Just noticed that a couple of hotspots in Nairobi don't offer WEP2(mostly WEP) protected access and are vulnerable to MITM attacks, and ofcourse most users are not keen to ensure that critical sites they log into use the HTTPS protocol. *Tempted to place stickers around such hotspots reading "You do have a translucent glass on your bathroom window, don't you? then why login to critical sites without the S after the HTTP on your internet browser?"
The problem with owners of local IT systems is that they will only implement security measures once they get a taste of an Attack. Same thing applies for local websites (read govt websites. eg police websites) I suggest you give them a dose of what they are asking for [?] P.S. I only suggest this for the greater good
The situation gets worse especially in westlands. After acquiring an affordable radio over ebay and doing a couple of rounds in a car (read like a scene in a movie), the area has been successfully mapped out with hotspots with weak or none-existent authentication. So alot of user education needs to be carried out. -tyrus On Fri, Jan 21, 2011 at 3:46 PM, James Nzomo <kazikubwa@gmail.com> wrote:
The problem with owners of local IT systems is that they will only implement security measures once they get a taste of an Attack. Same thing applies for local websites (read govt websites. eg police websites)
I suggest you give them a dose of what they are asking for [?]
P.S. I only suggest this for the greater good
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I suggest you give them a dose of what they are asking for 3 words - NOT WORTH IT A better idea.... Load Firesheep/Wireshark and hijack the facebook session of a beautiful lady seated next to you, add yourself to her friend list and start the you-don't-remember-me/Im-the-nerd-seated-next-to-you/I-have-a-third-eye-I'll-sense-it-everytime-you-smile conversation.
Everybody goes home happy, others lucky! :-)
On Fri, Jan 21, 2011 at 3:33 PM, Patrick Kariuki <patrick.kariuki@gmail.com>wrote:
Just noticed that a couple of hotspots in Nairobi don't offer WEP2(mostly WEP) protected access and are vulnerable to MITM attacks, and ofcourse most users are not keen to ensure that critical sites they log into use the HTTPS protocol.
*Tempted to place stickers around such hotspots reading "You do have a translucent glass on your bathroom window, don't you? then why login to critical sites without the S after the HTTP on your internet browser?"
I have heard of that term (WEP2) only today. Looks like it really never featured in my ngumabaru classes. I have read about it<http://www.afterdawn.com/glossary/term.cfm/wep2>now though and wonder why you narrowed this down to WEP, instead of WPA/WPA2?? (I recall a post that even WPA2 is not so secure). Every time I find a hotspot, especially the unsecured ones, I get apprehensive and never try to connect. I'd think anyone with a basic idea of security wouldn't. Anyway, why not start something to enlighten Kenyans? The real problem is that there are so many jua kali consultants out there who install these equipments even without the understanding of the security implications. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
Odhiambo. Such an initiative has been started on the security forum and for almost 2 years now, and every now and then we only find like 2 or 3 of us. This year however, there are plans to set up a "DefCon" like meetup where people can come and interact specifically on InfoSec. There arent enough details at the moment but quite a handful of us are willing to work with anyone to support this enlightenment. Thoughts are welcome. -tyrus On Fri, Jan 21, 2011 at 4:11 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Fri, Jan 21, 2011 at 3:33 PM, Patrick Kariuki < patrick.kariuki@gmail.com> wrote:
Just noticed that a couple of hotspots in Nairobi don't offer WEP2(mostly WEP) protected access and are vulnerable to MITM attacks, and ofcourse most users are not keen to ensure that critical sites they log into use the HTTPS protocol.
*Tempted to place stickers around such hotspots reading "You do have a translucent glass on your bathroom window, don't you? then why login to critical sites without the S after the HTTP on your internet browser?"
I have heard of that term (WEP2) only today. Looks like it really never featured in my ngumabaru classes. I have read about it<http://www.afterdawn.com/glossary/term.cfm/wep2>now though and wonder why you narrowed this down to WEP, instead of WPA/WPA2?? (I recall a post that even WPA2 is not so secure). Every time I find a hotspot, especially the unsecured ones, I get apprehensive and never try to connect. I'd think anyone with a basic idea of security wouldn't. Anyway, why not start something to enlighten Kenyans? The real problem is that there are so many jua kali consultants out there who install these equipments even without the understanding of the security implications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Looks like I'm the one who attended the ngumbaro classes WEP2 algorithms were dropped .. its WPA2 WEP is famous for the chop-chop attacks, or as we might have it, chap-chap(passwords papo hapo) On 1/21/11, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Fri, Jan 21, 2011 at 3:33 PM, Patrick Kariuki <patrick.kariuki@gmail.com>wrote:
Just noticed that a couple of hotspots in Nairobi don't offer WEP2(mostly WEP) protected access and are vulnerable to MITM attacks, and ofcourse most users are not keen to ensure that critical sites they log into use the HTTPS protocol.
*Tempted to place stickers around such hotspots reading "You do have a translucent glass on your bathroom window, don't you? then why login to critical sites without the S after the HTTP on your internet browser?"
I have heard of that term (WEP2) only today. Looks like it really never featured in my ngumabaru classes. I have read about it<http://www.afterdawn.com/glossary/term.cfm/wep2>now though and wonder why you narrowed this down to WEP, instead of WPA/WPA2?? (I recall a post that even WPA2 is not so secure). Every time I find a hotspot, especially the unsecured ones, I get apprehensive and never try to connect. I'd think anyone with a basic idea of security wouldn't. Anyway, why not start something to enlighten Kenyans? The real problem is that there are so many jua kali consultants out there who install these equipments even without the understanding of the security implications.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
participants (4)
-
James Nzomo -
Odhiambo Washington -
Patrick Kariuki -
ty