Risk of use with College WiFi

Cork24

just wondering how many people that have access to College wiFi use facebook,

I know when your in the College wiFi your all in the Same network so with the new Add for FireFox Called FireSheep people using Facebook with College Access is in high Risk of their account being taken over, this goes for Amazon MSN Live etc etc anything that does not use HTTPS://
Facebook when you first login it uses https:// but once inside your wall its now http://

anyone try this thing out?

kk887

well there arent have much protection in the cit wifi network...heard that there have a student's email/facebook/other web pages that he login by using the wifi got hacked and the hacker changed all his password...but no comfirm is this news true or not.

Ghost Estate

yea they can hack you if you are not using https even without a firefox addon. i wouldn't use that wifi, everything is logged and recorded by the college

Cork24

I know they can hack into your accounts with or without this firefox addon. but the fact that the addon is on the net its making it more of a 2sec job, i remember the days when you had to do a **** load of code lines On Linux or even buy a wireless usb card that could handle kismac.. now you have wireshark the new Version of Kismac that allows you to use Airport. you can download a version of Linux with every Tool you need to hack computers,Wifi's etc.

No the College can not Log any of your details as in Passwords. that would be agaisnt the law by using KeyStores. they can only log in what sites you have used.

it is safe to use gmail on wifi as its [url]Https://,[/url] the hacker can still see what site your in but all he is getting is "DFFA324930u523595" etc.

Ghost Estate

Cork24 wrote: »

I
No the College can not Log any of your details as in Passwords. that would be agaisnt the law by using KeyStores. they can only log in what sites you have used.

surely they have a rule somewhere that says 'by using wifi you agree .... let us log all traffic'

wouldnt trust 'em as far as i could throw em'. thing is if you made a bit of a fool out of yourself on christmas day they could have an oul poke through your wifi usage history to help their case

Webmonkey

I believe it's quite safe. I think they use Cisco wireless routers which provide extra protection using LEAP. So every time you log on, you're computer is assigned a unique WEP key to you behind the scenes so all traffic is encrypted using this. This times out however, and that is why you end up seeing the log in page again.

I also ran wireshark on the Student wireless network before out of curiosity. All you can see is your own data (using your WEP), and encrypted data in the air using other people's personal WEP keys.

I could be wrong but I believe it is the case that they hand out WEP keys on a per user basis.

As for the post about a user's Facebook, email account passwords getting changed. This more than likely happened from a brute force / dictionary hack on their account rather than sniffing. If they managed to decrypt SSL via sniffing, then they would be famous and rich and probably in jail soon after.

Vinta81

Webmonkey wrote: »

I believe it's quite safe. I think they use Cisco wireless routers which provide extra protection using LEAP. So every time you log on, you're computer is assigned a unique WEP key to you behind the scenes so all traffic is encrypted using this. This times out however, and that is why you end up seeing the log in page again.

I also ran wireshark on the Student wireless network before out of curiosity. All you can see is your own data (using your WEP), and encrypted data in the air using other people's personal WEP keys.

I could be wrong but I believe it is the case that they hand out WEP keys on a per user basis.

As for the post about a user's Facebook, email account passwords getting changed. This more than likely happened from a brute force / dictionary hack on their account rather than sniffing. If they managed to decrypt SSL via sniffing, then they would be famous and rich and probably in jail soon after.

A lot of that read like mumbo jumbo to me kid :pac:

Wireshark...bleh using that in a Networking lab grrr :mad::mad:

Cork24

facebook is not using SSL i dont think.

Ghost Estate

Vinta81 wrote: »

A lot of that read like mumbo jumbo to me kid :pac:

Wireshark...bleh using that in a Networking lab grrr :mad::mad:

what ya talking about? wireshark is brilliant

or do you prefer tcpdump?

Webmonkey

Vinta81 wrote: »

A lot of that read like mumbo jumbo to me kid :pac:

Wireshark...bleh using that in a Networking lab grrr :mad::mad:

Haha :pac: - how's college going?

Cork24 wrote: »

facebook is not using SSL i dont think.

It does for the sign in and that's it. That's all that's required. It's similar on most other sites. There is a lot of overhead in SSL and really the only main part for the likes of facebook is to protect you during the login stage. Everything else is pretty safe to share once you have the cookie for authentication.

