Slashdot Mirror
Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk)
Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register:
With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Results will be skewed, because the Dem convention delegates will know that somebody is (probably) waiting to entrap them. The Pubs won't have had the same emphasis placed on cyber security before their convention.
And if the results are bad for the Dems, will you all publish?
Holy shit they used insecure internet! Isn't that grounds for a felony?
Slashdot: providing anti-social weirdos a soapbox, since 1997.
I didn't know. Am I supposed to be using it to find 'chicks'?
Politicians are morons! More at 11!
All web browsers should have pornhub be the default landing page, make it easy on everyone.
Because republicans are stupid! At least that's what Avast was trying to get at.
But they won't pull this same thing at the Democrat Convention. Why? Two fold:
1) No Democrat shall ever have the same standards applied to them that Republicans would have.
2) Most likely the FBI would prosecute Avast for having sensitive classified emails and information passed back and forth on their network once Hillary and co reach the convention.
55.9 per cent had an Apple device. Trump said 'Boycott all Apple products'
Clearly his followers don't agree with him on everything?
I am not sure the point. We got a thousand connections, sure they should connect to free wi-fi however...
1. So they found out what sites they went to. Now much of that data was incrypted. So the details weren't too obvious.
2. The numbers were not that crazy.
TFA said about 1000 people connected. So...
About 50 people played a popular game
7 people were using a dating app
3 people viewed porn.
Being that it is populated with many people who's main candidate married a porn star is it that surprising.
3. What does avast suppose to do about this? No matter how good the software you can't fix stupid.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Eu não estou brincando. Se Eu encontrar essa merdinha na entrevista, Eu vou desmarcar e voltar pra casa. Não quero contato com essa merda. Só na cabeça de um bando de filhas da puta como vocês é que Eu iria aceitar amizade com Brasileira.
from ever stepping foot on this homeland.
Sorry, Google Groundwork doesn't do that kind of stuff.
Surely they plan to do the same thing at the Democratic convention - does anyone doubt the results would be similar? People in general, no matter political affiliation, are prone to connect to insecure WiFi. How is that even news?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So devices automatically connected to spoofed names.. how is that 'news' or relevant to the convention? How would anyone really know if you hit a spoofed wifi like xfinity?
The only thing of note here is that everyone should be using vpn if they are using public wifi.
What is secure WiFi? When can you trust each hop? Without end to end encryption, nothing should be trusted on the network, and with end to end encryption, what matter is it if the first hop is not "secure"? So they can see what connections you are making, probably someone is doing that at your ISP anyway....
the dems don't have anti-porn and anti-LGBT line items in their party platform. It's funny seeing these numbers at their convention. I'm actually surprised how low they are. Then again somebody has been doing this every convention since at least 2000 so folks are probably wising up.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Sounds like avast broke the law.
Why is this a story?
I'm impressed, I would have put those numbers much higher.
Ken
If no, why not?
Considering the stuff coming out of the 20k emails leaked by wikileaks? There's going to be a lot of very nervous people at the DNC this week, so yep I expect that they figure someone will want to fish for information and they'll likely have signs up saying only xyz are approved hotspots or some such.
Om, nomnomnom...
1,200 people connected to free internet. How is this news? The location, type of connection, affiliation of people connecting, and the name of the network are of no concern. If I was in the area I probably would have connected to it as well. Maybe there were bad guys there secretly harvesting all of that Pokemon Go data. So what? We know it's probably not a Google network. I think we're as likely to get our traffic intercepted connecting to our own home network as we are from one of these. Avast, please do this experiment more often, preferably wherever I go.
Nah, they'll just steal all their logins CC numbers and drain their bank accounts. Then Hillary won't be able to afford to run with $0 in the kitty.
Welcome to President Trumpton. Better start digging the foundations to the wall right now. You'll need to go down a very long way. At least 100ft if the tunnels between Egypt and Gaza are anything to go by.
Gonna dwarf the F-35 budget.
Apart from "I vote Trump! free Internet" there is also a "I vote Hillary ! free Internet".
Expectedly...
"Of the people connecting to the fake candidate name Wi-Fi in Cleveland, 70 per cent connected to the Trump-related Wi-Fi, 30 per cent to the Clinton-related Wi-Fi."
