Beating the rogue access point (AP) dead horse a bit here, and spelling it out for those who don't "get it".
Badguy creates hostile "website" with Windows exploit. Badguy goes to local airport terminal or Starbucks and pretends to be a legitimate wireless hotspot using Airsnarf or similar rogue AP utility. Badguy FORCES any user who joins wireless network to browse the hostile website that has the Windows exploit. User gets owned. Lather, rinse, repeat.
You can do this to your neighbor, too, if they have an open access point. FYI.
The point is that it does NOT require coincidental surfing of hostile websites to gather and exploit targets with a Windows 0-day these days. The rich and elite road warriors carrying all their financial and corporate data with them are prime targets. Attackers with rogue AP setups can make easy money from hotspot users by FORCING them to browse a hostile "website" with a rogue AP "splash page".
Particularly vulnerable, are hotspot users that have the Windows operating system installed and use IE as their default browser.
Maybe we just don't pay news organizations enough to pimp our shit and get some Slashdottin'? Shame on us.
We're obviously slacking, but the world better wake the fuck up. Slashdot, too. And maybe university professors with eureka-look-what-hackers-have-been-doing-forEVER moments.
No, you just run void11 to bounce everyone off the network, encrypted or not, and as they reassociate, you will see the SSID for that network with Kismet. No waiting needed.
Sincerely,
Beetle
The Shmoo Group
Really? You've obviously never seen a demonstration of a rogue AP w/ portal just for snarfing your usernames and passwords. It can be done from a Zaurus, even.
Slashdot Mirror
Beating the rogue access point (AP) dead horse a bit here, and spelling it out for those who don't "get it".
Badguy creates hostile "website" with Windows exploit. Badguy goes to local airport terminal or Starbucks and pretends to be a legitimate wireless hotspot using Airsnarf or similar rogue AP utility. Badguy FORCES any user who joins wireless network to browse the hostile website that has the Windows exploit. User gets owned. Lather, rinse, repeat.
You can do this to your neighbor, too, if they have an open access point. FYI.
The point is that it does NOT require coincidental surfing of hostile websites to gather and exploit targets with a Windows 0-day these days. The rich and elite road warriors carrying all their financial and corporate data with them are prime targets. Attackers with rogue AP setups can make easy money from hotspot users by FORCING them to browse a hostile "website" with a rogue AP "splash page".
Particularly vulnerable, are hotspot users that have the Windows operating system installed and use IE as their default browser.
Sincerely,
Beetle
Could've sworn I publicly demo'd how to steal T-mobile, PayPal, E-Trade, you name it passwords from users with rogue APs ummm... almost 2 YEARS AGO.
http://airsnarf.shmoo.com
Maybe we just don't pay news organizations enough to pimp our shit and get some Slashdottin'? Shame on us.
We're obviously slacking, but the world better wake the fuck up. Slashdot, too. And maybe university professors with eureka-look-what-hackers-have-been-doing-forEVER moments.
FYI, we're hosting a hacker conference in D.C. in a couple weeks--just in case you want to get a head start on the news items that Slashdot will pick up on 2 years from now.
Sincerely,
Beetle
The Shmoo Group
No, you just run void11 to bounce everyone off the network, encrypted or not, and as they reassociate, you will see the SSID for that network with Kismet. No waiting needed. Sincerely, Beetle The Shmoo Group
Really? You've obviously never seen a demonstration of a rogue AP w/ portal just for snarfing your usernames and passwords. It can be done from a Zaurus, even.
You and Starbucks are pwned.
http://airsnarf.shmoo.com
Have a nice network.
Sincerely,
Beetle
The Shmoo Group