BBC Watchdog has done shown a convincing demo. of the dangers of
accessing an email accounts via WiFi.
They got someone to log into an email account using a WiFi service at
a cafe. Someone else, acting as a hacker, monitored the WiFi traffic
and managed to extract the username and password. This was enough to
connect to the session and use the email account to send a fradulent
email. The hacker could also have opened the emails to see if any had
confidential information in them. If a shopping account had been used,
credit card details could also have been extracted. Then the hacker
locked the account so that the ownber couldn't close it himself.
However the session remained alive for the hacker to use at will.
So my question is: is the Three MiFi aka mobile broadband with a
dongle (containing a '3' SIM card) as insecure?
"CJB" <chrisjbrady@gmail.com> wrote in message
news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
> BBC Watchdog has done shown a convincing demo. of the dangers of
> accessing an email accounts via WiFi.
>
> They got someone to log into an email account using a WiFi service
> at
> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic
> and managed to extract the username and password. This was enough to
> connect to the session and use the email account to send a fradulent
> email. The hacker could also have opened the emails to see if any
> had
> confidential information in them. If a shopping account had been
> used,
> credit card details could also have been extracted. Then the hacker
> locked the account so that the ownber couldn't close it himself.
> However the session remained alive for the hacker to use at will.
>
> So my question is: is the Three MiFi aka mobile broadband with a
> dongle (containing a '3' SIM card) as insecure?
>
> CJB.
You mean they missed the bit about being able to see everything which
is on your screen using simple easy to source equipment, unless it is
specially screened.
Leave it to Watchdog to grab a small piece of a much larger picture
and then try and blind their viewer with sci fi goglygook.
Just keep a look out for the black helicopters.
Putting it simply if enough time and effort is put into it your PC and
security can be breached not matter whether it is connected via the
Lan, via wifi, via mobile usb mobile dongle or using networking over
the mains. Your job, if you wish to do so, is to make it as
complicated as you can so they pass on by looking for the next easy
mark and there in lies the problem. Most don't, either because they
don't know or can't be bothered but if you want total security the
best thing for you to do is turn the dam thing off and even then your
security can be breached in countless ways.
Paranoid enough yet, remember the black helicopters, they are out
there, really...honest.
"Kráftéé" <kráftéé@b&e-cottee.me.uk> wrote in message news:1o2dnXTzs5P-kXfXnZ2dnUVZ7vGdnZ2d@bt.com...
> "CJB" <chrisjbrady@gmail.com> wrote in message news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
>> BBC Watchdog has done shown a convincing demo. of the dangers of
>> accessing an email accounts via WiFi.
>>
>> They got someone to log into an email account using a WiFi service at
>> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic
>> and managed to extract the username and password. This was enough to
>> connect to the session and use the email account to send a fradulent
>> email. The hacker could also have opened the emails to see if any had
>> confidential information in them. If a shopping account had been used,
>> credit card details could also have been extracted. Then the hacker
>> locked the account so that the ownber couldn't close it himself.
>> However the session remained alive for the hacker to use at will.
>>
>> So my question is: is the Three MiFi aka mobile broadband with a
>> dongle (containing a '3' SIM card) as insecure?
>>
>> CJB.
>
> You mean they missed the bit about being able to see everything which is on your screen using simple easy to source equipment,
> unless it is specially screened.
>
> Leave it to Watchdog to grab a small piece of a much larger picture and then try and blind their viewer with sci fi goglygook.
>
> Just keep a look out for the black helicopters.
>
> Putting it simply if enough time and effort is put into it your PC and security can be breached not matter whether it is connected
> via the Lan, via wifi, via mobile usb mobile dongle or using networking over the mains. Your job, if you wish to do so, is to
> make it as complicated as you can so they pass on by looking for the next easy mark and there in lies the problem. Most don't,
> either because they don't know or can't be bothered but if you want total security the best thing for you to do is turn the dam
> thing off and even then your security can be breached in countless ways.
>
> Paranoid enough yet, remember the black helicopters, they are out there, really...honest.
I see your nemesis has been "outed", I'm surprised you aren't
gloating with TOG et all.
> "CJB" <chrisjbrady@gmail.com> wrote in message
> news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
>> BBC Watchdog has done shown a convincing demo. of the dangers of
>> accessing an email accounts via WiFi.
>>
>> They got someone to log into an email account using a WiFi service
>> at
>> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic
>> and managed to extract the username and password. This was enough to
>> connect to the session and use the email account to send a fradulent
>> email. The hacker could also have opened the emails to see if any
>> had
>> confidential information in them. If a shopping account had been
>> used,
>> credit card details could also have been extracted. Then the hacker
>> locked the account so that the ownber couldn't close it himself.
>> However the session remained alive for the hacker to use at will.
>>
>> So my question is: is the Three MiFi aka mobile broadband with a
>> dongle (containing a '3' SIM card) as insecure?
>>
>> CJB.
>
> You mean they missed the bit about being able to see everything which
> is on your screen using simple easy to source equipment, unless it is
> specially screened.
No, that wasn't it. I think at least, as they intentionally avoided
telling 'us' how they did it.
What I think they were doing were scanning for new DHCP clients on the same
wi-fi subnet/hotspot as the 'hacker' and then hijacking their web sessions
by cloning their cookies.
All the examples they showed were for gmail, so not using a webmail account
would solve that.
I'm no expert, but I wonder if properly signed https sessions would also be
prone to this kind of attack i.e. banking sessions
I agree it was scaremongering to a degree, but it is useful to warn the
public of potentially serious (to them) unsafe behaviour.