The OP says that the experiment was conducted "near the Republican convention and the Cleveland airport." Unless Avast knows the names and connections to the Republican delegates or Republican convention executives, it seems far fetched to associate the data to those folks. Cleveland airport is likely to have had travelers not connected to the convention as well as folks near the convention site not connected to the convention. Then again, maybe they were all from Fox News. They've been in the news lately for certain ungentlemanly behavior.
What law prohibits setting up a wireless network?
What law prohibits inspecting the traffic traversing your own network?
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
People use free WiFi without encryption. Not only is this unremarkable, it should not be in any way remarkable. The Internet Protocol and its children, UDP and TCP, were designed from the very beginning with one overriding goal: the intelligence is at the edges. Only the nodes matter. Everything else is just transit. Whether or not Layer 2 is encrypted is irrelevant. Only Layer 6/7 encryption can be trusted.[1] It is equally as safe to use any random wifi hotspot as it is to use your cable modem at home.
Knowing what we know about NSA spying, let me repeat that: it is equally as safe to use any random wifi hotspot as it is to use your cable modem. Historically, the various protocols that were designed to run over TCP/IP and UDP[2] largely assumed that transit would be benign. That's because IMAP and POP and HTTP were designed by engineers who were unaccustomed to designing a world that's proof against flaming assholes. Those days are over.
Now that the whole world uses the Internet, engineers have to design protocols and systems that are proof against flaming assholes. It's no longer optional. Avast saw identity leakage because not all software has come to grips with the new reality. Eventually, when all the software is updated, there will be nothing to report. The grand strength of the design of the Internet will once again make itself felt: upgrade the nodes to use encryption (math is your friend) and transit is just transit, as was and ever shall be. You and I already have the ability to upgrade the nodes under our control to be proof against flaming assholes. Eventually the nodes that Jane and John Q. Public buy will come configured that way out of the box.
We just want our packets routed. The SSID will be totally irrelevant. People who already treat it as if it is aren't wrong. They just need to use a slightly smarter node. Apparently 30% of users already have one.
---
[1] Or possibly you can squeeze it all the way down to Layer 4, if you use Authentication Header and Encapsulating Security Payload. (IPSEC)
[2] Why does no one ever write UDP/IP?
Came to post this exact comment. Glad to see its already covered.
The Dem's most certainly have an anti-paid porn platform. Their empress elect is the most disgustinly sold-out politician in the last 30 years.
Then Hillary won't be able to afford to run with $0 in the kitty.
I heard she prefers a tongue in the kitty.
OMG they tricked some Republicans, the only fair thing is to trick equally as many Democrats. Hey maybe we should put some laws into place to make it more fair since you clearly feel oppressed as a Republican.
Sorry that your safe space got hacked, SJW cryhard.
0.24 percent visited pornography
I suppose that sounds more impressive the saying 3 out of over 1200 random people.
And how many of the "GOP delegates" connected to “I vote Hillary! free Internet”?
But at least the wall wouldn't suffocate the pilots.
All anti-virus software is a racket. Windows is spyware with or without it.
I have been running an open wifi for 4 years now with multiple access points covering my neighborhood corner which gets a good amount of pedestrian traffic. A typical month I'll get 225 unique visitors and about 35 unique visitors per day. Four years ago it was common for people to pop email and send passwords in the clear. Nowadays with all the new devices almost everything is end to end encrypted. I doubt Avast got anything more than device ids and dhcp names and of course all the destinations a device hit. Windows boxes however can be extremely chatty and for some reason not know they're connected to a foreign network.
It would be funny to learn the percentage of devices accessing porn. I heard Republicans consume more porn than Democrats.
A. The network was considered secure, since it was essentially hardlines between secure servers (not really since most ran through POTS stations, if not circuits, but at the time it WAS insanely secure from all but a lineman or spy.) and second: The hardware of the era IPv4 and company were produced was underpowered for encrypting application level, packet level, or physical level transmission from passive adversaries without either dedicated encryption hardware (as intelligence agencies were using at the time.) or utilizing a high relative level of memory and cpu resources in order to encrypt it via software for transmission over the line.
There is a reason DES was originally only used for 'military grade encryption', and most of the early reason was 'waste of compute resources, outside protection of classified material.)
I'd be more embarrassed that Party attendees were 20 times more likely to play Pokemon Go, than looked at porn. Men looking at porn is not unexpected.
film at 11. Seriously... fuck those guys.
The wiifi spots were outside the convention, how do we know these are delegates and not random people living or visiting the area or journalists or police or protesters, etc...