Cork24

*snip*

Webmonkey

I'm sorry but I had to remove the content of your post as it was to specific with techniques and tools for hacking.

If you are interested in it, there is a security masters (and a security module in 4th year) that does go into such things.

As for these programs, I think anyone can use these as someone else has gone to the trouble of exploiting buffer over runs in vulnerabilities etc. I wouldn't call myself a hacker by using these programs

Vinta81

Ghost Estate wrote: »

what ya talking about? wireshark is brilliant

or do you prefer tcpdump?

Nothing wrong with it...I just don't get the VMWare we're doing and WireShark just reminded me of the lab lol. The module we do it for isn't really explained all that well to us

Web - Good but tough! Feel like I've a million and one things to do at the moment after Halloween tomorrow I'm becoming an utter hermit. really need to crack down on the study

C#Sharp is grand. Great lecturer for it albeit boring

The Networking lab I have is - Exam on Monday for it and none of us have an utter notion about it!

Cork24

your doing Routing?

VMWARE its the Best Tool Since the Hammer>>

think of it this way. Your Sitting Down at Home in your computer room with 2 Computers running at once..

Now Hook those Two Computers with to a KVM Switch which allows 1 Screen 1 Keyboard 1Mouse to run the two by flicking over the switch you can jump from one PC to the Other. you have the whole idea of what VMWare is. its 2 PC Towers in one Computer, Giving you the Freedom of Running Mac OSx while Running WinXP on the same Computer.

did you every install a Linux onto your computer where you need to partition your hard drive? and to jump from one to the other you needed to Restart your computer ? well with VMWARE you can do just that with out Restarting.

With your Networking modules if you are finding it to hard or two much in it for one to hold onto, try CBT Nuggets ICND 1 & ICND 2 also TrainSignal CCNA. they do cost abit of Money. But this is the Digital age so you know where to go..

if your doing Wireless and cant understand the Logic of VLANs its Simple..... if i had 1 Router how many different Networks can i have on it only 2. but with a Switch it can have 24 different VLANS on it. What do Vlans do? Vlans are Virtual Local Area Networks.

Ok, Think of it this way. At home i have 3 Macs.. and 1 PC and a VOIP phone. if i wanted to i could buy a Switch place it in my Room. have the 3 Macs on Vlan 20. and the PC on Vlan 50. and any Guest Computer on VLAN 10. this will allow my Macs to ping one another but since the PC is on VLAN 20 it will not be able to Ping that. why we but guest on a different Vlan is so they cant go sniffing the network.

But the Great thing about Layer 3 Switches.. It not only a Switch but also it has Routing power as well. So that way if i need files from the 1 of the Macs but on my PC i can send a request to the Switch which will allow me to access the file on the Mac.

for 3 Vlans on 1 Switch i would need 2 Routers, and running Rip. which power etc would cost more so Switching is more Greener and cost less

Vinta81

^ Christ I'm fcuked for my exam

but cheers for explaining!

kk887

man, i need someone to help me with the lan switching...

Snap2010

Hmm...our apartment uses CIT Internet access and we're always on Facebook. That ain't good so

String

I wish I could even use the wifi in college. When it first came out you needed to submit a mac address to access it. Now anybody can use it on any device so everyone's phones and laptops are automatically connecting to it and it cant handle the demand. Very frustrating having to log onto a PC which takes 10 minutes to create a profile and then another 10 minutes to open a browser to use the internet.

Cork24

You still have to sumit MAC address so dont know where your getting that from. Maybe your MAC address is black listed. Sure if so get into one of your mates and take down his MAC address and change your one to his simple to do

String

Cork24 wrote: »

You still have to sumit MAC address so dont know where your getting that from. Maybe your MAC address is black listed. Sure if so get into one of your mates and take down his MAC address and change your one to his simple to do

Nope I dont have to at all and wifi does work, just not often

Cork24

Well then you submit your MAC last year then you dont do it every year as i had to hook up my desire to the cot network. and sumit its MAC and tar was last week so u still need to have your MAC on cit network their not fools

rom

Here i did a blog entry on this recently if you are interested on how to use facebook securely http://www.rearwindowtotheweb.com/?p=46

The Ayatolla

The Wifi in CIT is poor in comparison to UCC's IMO.

The whole login thing and constant disconnection at random times can be a pain.