Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Quick hypothetical scenario.

If I were to open a free wifi network and let anybody use it, say call it: "Free Internet!" and many people used it.

Could I intercept those users personal information suck as Facebook usernames, passwords, emails, etc?

How deep would me penetration go? Or will I only be able to intercept packets?

I always tell my wife to not use online banking etc when she visits a cafe with free internet, but it's just a hunch - not based on my actual knowledge on the matter. That's why I'm asking. Thanks!



> Could I intercept those users personal information suck as Facebook usernames, passwords, emails, etc?

Yes. You'd have to do a bit of work, since the info would be encrypted, but by being in-path you would get all the info you need to decrypt the messages.

> I always tell my wife to not use online banking etc when she visits a cafe with free internet, but it's just a hunch - not based on my actual knowledge on the matter. That's why I'm asking. Thanks!

Unless she does her web browsing over a secured vpn, then there's a chance that information could be seen by someone.


Not necessarily. Facebook now uses SSL for login and I'm assuming any sane Online banking service does the same.

On the other hand there things to watch out for like SSL strip.

http://www.thoughtcrime.org/software/sslstrip/

So make sure that you are actually using the HTTPS version of any site.

If you are using standard HTTP (or another unencrypted protocol) then you can assume that the network owner can intercept everything you are doing.


Well, if you own the AP you're going to have quite a bit of visibility, but that might not even be necessary...

Firesheep: Easy HTTP session hijacking from within Firefox

http://news.ycombinator.com/item?id=1827928

http://en.wikipedia.org/wiki/Firesheep




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: