an intruder yet still refuse to lock their doors.
why don't you explain what the costs are of using a free firefox add-on, or would that make you realize your correlation was completely irrelevant banter?
So, does your insurance company give you a discount for providing easier access to thieves?
So that's the reason. None of them noticed his messages because they were too busy staring at his crotch.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
A lot of the time it seems people would rather not know, or be dismissive of their risk because they just simply cannot comprehend the details or do not want to. There is nothing else you can do for them. Someone once said about people: you can explain it to them, they will understand it, and then they will ignore it.
boycott slashdot February 10th - 17th check out: altSlashdot.org
How exactly VPN can help there? You're still passing unencrypted data to Facebook. All the gain is that it's less likely than someone listens to the traffic between the VPN provider and Facebook compared to the unpalatable liquid venue you're in.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
What gives this guy the right to do this? He should be prosecuted!
Maybe he should go around picking locks and leaving notes in peoples house about how easy it is to get into the house.
Self important prick.
My sister understood that after I showed her how easy it can be to dig up information on people who do not take any precautions, ie. her previous employer who fired her. But that anecdote aside, I think I agree with previous voices.. great big lawsuit is afoot.
This post is provided without warranty as to reliability, accuracy or otherwise or fitness for any particular purpose.
Yes, exactly.
Your kind of thinking is exactly why the software security business routinely finds itself mystified by the behavior of ordinary people. It's not that those people are dumb. It's that some geeks end up with a wildly distorted view of risk. Let's review the risks here:
I'd still happily log into Facebook from a coffee shop post-Firesheep because frankly, the chances of me encountering some bizarre creep is very low. If they do steal my session cookie and I notice they are tampering with my account, I can solve this problem by logging out, leaving, and logging back in again somewhere else.
you're joking right? how do you think all the interior cameras get in side the house?
they contact the family, sign a contract to get permission to break in and pay for damages etc., and then set up cameras.
This supports my opinion about Facebook privacy fears are greatly exaggerated and maybe the people that care the most are the ones trying to sell you something to protect yourself from it. First of all, I don’t care if anyone sees my Facebook information because I don’t post anything that I wouldn’t want the public to see. Even the photos of my daughter are not especially dangerous in a stranger’s hands. With the other accounts, as long as no one sees my credit card or bank info –what does it really matter? Consider that most of your personal information is already available on the Internet through a Google search and in the local phonebook. Also Identity Theft occurs all the time from activities that have nothing to do with computers or the Internet. Last time my credit card was used fraudulently it was because my purse was stolen out of a locked car in a mall parking lot. Guess I better not drive or shop a mall anymore! If you are worried about your children, people that might harm your child are just as likely to be seeing your child in Starbucks as breaking into your photo gallery on Facebook at Starbucks, and it would be a lot easier to steal your child at a Starbucks than to figure out how to find your child after breaking into your Facebook account. Also just because there could be a child predator at your local Starbucks or shopping mall, does that mean that you will never let your children leave the house? I sure hope not. Believe me, I am in IT and I fully support appropriate IT security and due diligence, but I think the concerns about Facebook and Amazon privacy are over done and are almost a created problem where none existed. If you don’t like Facebook or Amazon, don’t use them. I, myself, will keep using them because I enjoy them and I don’t really think other people at Starbucks care about my Facebook activity. I sure don’t care about theirs.
I do this too. x2 if you have a convertible. Replacing a top is hardly a cheap or easy job B-)
Honestly, the BEST thing you could have done for them would have been to deface their accounts, disclosing that they were warned in advance but "too stupid" to take the threat seriously. Embarrass them to no end, links to goatse content, sign them up for groups like NAMBLA, you name it. Then change their password so they can't just quickly log in and fix it.
Make examples of them, so the next time, and maybe for their friends witnessing it, having what and how spelled out publicly might make them take the threat seriously.
Your kind of thinking is exactly why the software security business routinely finds itself mystified by the behavior of ordinary people. It's not that those people are dumb. It's that some geeks end up with a wildly distorted view of risk.
In my case, that 'distortion' is the application of automation. Yeah, today very few people are side-jacking facebook. But I can remember when phishing, 411-scams, and even spam were all so rare that those didn't pose a significant risk either. But all of those, and pretty much every significant risk on the net, became problematic due to the application of automation. Side-jacking facebook is ripe for similar automation. And don't think for a second that attacks that are automated will be so blatant that you can easily notice tampering with your account -- that would defeat the purpose of malicious side-jacking in the first place.