Within the meaning of 'wiretap'; gaining access to personalised data that was innocently passed by an individual. If I listen in to a phone call that's not for me, that's illegal. This is surely equivalent.
They sound like real pieces of shit.
Dating is only tiny sliver of what meetup.com. Take for example the hundreds of these politics-related meetups.
And if the results are bad for the Dems, will you all publish?
Of course, they will. Avast is a scamware company. They thrive on misinformation, fear, and publicity.
http://avastscam.com/a-track-record-of-fraud/
Avast's CEO has even blamed its affiliates for their scams, which he claims they deactivated and are no longer forwarding phone calls from their 800 numbers to, but once the bad press died down, nothing changed, and their current affiliates are still scaring grandpas and grandmas everywhere into shelling out hundreds of dollars for worthless Avast products that claim to fix problems that those people didn't even have in the first place.
The only story that everyone seems to be missing right now is the fact that a well-known scamware company was able to place wireless hotspots within the Republican National Convention, and is actually bragging about it after the fact. I ask you. How many convention goers used their credit cards from the convention floor during that time? How many people logged into their banks to wire donations? How many used those hotspots to check email from their own private insecure servers sitting in their homes? Don't tell me that Democrats are the only ones doing it. Colin Powell, for instance, admitted as such for when he was Secretary of State.
By letting Avast scam artists get into their convention, the republicans really made a huge mistake.
A Pineapple is a home made device using a small router connected to a cellular hotspot. Every computer actually broadcasts the networks it has saved in order to locate one of the networks. The Pineapple sees these probes and instantly becomes that wifi network allowing them to connect without a password. Then all traffic is passed onto the hotspot but at this point the attacker is a man in the middle and can intercept all traffic. Unless the user is using encryption such as SSL, VPN, there is quick a bit of information that can be obtained. Also any zero days could be attempted to hack their device.
Walk through any airport with a Pineapple and you will hit 1,200 people easily. The Pineapple is cooler than setting up multiple phony hotspots because it can fit in your pocket or laptop bag and you can just walk around scooping up connections to investigate.
I forget where I read it but I think I remember reading an article some years ago where someone stood up a free Wifi network named something along the lines of "get hacked" and it still had many, many users...
If it's free WiFi people will use it regardless of potential danger, the name is literally nothing.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think you'd need to make the wall go even further down, the tunnels the Clintons built to smuggle in under-age Mexican girls for Bill, and to smuggle out incriminating evidence against Hillary out of the country is probably at least 200 feet down.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The whole point of encrypted ssl connections is that when implemented correctly*, it doesn't matter if people are listening in. They won't be able to decode the traffic.
* Of course, many servers don't implement ssl correctly, and many people ignore warnings about incorrect ssl certificates, but that is a separate issue.
Back in 2005 I chose Avast as my AV because at the time it was the only product that ran on 64 bit Windows. At the time, it was solid, fast, light on resources, and just worked. Over the years I watched all of that slowly change until Avast became the spammy and fear mongering unreliable bloated mess that it is today.
I kicked that POS to the curb about four months ago and I have no regrets whatsoever. I wound up going with Kaspersky, and I haven't seen a single threat pop up on any screen telling me that I'm being spied on and my banking information might be at risk because I'm not using a fucking paid Avast proxy. Instead I have a quiet and efficient (relatively speaking, all AV products will fail in the face of a serious attack) product that just runs, all for the cost that worked out to $20/year per device.
In closing, FUCK OFF AND GO DIE SOMEWHERE AVAST YOU BLOATED WORTHLESS AD INFESTED PIECE OF SHIT
A) Twenty blind lesbians at a fish market...
Do not rely on a trusted, private network - it rarely exist anyway. It is a relic of the UNIX ways in the 80s.
["Let's ask Hillary. She is kind of an export on that subject."]
Hillary already had a detailed response in an interview:
https://youtu.be/lJjHTeo6mVw
From another angle (look at the facial reactions of the journalist on the left):
https://youtu.be/jtU5nMbEsQ4?t=18s
In slow motion:
https://youtu.be/YMHOcmDVBP0
Q) What's the very definition of confusion?
A) Twenty blind lesbians at a fish market...
How many people on Slashdot will even get that joke?
Hilarious though.
They don't need to worry about that anymore. They simply won't prosecute them, just like Hillary. So they can feel free to talk about their illegal donations and so on.
Knowing state of current GOP, Avast probably a major donor. One scammer to another.