Kees Cook was surprised at the ability to find out passwords and data travelling over the wifi network at OSCON:
I feel like I?m beating a dead horse, but I?m appalled at how many people continue to not use encryption. I spent some time yesterday going through my 4.1G of packet capture logs. Generally, I scanned POP, SMTP, IRC, and HTTP traffic. I should probably find better tools than just ethereal, but after finding 45 different POP accounts that were authenticating in the clear, I stopped counting. That put me half way through Thursday, so that?s only a day and a half of OSCON wireless traffic. No one seems to protect their nick on FreeNode, so at least no one?s nick password was sent in the clear. One person logged into Flickr in the clear. One of the accounts was for the speaker I was listening to at one point. I recognized the POP account because it was up on his slides.oscon 2005 wireless sniffing
Before going to the conference, I secured my email connections using SSHKeychain and even donated a little bit to the project during the conference. I like SSH Tunnel Manager's interface better (not only that, but there are some good, if verbose, tutorials at Stopdesign and non literal) but couldn't get it to work with Mac OS X Tiger. I'd be a little more surprised if anybody was logging into things at a conference like, say, DEF CON, but still, almost 4 dozen open source aficionados not securing their connections is about 3 dozen more than expected. Kees has some tips for securing connections while in an environment where those that might sniff wifi data are present, though they may still be too much for most non-technical users conducting transactions over the Internet. | Kees Cook was surprised at the ability to find out passwords and data travelling over the wifi network at OSCON:
I feel like I?m beating a dead horse, but I?m appalled at how many people continue to not use encryption. I spent some time yesterday going through my 4.1G of packet capture logs. Generally, I scanned POP, SMTP, IRC, and HTTP traffic. I should probably find better tools than just ethereal, but after finding 45 different POP accounts that were authenticating in the clear, I stopped counting. That put me half way through Thursday, so that?s only a day and a half of OSCON wireless traffic. No one seems to protect their nick on FreeNode, so at least no one?s nick password was sent in the clear. One person logged into Flickr in the clear. One of the accounts was for the speaker I was listening to at one point. I recognized the POP account because it was up on his slides.oscon 2005 wireless sniffing
Before going to the conference, I secured my email connections using SSHKeychain and even donated a little bit to the project during the conference. I like SSH Tunnel Manager's interface better (not only that, but there are some good, if verbose, tutorials at Stopdesign and non literal) but couldn't get it to work with Mac OS X Tiger. I'd be a little more surprised if anybody was logging into things at a conference like, say, DEF CON, but still, almost 4 dozen open source aficionados not securing their connections is about 3 dozen more than expected. Kees has some tips for securing connections while in an environment where those that might sniff wifi data are present, though they may still be too much for most non-technical users conducting transactions over the Internet.