When information is power, privacy is freedom.
*sigh* I wish thieves were that intelligent.
Window in an old POS car I used to have were broken to steal spare change I had sitting in the console beside my shifter.
My doors were always unlocked due to some jackhole years previous driving a screwdriver in the keyhole rendering it useless. :(
So you think it's easier for criminal gangs to build and deploy thousands of small, hard to discover automatic wifi sniffers/repeaters all across the country than to simply infect computers with malware? Anything valuable is already SSL protected so that scheme would be very expensive, labor intensive, easy to discover, dangerous for the criminals and useless against high value targets like banks or gmail accounts.
Firesheep does Amazon too. Let the wrong person on your Amazon account and you might be in for a surprise when your credit card statement arrives.
Give me Classic Slashdot or give me death!
I gave Firesheep a try today, and am surprised how many times my own cookies come up inside it without me directly visiting those sites. My google account came up without me browsing at all -- perhaps one of my firefox add-ons was using it, or maybe google latitude on my phone was triggering it? My facebook account came up when browsing other non-facebook sites as well, most likely from facebook connect. The users could have stopped visiting facebook after getting his warning messages and still had their cookies exposed.
Your statement is stupid. Who is going to pay the deductable if there was no damage to the vehicle and there was nothing of value in the vehicle?
Insurance companies need not be involved. Why should they? Over the crackhead change in your centre console?
As a potential lottery winner, I totally support tax cuts for the wealthy
Tho one could question why Amazon should keep a copy of the credit card info at all.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
...vs buying service from a VPN provider.
Ummm...how many people reading this article actually bought VPN service from someone else? I run OpenVPN or Tunnelblick on my laptops and VPN home. Even the least tech-savvy geek on /. should be able to at least port-forward through SSH. (If you can't please turn in your geek card now.)
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
This idiot commits a felony and goes around bragging about it? I'm sure he will feel the consequence of his actions shortly.
Generally speaking, it's not cost-effective to carry comprehensive insurance on a vehicle more than two or three years old. Consequently, I only carry liability insurance on my vehicle.
But even if it were prudent for me to carry comprehensive insurance, whatever contents of the car that might get stolen would almost certainly be lower than the deductible while the price of replacing a broken window will almost certainly be higher than the deductible.
For example I set up my sisters computer with a firewall, anti-virus, anti-malware software and installed FireFox.
What happened?
My sister and her husband got sick of the question popping up all the time, "Do you want to allow this program to access the internet?" and instead of reading and the checking the box "Do this always" they found it easier to turn off the firewall and the anti-virus (more stupid questions they didn't bother to read). And to top it up, they thought IE was more familiar and started (against my strong advice) using it again.
But they didn't have to be the one spending 20h+ trying to rescue what was left after 50+ different virus and adware fighting over the control of the computer.
It's the same with getting their account hacked, it not their problem (they think), it's mine.
If people would handle their cars the same way they handle their computer the car industries wouldn't have any problem with sales today...
And if people handled strangers the same IRL that they handle them on the Internet we would have everyone giving away their keys to their house if a stranger asked for it (of just give it to them without them asking...).
I will never understand why people feel so safe on Internet.
The funny thing is I bet if he'd put "You're at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool." followed by a nice image implying "Click here to install a tool to protect yourself", a very good percentage of them would have clicked it!.
Back when I was a student in college, we were using DEC VAX/VMS systems to provide service to the campus network.
I loved the help menu. It was VERY useful to do all sorts of things, such as creating your LOGIN.COM file. With the LOGIN.COM file, you could set your command prompt, establish which home directory to use, create macros to start batch jobs...you name it.
Occasionally, we'd come across someone who forgot to log out of their session, and just left ms-kermit running on their terminal.
If it was the first time, we'd telnet into their mail client and send them an email from themselves, warning them to be more careful. If it was the second time, we had a bit more fun.
Such as setting their home directory ATTRIB *.* +H
The best was when we edited their LOGIN.COM file, so that whenever they tried to execute *any* commands, it would send a pmail to the sysadmin saying, "I'm an idiot who left his account open, and I need an adult to fix it for me, please?"
Not surprisingly, the sysadmin WAS amused by this, and had great fun exacerbating the torture. It was a different era, when sysadmins had PhD's and a sense of humor.
Fond memories...
[End Of Line]
My favorite coffee shop has RJ45 ports at the tables on a switched network.
Still sniffable, obviously, but at least not passively: One must do some amount of ARP poisoning or MAC overflow in order to get much meaningful data.
