# Public WiFi Not safe.



## AphexDreamer (Oct 25, 2010)

Your information just got much easier to steal. 

"Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is."

Source


----------



## Fourstaff (Oct 25, 2010)

This, my friend, is the reason why I only use the public wifi for news and such.


----------



## Mussels (Oct 25, 2010)

how interesting.


i may use this at work and have some fun


----------



## MikeTyson (Oct 25, 2010)

Does this work on private WiFi networks as well? Say if someone had your network key, could they do the same thing?


----------



## Mussels (Oct 25, 2010)

MikeTyson said:


> Does this work on private WiFi networks as well? Say if someone had your network key, could they do the same thing?



no, cause its encyrpted then. it only works if the wifi is unsecured.


----------



## MikeTyson (Oct 25, 2010)

Mussels said:


> no, cause its encyrpted then. it only works if the wifi is unsecured.



Ah shit, I was hoping to have some fun


----------



## PhysXerror (Oct 25, 2010)

Hmm, Very interesting


----------



## Mussels (Oct 25, 2010)

MikeTyson said:


> Ah shit, I was hoping to have some fun



my work wifi is unencrypted, and we have a few slackers who use their iphones for facebook... fun will be had


----------



## Easy Rhino (Oct 25, 2010)

hrm. interesting. don't banks and other transaction sites encrypt everything? so it wouldn't be much use unless you have a facebook fetish.


----------



## [Ion] (Oct 25, 2010)

This could be interesting....school wifi is unencrypted


----------



## Wrigleyvillain (Oct 25, 2010)

In other news, water is wet.


----------



## MT Alex (Oct 25, 2010)

This also just in, Facebook is for dorks


----------



## streetfighter 2 (Oct 25, 2010)

Wrigleyvillain said:


> In other news, water is wet.


This.



MT Alex said:


> This also just in, Facebook is for dorks


This.

/Thread


----------



## BrooksyX (Oct 25, 2010)

MT Alex said:


> This also just in, Facebook is for dorks



Dang, must be a lot of dorks in the world


----------



## human_error (Oct 25, 2010)

Time to find me some coffee bars. The number of people going there for the "free, open, public wifi" is a goldmine for demonstrating this. 

Maybe if i take a projector with me and have a massive screen of me logged in as them as they leave to educate them in personal security. Or maybe I'll just post "I'm an idiot and don't understand the risks of public wifi" on their walls.


----------



## Wrigleyvillain (Oct 25, 2010)

BrooksyX said:


> Dang, must be a lot of dorks in the world



Sad, but true.


----------



## Breathless (Oct 25, 2010)

Wrigleyvillain said:


> Sad, but true.



Metallica tribute


----------



## Ripper3 (Oct 25, 2010)

This might work on encrypted networks, with pre-shared key or with login, as they're not much more secure than WEP, truth be told.
You could use Wireshark, and have a field day capturing every bit transmitted. Wireshark will work on encrypted networks just fine, as I have witnessed someone doing once before, capturing transmissions over a WPA2 network that used user logins rather than PSK, which is standard affair for companies and schools.


----------



## PVTCaboose1337 (Oct 26, 2010)

I have been using Cain and Able for years to get websites people visit, passwords, you name it.  Even over a WPA2 network with PSK, you can get the websites they visit.  No problem!


----------



## guitarfreaknation (Oct 26, 2010)

Mussels said:


> my work wifi is unencrypted, and we have a few slackers who use their iphones for facebook... fun will be had



I don't think AphexDreamer meant to encourage such behavior


----------



## jasper1605 (Oct 26, 2010)

thus the reason why I turn off the wi-fi on my router


----------



## AphexDreamer (Oct 26, 2010)

guitarfreaknation said:


> I don't think AphexDreamer meant to encourage such behavior



Not at all.


----------



## scaminatrix (Oct 26, 2010)

Not a very nice thing to promote...
Oh well, I'll give it a try anyway lol


----------



## Mussels (Oct 26, 2010)

this program/plugin doesnt let you steal the passwords, it just lets you log in as them so long as they are logged in on the same wifi as you.


you cant use it to do any serious damage.


----------



## AphexDreamer (Oct 26, 2010)

Mussels said:


> this program/plugin doesnt let you steal the passwords, it just lets you log in as them so long as they are logged in on the same wifi as you.
> 
> 
> you cant use it to do any serious damage.



Serious nah... But complete control over facebook, the POWER!!!! 

Also under preference its got a pretty decent list of sites you can steal logins as. 

Amazon
Live 
Yahoo
Dropbox

If someone isn't careful you can have full access to their email and Amazon!

And with dropbox, their files too!


----------



## Easy Rhino (Oct 26, 2010)

AphexDreamer said:


> Serious nah... But complete control over facebook, the POWER!!!!



now i will finally have 500 million friends!11!!11


----------



## PVTCaboose1337 (Oct 26, 2010)

Mussels said:


> this program/plugin doesnt let you steal the passwords, it just lets you log in as them so long as they are logged in on the same wifi as you.
> 
> 
> you cant use it to do any serious damage.



This exploit has been around for a long time. You just had to do it manually.  Pretty much you do this:

-Get a valid account on the site your victim is on
-EDITED cause too descriptive:  Few simple steps with cookies and you're in
-????
-????
-Log in as them

Very simple, and can be done with almost no info about victim but account name.


----------



## jasper1605 (Oct 26, 2010)

PVTCaboose1337 said:


> This exploit has been around for a long time. You just had to do it manually.  Pretty much you do this:
> 
> -Get a valid account on the site your victim is on
> -EDITED cause too descriptive:  Few simple steps with cookies and you're in
> ...



ah but you are too late.  it has been copy pasted into my brain! 

In seriousness, it's threads like this that scare me about computers.  There are people out there that are wayyyy to smart and I do not wish to make them angry.


----------



## garyinhere (Oct 26, 2010)

jasper1605 said:


> ah but you are too late.  it has been copy pasted into my brain!
> 
> In seriousness, it's threads like this that scare me about computers.  There are people out there that are wayyyy to smart and I do not wish to make them angry.



don't worry pvtcaboose isn't that smart


----------

