On the first day of Bar Camp, Jacob “Jake” Appelbaum (aka ioerror) did a brief talk on Wifi/IP network hacking. Essentially he demonstrated how easy it is for someone who knows about networking APIs and protocols to develop a sniffer that will dump packets going around the network.
Most specifically, he showed a bunch of unencrypted username/passwords: POP3 email access, Web 2.0 application like Flickr,… Jake’s point in doing this was to raise our awareness on how dumb we are to connect to an open network without using a VPN tunnel that encrypts all data, and accesses Internet services from a secure area. And I can tell you that whoever got his Flickr or email username/password read out loud to the audience became instantly aware of the issue.
So as a minimum: make sure that your email provider allows you to to retrieve your email via a secured connection (like Gmail does), don’t access your bank accounts from open networks (and no, the fact that https is used might not be enough) and if you can, get a VPN connection.
Mine is configured, and ready for the next conference.
Update: It sounds like Google is readying a Wifi VPN software tool alongside a Google Wifi service. Om has more.
Tags: Bar Camp
I'm not so sure I'm a famous hacker. I'm nobody special saying nothing important. ;-)
Posted by: Jacob Appelbaum | September 08, 2005 at 12:53 PM