Kid-proof tablet..
"You can't stop the signal, Mal. Everything goes somewhere, and I go everywhere." -- Mr. Universe, Serenity
Clearly, the people in the article have blocked Facebook messages from themselves. I've done this myself, in fact. It's the only way to keep the dozens of warnings I receive every day about how insecure Facebook is from clogging my inbox.
or just run ettercap
A lot of people might, dumbass. Where I live, I can't get more than 1 meg up for home service (under $70/mo), so using my home connection as a general purpose VPN forwarding point would suck ass on many sites.
Also, since the issue here is about the Facebook population... the intersection of Facebook users and SSH port forward capable people is probably a very small percentage of Facebook users.
Luckily I don't have a geek card to turn in, and if I was forced to have one I would gladly turn it in, since the more self-identified geeks and hackers I meet in recent times, the more I come to the conclusion they're mostly idiots at this point. Ever since "geek" became some kind of shibboleth, it's been all down hill.
Fuck being a geek. There is no virtue in being capable in one area to the detriment at all others. It is indeed possible to dedicate one's brain to both number theory and cryptographic fundamentals, and still be able to solve simple cost-benefit problems.
Would no the option of not using Firefox with Firesheep enabled remove the security issue that goes along with wifi browsing? I dropped Firefox about a year ago because it was too slow, too much baggage, I run the Chromium browser or Google Chrome browser almost exclusively. Haven't heard aof any such vulnerabilities with wifi or otherwise there ??
Comments ?
Clive DaSilva Email: clive.dasilva@gmail.com Ubuntu 18.10 Kernel 4.18
Your online accounts are not like a car.
You can't very easily "empty" your online accounts.
Once someone breaks in, they can do things with your account without having to do any further "hotwiring".
Simply accessing the account through "hijacking" a session doesn't break anything that needs to be repaired after the fact, so leaving your account vulnerable to hijacking doesn't save you anything.
You might find the utility of open wifi to be worth the risk that your transmissions can be intercepted, read, and your accounts hijacked. But if it starts happening, like, more than once, most likely you'll change your mind quickly.
We really need a wifi protocol that allows open yet private access via encrypted tunnel. We *really* need to get off http and do *everything* over https. We *REALLY* need to fix the terrible mess that is SSL certificate authority based trust.
You see? You see? Your stupid minds! Stupid! Stupid!
So you think it's easier for criminal gangs to build and deploy thousands of small, hard to discover automatic wifi sniffers/repeaters all across the country than to simply infect computers with malware?
(A) Mischaracterization
No need to "build and deploy" a bunch of fancy shit - all its takes is for individual petty thieves with cheap laptops to spend an hour or so at each of the hotspots around their neighbourhoods each week. Small time scammers work for small time profits all the time. Just look at how frequently credit card theft is committed by low-paid clerks and shoulder surfers. Sniffing wifi is a hell of a lot less risky than either of those.
(B) False Dichotomy
Just because one means of attack is available doesn't preclude entirely different people from attacking via another avenue.
When information is power, privacy is freedom.
Why do you need hardware when all the hardware is already out there? A sidejacking worm will do the trick:
Deface people's facebook pages to convince them to download the worm. Worm runs locally, quietly sidejacks other people's facebook pages and defaces them. Cycle continues and sidejack worm spreads through all the coffee shops in the country, stealing personal information and credit card numbers as it goes.
*Switched* network. Read smarter, not harder.
Well, they offer to keep it. If you decline that offer and they still keep it, then there's a problem. But if they're keeping it because you asked them to to make your purchases more convenient, then, no, you may not question why they're keeping a copy of your credit card info. You would already know that they need to keep that info in order to keep the info.
Can you be Even More Awesome?!
One click shopping (tm) :)
DNA in your Linux: DNALinux
The hacker runs Firefox with the Firesheep extension, not you.
It doesn't matter what you run, you're still vulnerable if you're sending cookies in the clear.
I'm confused.
Wouldn't just logging in to https.facebook.com and log on from there solve the problem?
Sig Battery depleted. Reverting to safe mode.
I just checked, and they held two sets of card data for me while i don't recall ever saying yes to them doing so...
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Again, why do we make such exceptions when it comes to technology? If you show ignorance and stupidity in caring for your home, children, pets, automobile, home appliances, or other things the world is happy to apply those labels to you. Show the same lack of interest, attention, effort, and common sense toward technology and you're not stupid or ignorant. You're just "weighing your options and risks".
You would have difficulty with your insurance coverage if your house was robbed and they discovered that you didn't lock your doors and windows. Or even left them wide open. You are forced to maintain insurance on a variety of things (car, home, health) so that you don't impact other people for your own risk assessments. But when it comes to technology, we permit this "aw, shucks" mentality. Even though identity theft of various types and degrees carry just as much damage to people well beyond just the direct "victim".
Also, there is absolutely no viable analogy between protecting your network and "if I lock my door, they'll just break the window".
By the way, what are these "costs" that you're talking about? Every wifi router in the last decade allows some type of WPA/WEP/whatever encryption. There is no cost involved in setting up WPA/WEP and then putting a sign up in your cafe that says "THE WIFI PASSWORD IS 'P@SSWORD'". Problem solved. Are you really suggesting there is any cost/benefit comparison that would find that trivial action too costly for the return?
No, the easiest and cheapest solution (almost stupidly so) is to set WPA/WEP on your access point and then post the network password on the wall of your business. The effort and cost involved is that of minutes and pennies and the reward (both in good will toward your customers and actual security) is nearly infinite in comparison.
It's the same logic of anyone else in any other environment and ignoring network security is just as stupid as ignoring all other types of security.
Go ahead and play the odds. Until the day that it bites you in the ass. I figured my lojak was a waste of money, because it's not like my car was ever going to be stolen. Especially considering where I live. Until it was stolen and it was returned a few hours later, when it was located by our police department via the lojak system.
And then the time my apartment was robbed of about $30,000 worth of items. Hey, what are the odds? There are tens of thousands of people in this city, so the odds of a bad guy being in my area and focusing on my dwelling and actually going through it is so tiny! Except when it actually happens.
Protecting your local network from something like firesheep is trivial. Will it protect everything from end to end? Of course not. Logging into sites via HTTP/plaintext will still leave you exposed at some point of the transaction, but you can at least protect yourself on your own local network. You don't need "VPN" and you don't need expensive or difficult to configure applications and utilities. You need three minutes. That's it. You are not weighing unlikely security violation versus hundreds or thousands of dollars of equipment and labor. You're weighing security against three minutes of your time to protect it. That's it.
You protect your network for the same reason you don't operate your computer directly plugged into the internet, with no form of firewall between the two of you so that you are exposed to bots and trojans and viruses of all types. It's trivial to protect against, so we protect against it.
What we NEED to do is stop excusing people's laziness and lack of interest, because it's "technology" and therefore we are just "elitists" for calling ignorant people ignorant and advising them to take precautions. Reminds me of all those idiots who got themselves into mortgage problems. Well, gosh, I couldn't be expected to make any effort to understand things for myself! I just do stuff and hope that the statistics are always in my favor!
How exactly VPN can help there? You're still passing unencrypted data to Facebook.
I was going to answer your question, but you already did:
All the gain is that it's less likely than someone listens to the traffic between the VPN provider and Facebook compared to the unpalatable liquid venue you're in.
*Less likely* is the key. That's how a VPN helps. Security nerds seem to think you have to be 100% secure (conveniently ignoring the fact that 100% security is impossible) or you're not secure at all. That's a good mindset for finding security holes, but it's a horrible mindset for worrying about one's own personal security. In the real world, you do what you can to reasonably reduce your risks and take your chances.
It's at least a little ironic that you don't think VPNs go far enough. To me, such a solution is extremely overboard. What average person is going to set up a VPN? Might as well suggest they drive to Facebook HQ and post directly from there.
No. Firesheep hijacks/copies sessions.
After logging in on https facebook redirects you to http, firesheep gets your session. pwned.
The risk is actually very low until stuff like firesheep becomes common enough amongst wifi cafe users (whether via malware or pranksters).
Currently you're more likely to lose your entire laptop to a thief at a cafe.
A WEP or PSK-WPA password is going to do absolutely nothing to prevent a malicious individual from sniffing network traffic at a wifi hotspot. By friggin definition of there being a SINGLE PRE-SHARED KEY, the malicious individual can automatically decrypt the traffic. Sweet Jesus.
Please contact slashdot admin to have your account closed.
Ah, I see. Didn't actually get that far since I have no use for Facebook.
Why would they redirect insecure? SSL takes very little additional resources once your session key is established?
Seems they could solve this if the weren't so cheap.
Sig Battery depleted. Reverting to safe mode.
