On Wed, Oct 27, 2010 at 6:50 PM, Paul Nijjar <span dir="ltr"><<a href="mailto:paul_nijjar@yahoo.ca">paul_nijjar@yahoo.ca</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Tue, Oct 26, 2010 at 07:02:52PM -0400, Lori Paniak wrote:<br>
><br>
> Good question. Since I'm not an expert either, I did a quick look on<br>
> the interwebs. The conclusion is that if you know the passphrase and you<br>
> capture the initial handshake of a WPA session, then you have access to<br>
> the entire communication stream. In a coffee-shop setting, I believe<br>
> these conditions would be easy to fulfill.<br>
<br>
</div>My quick looks on the interwebs are not revealing much. Give me a URL?<br>
<br>
The Firesheep author has a blog post that outlines what doesn't work.<br>
Enabling WPA2 is on that list:<br>
<br>
<a href="http://codebutler.com/firesheep-a-day-later" target="_blank">http://codebutler.com/firesheep-a-day-later</a><br>
<br>
Here is an excerpt:<br>
<br>
> A password-protected (WPA2) wireless network or even a wired network<br>
> just requires that attackers perform one more step to carry out this<br>
> attack. This might be ARP poisoning or DNS spoofing, neither of<br>
> which are difficult to carry out. Go and download Cain & Abel and<br>
> try it out on your network, it’s not that much harder than using<br>
> Firesheep, and it’s been around for nearly a decade. There are other<br>
> tools that’ve been around longer.<br>
<br>
(I can't wait until somebody writes a Firefox extension that automates<br>
Cain and Abel.)<br>
<br>
<br>
I could be making some pretty bitter comments over this situation, but<br>
I will refrain. Suffice to say that I am quite frustrated and angry<br>
over this.<br></blockquote></div><br>On VPNs he says:<br><br><blockquote style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote"><h4>Use a VPN/SSH Tunnel (Without known risks)</h4>
<p>While we metnioned that VPNs and SSH tunnels can be helpful just
above this, we want to emphasize that it’s just pushing the problem to
that VPN or SSH endpoint. Your traffic will then leave that server just
as it would when it was leaving your laptop, so anyone running Firesheep
or other tools could access your data in the same way.<br></p></blockquote><div>True, in theory. <br><br>In practice these are wired connection at the other end, and Firesheep is not<br>useful there. Even with a physical connection, switches do not allow one port to see traffic to others anymore like in the old day hubs.<br>
</div><blockquote style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote"><p>These are
solutions that require at least some understanding of networking and
risks at hand. A blind suggestion of “Use a VPN” doesn’t really solve
the problem and may just provide a false sense of security.</p></blockquote><div><br>The issue is your end in the case of Firesheep.<br><br>The "other end" has always been an unknown quantity, and so far, and acceptable risk.<br>
<br>Until we have end to end encryption on ALL connections, there is no other solution.<br></div><blockquote style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;" class="gmail_quote">
<p>Another problem with VPNs is that they don’t work all the time.
Sometimes they just disconnect, and your traffic is all routed over your
normal interface without any notice. The built in VPN clients on OSX,
the iPhone, and iPad are particularly bad at this.</p></blockquote>
That is indeed a problem. Is this Apple specific (so far)?<br>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.<br>
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>