Re: Man in the middle worries

MaPo <MaPo.31lkm5@no-mx.wirelessforums.org> writes:

> My apartmentbuilding resently changed from wireless with WEP key to
> these guys: 'SMART ZONE - Internet for Apartment Mansion Dormitory
> µÔ´µÑé§ ÍÔ¹à·ÍÃìà¹çµ Ë;ѡ ;ÒÃì·àÁé¹µì áÁ¹ªÑè¹ ¤Í¹â´ÁÕà¹ÕÂÁ ÃéÒ¹ÍÒËÒÃ
> ÃéÒ¹¡Òá¿' (http://www.smartzoneonline.com) so no more encryption &
> security by WEP, basically nothing now i think!

Kinda hard to make out what is going on there, as even when I hit the
'en' language link, I still get (whatever that language is). I'm
skimming the page for works like 'WPA/WPA2', or 'WEP', but I don't see
any.


> Since i do online payments i really would like to know how safe this
> new situation is thinking of man in the middle attacks and so!

If it's clear text, anyone can grab your traffic out of the air that's
within range. I don't see anything on what part of the site I saw that
says they are using even simple encryption. Many networks are open. Of
the 7 or so I can see from my apartment, none are encrypted. One time
I saw a WPA access point appear, but I haven't seen it in some time
(using Kismet).

> If i turn on Airsnare i see many unfriendly MAC addresses but thats
> also because (i think) i didn't mark other people beside myself as
> "trusted"
> or "friendly" Some of the unfriendly ones have the name "router" other
> ones just an IP
> On the right/below i see things like: Possible mac spoofing detected,
> entry does not match known OUI's for some of the unfriendly addresses.

Unknown isn't necessarily 'unfriendly', just unknown, users like
yourself probably.

> What i really would like to know is about this (new)
> smartzoneonline.com wireless internet solution, if it is possible to
> fake/spoof the access to this accesspoint using smartzoneonline.com?

Not really sure what you're asking here?

> smartzoneonline.com comes without security/encryption (no lock in
> statusbar) Netstumbler also doesn't show a lock...just green color for
> accesspoint "Vplace"!
> Can that be unsafe for me / for them (smartzoneonline.com) / or both?

For you, if you send private stuff over the line (mail login/pass,
credit card info, other such stuff ).

> Does this mean data send from me to accesspoint is always plaintext?
> (hotmail login etc...)

It looks that way. Unless you know otherwise for sure, I'd say assume
it is plaintext.

> Can unfriendly mac's find out my password for hotmail, yahoo..etc...?

Anyone within range that is monitoring can get it, if you send it.


> Anything (simple) i can do to be more secure as a newbie?
> (cannot configure the accesspoint since it isn't mine)

I'd only use that one for basic web browsing and things I didn't mind
people seeing. Why not get a broadband connection into your place, set
a wireless router on there, and then connect to that? You could
control the ecryption then.

> Thanks for all help in advance...

A bit late, I know, but I just found this NG.


--
[** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.
http://www.wired.com/politics/securi...007/08/wiretap
http://www.hermes-press.com/police_state.htm