I live in the Detroit area. I lock the doors on my car. I just don't leave expensive items sitting around in plain view. Beats broke windows and/or stolen items, or finding someone has rummaged through my vehicle, or perhaps is sleeping in it.
When real crimes happen like a break in, you'll be lucky if the cops show up in a few hours or even at all. Good luck explaining that someone else logged into your facebook account. Now if they heard you had an ounce of weed then its a different story...
Only the State obtains its revenue by coercion. - Murray Rothbard
This is exactly why I use an anonymous VPN service [1]. As one goes up the food chain to the core fiber links which route the core Internet traffic, the fewer people have access to the traffic and/or logging capability. To boot, if they have logging capability at the core, they would have it at the edges. There are a *lot* fewer people that have access from the core router to Facebook's page than have access (either with admin access, or are on the same subnet and can sniff/change stuff in transit.)
Essentially all someone can do with my network traffic between the endpoint connection and to my VM is drop packets and deny service. If someone is able to intercept/modify traffic going from the VPS to FB, then not just myself, but a lot of people, have very big problems on their hands.
I highly recommend people use a VPS, or if the bandwidth needs are not that high, to consider a VPS (like linode). This not just keeps people from sniffing/intercepting/modifying your traffic, but gets rid of the geotagging ad "services" which love to slurp up where people physically are. It is only a matter of time before crooks use this to find when someone is out of town to time home invasions and/or break-ins.
[1]: There are a lot of anonymous VPN services, with a lot of smoke generated about which ones "log" and which ones don't. It would be nice to get a straight answer on this, but until then, I tend to stay with what the other business users use to secure their traffic.
I'd still happily log into Facebook from a coffee shop post-Firesheep because frankly, the chances of me encountering some bizarre creep is very low. If they do steal my session cookie and I notice they are tampering with my account, I can solve this problem by logging out, leaving, and logging back in again somewhere else.
One of the articles about FireSheep discussed the fact that not all websites handle the logout properly on the server side.
So FIY, logging off and finding another AP may not kill their session.
[Fuck Beta]
o0t!
You're advocating a false sense of security. Please stop, before someone unwittingly follows your technical advice.
This is about par it's a bit silly american a bit childish a bit pathetic a bit whimpey Oh dear security security we must secure everything in case the big bad REAL world finds a way in to kick us in the fanny's .
Grow up you bunch of drivel headed drongo's get a real life get with the world instead of trying to run the frikkin world (which BTW you will NEVER DO ) and no i aint no Mushie either just you piss me off
it nees to be made LAW that ALL wifi nodes are fully OPEN if you aint got anything to hide you dont need everything to be encrypted you only hide whats no spose to be and as for credit cards ect and the online use of well simple MORE FOOL YOU you only have yourselfs to blame if you get ripped off
Shit Happens then you get on with life
And people here wonder complain about the stereotype "geek" are always portrayed as socially inept to point of almost being sick. Unfortunately, that part of the stereotype fits this blogger perfectly.
What would you think if you encounter these incidents:-
I guess it will be a BIG revelation to the author of TFA when (if?) he realize that a LOT of things in our life is not secured by technical means, but rather social norms. Girls don't wear steel skirts to avoid people lifting it, social norms dictate that people don't do it (although some would still do it). Girls don't always wear pants to keep people from peeking underskirt, and most people don't. People talking on mobile phone don't carry white noise devices to block people eavesdropping, and yet most of the time nobody will eavesdropping on your phone conversations.
Similarly, people using public networks except human decency to prevent those with technical means to eavesdropping or hijack their Facebook traffic (their banking traffic, however, is another story). I guess having human decency is too much to expect from this blogger.
Congratulations on showing your technical powers to the ignorant masses, those people will go on their lives knowing they just encountered a stupid jerk that is not worth the time to respond to.
P.S. I write programs for a living and I am ashamed to be working in the same field as that blogger. I hope more people would understand not all programmers are sick like that.
Forced SSL doesn't even work for Google, Twitter, and Facebook and probably most other sites even if they support SSL. That's because the javascript on those pages will opt to transmit authentication cookies in the clear. http://www.digitalsociety.org/2010/10/even-forced-ssl-is-broken-for-facebook-google-twitter/
it is necessary for the convenience of one click shopping
Small time scammers work for small time profits all the time.
So what value exactly would a small time crook get out of hacking random facebook accounts? The likelihood of him finding monetizable information in a random account would be quite low.
Really, unless deployed large-scale, this is mostly useful for mischief rather than rip-off.
Nobody is forcing you to help them again and again.
If you don't know how to say "NO", then that's your problem.