The only solution they gave was to use a VPN, but I think that's probably
OTT.
--
The email address is a spam trap. I rarely use it.
"Graham." <me@privacy.net> wrote in message
news:hcdb1d$g62$1@news.eternal-september.org...
>
> I see your nemesis has been "outed", I'm surprised you aren't
> gloating with TOG et all.
>
>
They all slip up eventually, or someone trips them up, and the more people
they upset, the more people there are about to seek retribution against
them, not that I would advocate this of course
"CJB" <chrisjbrady@gmail.com> wrote in message
news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
> BBC Watchdog has done shown a convincing demo. of the dangers of
> accessing an email accounts via WiFi.
>
> They got someone to log into an email account using a WiFi service at
> a cafe. Someone else, acting as a hacker, monitored the WiFi traffic
> and managed to extract the username and password. This was enough to
> connect to the session and use the email account to send a fradulent
> email. The hacker could also have opened the emails to see if any had
> confidential information in them. If a shopping account had been used,
> credit card details could also have been extracted. Then the hacker
> locked the account so that the ownber couldn't close it himself.
> However the session remained alive for the hacker to use at will.
>
> So my question is: is the Three MiFi aka mobile broadband with a
> dongle (containing a '3' SIM card) as insecure?
>
> CJB.
"Graham." <me@privacy.net> wrote in message
news:hcdb1d$g62$1@news.eternal-september.org...
>
> "Kráftéé" <kráftéé@b&e-cottee.me.uk> wrote in message
> news:1o2dnXTzs5P-kXfXnZ2dnUVZ7vGdnZ2d@bt.com...
>> "CJB" <chrisjbrady@gmail.com> wrote in message
>> news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
>>> BBC Watchdog has done shown a convincing demo. of the dangers of
>>> accessing an email accounts via WiFi.
>>>
>>> They got someone to log into an email account using a WiFi service
>>> at
>>> a cafe. Someone else, acting as a hacker, monitored the WiFi
>>> traffic
>>> and managed to extract the username and password. This was enough
>>> to
>>> connect to the session and use the email account to send a
>>> fradulent
>>> email. The hacker could also have opened the emails to see if any
>>> had
>>> confidential information in them. If a shopping account had been
>>> used,
>>> credit card details could also have been extracted. Then the
>>> hacker
>>> locked the account so that the ownber couldn't close it himself.
>>> However the session remained alive for the hacker to use at will.
>>>
>>> So my question is: is the Three MiFi aka mobile broadband with a
>>> dongle (containing a '3' SIM card) as insecure?
>>>
>>> CJB.
>>
>> You mean they missed the bit about being able to see everything
>> which is on your screen using simple easy to source equipment,
>> unless it is specially screened.
>>
>> Leave it to Watchdog to grab a small piece of a much larger picture
>> and then try and blind their viewer with sci fi goglygook.
>>
>> Just keep a look out for the black helicopters.
>>
>> Putting it simply if enough time and effort is put into it your PC
>> and security can be breached not matter whether it is connected via
>> the Lan, via wifi, via mobile usb mobile dongle or using networking
>> over the mains. Your job, if you wish to do so, is to make it as
>> complicated as you can so they pass on by looking for the next easy
>> mark and there in lies the problem. Most don't, either because
>> they don't know or can't be bothered but if you want total security
>> the best thing for you to do is turn the dam thing off and even
>> then your security can be breached in countless ways.
>>
>> Paranoid enough yet, remember the black helicopters, they are out
>> there, really...honest.
>
>
> I see your nemesis has been "outed", I'm surprised you aren't
> gloating with TOG et all.
Probably because I recognized the signs of a very sick, one track mind
slipping into the sewer and whilst I wouldn't try to pull it/him/her
(you have to remember Fran, must not forget Fran) out I certainly
wouldn't be jumping on it's fingers. It is strange though that it
has got no real ideals or else despite the fact that they have come
close to outing it, it wouldn't have shut up so quickly. Even the
squeakies on amateur radio have more balls than what it's displayed.
Let's just sit back and see what happens, at least it's not stating
the blatant untruths which it's been spouting for the the past several
months and my kill file has been given a rest (for now)..
"CJB" <chrisjbrady@gmail.com> wrote in message
news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
<snip>
> So my question is: is the Three MiFi aka mobile broadband with a
> dongle (containing a '3' SIM card) as insecure?
> CJB.
>
>
I would find it absured if 3's MiFi doesn't include WPA2
Steve Terry wrote:
> "CJB" <chrisjbrady@gmail.com> wrote in message
> news:4fa9f8ac-055c-4e5f-aadc-06ab6fd0aa0e@v15g2000prn.googlegroups.com...
> <snip>
>> So my question is: is the Three MiFi aka mobile broadband with a
>> dongle (containing a '3' SIM card) as insecure?
>> CJB.
>>
>>
> I would find it absured if 3's MiFi doesn't include WPA2
>
> Steve Terry
>
>
It is certainly enrcypted. What encryption it uses is another question.
It is not e.g. routine to be able to pick up cellphone conversations.
On Sat, 31 Oct 2009 06:02:45 -0000, "Steve Terry" <gfourwwk@tesco.net>
wrote:
>I would find it absured if 3's MiFi doesn't include WPA2
As far as I can make out, the original question was about security of
a public hotspot. Lots of these are unencrypted and use no security at
all: the authentication is done in a web page where you log in.
I'd only ever use a VPN with one of these.
However the MiFi is probably offering at least rudimentary encryption.
Three MiFi v.v. WiFi Security? 
Linear Mode
