[SGVLUG] if it possible to sniff packets if you can't get on the wi-fi network?

Doug dougvargas at sbcglobal.net
Sun Jan 12 17:49:39 PST 2014


I can't seem to find it but I read a great article explaining how websites that use http for everything except certain sections - like a login page for example - are horribly insecure, so you should watch out for those or use a plugin like HTTPS everywhere to avoid that. And if someone is on your network they can hijack your HTTPS connections in some circumstances and really just wreck all sorts of havoc so use an ssh tunnel or tor if you're worried about bad actors

Jeffrey Kutz <jdkutz_682004 at yahoo.com> wrote:

>Interesting question. I am trying to remember back to my Network Design 101, where we used wireshark on a wired network. It was my impression that all that you needed was to see the traffic and wireshark was happy. It is really good security to keep people off of your Wi-Fi by whitelisting the allowed MAC addresses but I don't see where this would stop someone from seeing any open and unencrypted traffic. I would be concerned that someone would get enough information to log onto their private website via a route other than the local Wi-Fi. I would even question just where the security of https comes into play. Is there some open traffic before the http turns into https that would allow some evil-doer to cause trouble?
>
>I will be following this thread with interest. Next year I will get taking a security class at my local tech school. You can be sure I will bring this whole story up for classroom discussion.
>
>
>
>
>On Sunday, January 12, 2014 1:32 PM, Homan Chou <homanchou at gmail.com> wrote:
>
>A lot of businesses offer free wi-fi access within their walls as a perk of being there.
>
>
>I have a friend that is a business owner that does NOT offer it because of "security" reasons.  In fact, in order to get on his wifi, he can't just give you the password, he actually has to whitelist your MAC address into his router or something like that.
>
>
>His web developer set it up this way because their custom point of sale program is just a website. And they don't use https.  So my question is, if that website login form was accessed over non-secure http is the login just send in plain text in packets?  Could someone theoretically observe that with wire-shark without even being logged in to the wi-fi network?  Or do you need to be connected to the wi-fi router in order to be able to do that?
>
>
>I think it's the former but I'm not a wire-shark expert, can someone confirm?  (Either way I will tell him he needs https).  And I want to encourage him to provide free wi-fi, and if his POS is secured over https it shouldn't make his business anymore vulnerable than he is now, is that correct?
>
>
>Homan
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20140112/f254303f/attachment.html>


More information about the SGVLUG mailing list