So what value exactly would a small time crook get out of hacking random facebook accounts? The likelihood of him finding monetizable information in a random account would be quite low.
(A) Major failure of imagination.
Apologies for having to reach out to you like this,this had to come in a hurry .my bags, cash , .I just don't have enough money to get back home,I can't ,would appreciate whatever you can put in.) Promise to refund you as soon .please let me know if this is okay with you so i can forward the
due to the urgency of the situation.
Presently,I'm stuck in England and need help getting home.I made a trip this
past weekend to London, UK and unfortunately, I was robbed
cards and cell phones were taken at gunpoint. It was a terrible
experience.right now i need help getting back home , i've been to the embassy
and the Police here but they're not helping issues at all,the good thing is I
still have my passport
have access to funds without my credit card, I've made contact with my bank but
they need more time to come up with a new one. I was wondering if you could help
with a quick loan that I can give back as soon as I get in.All i really need is
$1,250
as i get back home in a couple of days. you can have it wired to me via Western
Union
necessary wiring details.
waiting to hear from you
Bob
When information is power, privacy is freedom.
"would users really rather leave their accounts open to intruders rather than stay off Facebook at Starbucks?" That does not mean anything in the english language. That attempt at communication made my brain bleed.
That doesn't solve it unless every user has unique credentials. Anyone with the pre-shared key can snoop.
Apparently you are not following your own advice.
I question the intelligence of those who do not take appropriate steps to safeguard their personal information. I have *NO* doubts, however, about the intelligence of someone who would commit almost 50 violations of the Electronic Communications Privacy Act (each one of those violations a felony) and then blog about it.
Laws affecting technology will always be bad until enough techies become lawyers.
Don't forget to add the VPN provider (and all of its employees) to your threat model.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
It seems to me that there is a reasonable expectation of privacy by someone using a free WAP. (Judges will decide this and I'm guessing they will agree that just because because something can be done easily that does not make it legal.)
The author is an a#$%^%$ who's smugness is at a ridiculous level. He could have done this for the last several years but obviously he isn't smart enough to do it...he had to wait until someone gave him a point and click interface. Hey author, did you realize you could also listen in on every person cell calls if you wanted too? Probably not, that takes skill to program and build a device to do it, but for a smart person it isn't that hard. Do you know why those smart people don't do it? Because it is illegal!
It blows my mind the state of things now...I saw on the local news a guy war driving, compromising a persons security, and then seeing what website they were looking at the time. Then the news crew knocked on the door and told him "hey it was really easy for us to take your info". This is a national news show breaking the law for a story? Did no one catch that? What if they did a story about "look how easy it is to walk up to your house and put a little camera on your window and record for three weeks". Wouldn't you be surprised when they came and told you all about how unsecure you are,
I just don't understand the disconnect...you should understand when you are doing wrong. Guys like this apparently don't, and then they have the gall to blog about it? Really? You're going to publish your stupidity to the world like that? Ethics and legal training figures heavily into all of the certifications and training that I have...obviously you don't know sh#$, you are less than a script kiddie.
It is really annoying that security attention whores keep sending out things like this claiming that they are trying to help people. Really, this is old news...it wasn't much of a problem until you gave everyone the capability to do it easily, before you it actually to skill. I guess I'll build a little thing that will let you record your neighbors cell conversations and then give it away to everybody! I'm totally helping the cause! I'll also throw in a camera that you can hide in your local gyms shower so you can also help them...
(B) Major overengineering.
Scene: SFO or JFK airports, after having read the relevant PRNewswire preannouncements about where various companies are presenting at the XYZ {Growth|Technology|Biotech|Otherbuzzwordcompliant} Conference at any given day:
grep deal firesheeplogs/*
somedumbdotcomCEO: life is great!
someoneelse: heyo somedumbdotcomCEO congrats boss!
anotherdotcomCEO: drowning sorrows in beer
anothernobody: damn anotherdotcomCEO that sux they didnt like ur preso?
User calls his broker, says "Buy me 10000 shares of SomeDumbDotcom, and sell short 10000 shares of AnotherDumbDotCom."
(B) Major overengineering.
That was a cut-n-paste from a really common scam.
Things like the stereo, etc. are generally covered by the auto insurer. WIth one exception (I left my backpack full of textbooks in my car overnight and it was stolen) most of the time when someone has broken into my car it was to steal the stereo, etc.
But, yes, were I to store personal possessions in my vehicle, that would be something to take up with my homeowner's insurer