Which is better?

mmm

The only reason Ethernet is "Safer" than Wireless is because to tap into an ethernet connection you need physical access to the network.

Although.. .there are easy ways to hack wifi...
for example:

Jasager | Karma on the Fon - Home

With a simple fonera router plus a modified firmware you can fool wireless clients and retrieve all sort of password...

Either way, as someone said you should not do anything important on wireless networks... That would be just dumb :)
 
Highlander, I have nothing against you. Even though you may have made it next to impossible, the worst can happen is having false sense of security. You may never know there is one day that somebody bound to find a bug accidently which opens the security holes, they said bingo! lets hack because no one know about this yet. It have happened everyday (Not just wireless, I mean in general technology areas), does not matter if it is wireless or not. Bug can be anywhere and we may never know until its too late.

What is important is NOT to have false sense of security, this kind of sense is very dangerous.
 
Exactly, point is, you can make it 99.9999% secured, there is always flaw there that we are unaware of.


ddd said:
The only reason Ethernet is "Safer" than Wireless is because to tap into an ethernet connection you need physical access to the network.

Although.. .there are easy ways to hack wifi...
for example:

Jasager | Karma on the Fon - Home

With a simple fonera router plus a modified firmware you can fool wireless clients and retrieve all sort of password...

Either way, as someone said you should not do anything important on wireless networks... That would be just dumb :)
Click to expand...
 
mmm

what i posted ( the fonera hack) succeeds even if u have timeout on the keys.

This hack is basically:

Client tries to connect to known AP SSID "MyCompany"

Fonera router sees this and says "YES this is My Company" (Basically says yes to any pc looking for ANY ssid"

then connection follows as usual.
traffic is tunneled through fonera to internet. So user sees no difference from being connected to their REAL network (unless they try to access something that was supposed to be on the same network, say .. a printer)

u can then mirror the traffic onto a vpn which u can connect to wirelessly and basically steal everything...

even if u go to ssl websites there are ways to fake ssl certificates and most people dont even pay attention to the erro rmsg and just add exceptions to their browsers.

so timeout keys yes do help securing a wireless network , but does not prevent this sort of attack.
 
Yup, excellent explaination, and yeah mirrored is good term,

Most true hackers will never reveal their real identity, even with MAC ID, and other vital information, That is why it is rather difficult to catch crooks.

That is why it is very important not to have false sense of security, just be viligant. I am here not saying you can not have wireless, nor that I am against wireless.


ddd said:
what i posted ( the fonera hack) succeeds even if u have timeout on the keys.

This hack is basically:

Client tries to connect to known AP SSID "MyCompany"

Fonera router sees this and says "YES this is My Company" (Basically says yes to any pc looking for ANY ssid"

then connection follows as usual.
traffic is tunneled through fonera to internet. So user sees no difference from being connected to their REAL network (unless they try to access something that was supposed to be on the same network, say .. a printer)

u can then mirror the traffic onto a vpn which u can connect to wirelessly and basically steal everything...

even if u go to ssl websites there are ways to fake ssl certificates and most people dont even pay attention to the erro rmsg and just add exceptions to their browsers.

so timeout keys yes do help securing a wireless network , but does not prevent this sort of attack.
Click to expand...
 
Jiro said:
how does network knows who to lock'em out? his MAC Address? One can easily reproduce fake MAC Address
Click to expand...

No create the new IP address allow for new user for DHCP and static IP won't work. Timeout key is not just for MAC address. I believe so.
 
The Highlander said:
No create the new IP address allow for new user for DHCP and static IP won't work. Timeout key is not just for MAC address. I believe so.
Click to expand...

right but let's say I'm trying to hack into your router that has key time-out feature. I typed in password repeatedly and then I got locked out. How does your router know which one (hacker and new users) to lock out? What does your router uses to discern the different users?
 
Jiro said:
right but let's say I'm trying to hack into your router that has key time-out feature. I typed in password repeatedly and then I got locked out. How does your router know which one (hacker and new users) to lock out? What does your router uses to discern the different users?
Click to expand...

Good question. If I turned my macbook off then rejoin the wireless won't work anymore so you had to reset the router.
 
Jiro said:
right but let's say I'm trying to hack into your router that has key time-out feature. I typed in password repeatedly and then I got locked out. How does your router know which one (hacker and new users) to lock out? What does your router uses to discern the different users?
Click to expand...

Mac ID ?
 
The Highlander said:
Good question. If I turned my macbook off then rejoin the wireless won't work anymore so you had to reset the router.
Click to expand...

then it's an EPIC FAIL! That security setting is impractical, clumsy, and problematic. Do you want to reset your router every single time?

Key Time-Out = EPIC FAIL! but having a tag that displays a reproducible, synchronized password is nice.
 
Jiro said:
then it's an EPIC FAIL! That security setting is impractical, clumsy, and problematic. Do you want to reset your router every single time?

Key Time-Out = EPIC FAIL! but having a tag that displays a reproducible, synchronized password is nice.
Click to expand...

If something happen then I will call FBI for hunt the hacker down if keep attack me again and again. Thank god never happen to me since!

:laugh2:
 
There no perfect security but you can always try to protect yourself better online with the best security measure.

Key timeout or lockout after number of password tries is one method you can use and it a good one too but it only good for home use because the router need to be locally accessable or hardwired into a PC to be able to access it to reset the timeout or lockout.
Something like this on public routers would be a pain since anyone can just go purposely lock you out of you router forcing you to go reset the router.

As for accessing banking or stuffs online on public wifi, VPN is a nice security feature to have to access but you need to have some knowledge to set VPN up and tunnel it to your internet which take lots of effort for those who are not skill in networking.
However if you know your banking or website you want to access with secure is using a genius SSL cerficate then you should be fine on public open wifi and if the hacker is sniffing your packets all they will see is encryted packets which would take years and years to crack so you can pretty much be sure that your information is safe unless the hacker got lucky because you use a password that is a common word.

You also should use SSL in your email program too and almost all email server offer SSL so you have to find out what port it is on and set up your email client to use SSL instead of regular POP or IMAP that way your emails you send and recieved are encryted between your computer and the email server.

Remember SSL does not block hacker from seeing your traffic but it encrypt the packets coming and going from your Computer to the Server in wifi or hardwire and provide a better security measure than without SSL and also it is easier to use genius SSL cerf than to set up VPN or other methods of encrypting your data.

As for regular websites without SSL, I don't care if hackers know I go visit CNN or MSN or whatever forums etc or if they managed to grab my alldeaf username or password or read what I am writing on forums etc .. I can always email support and explain then I would be able to recover it because there nothing personal on those things that I need to worry about having it encrypted etc.


.
 
Back
Top