Right. ARP spoofing made everyone's laptop on that network send their packets to Dan's laptop instead of to the router. ARP spoofing can be done with a number of little tools that any script kiddie can download and run.
And that's the problem with script kiddies - they actually haven't done anything innovative... I don't think Dan Tentler actually wrote any code or ever did anything original - certainly nothing educational to the group - he just ran someone else's application and harvested everyone's packets looking for personal information. Any one of us could do that (but none of us have except for him.) The big issue I have with his actions is that at the end of the night we all had a big question mark about what amount of our information was exposed. It would be different if we saw his screen and saw when he started & stopped the capturing, and were able to audit his equipment and personally verify what of our personal data he either did or didn't have at the end of the night - but instead we have a big question mark. Yes, Dan Tentler says he didn't log any of the data and that he erased his capture session - but I don't know him well enough to trust his words on face value like that. I certainly don't find his actions (either online or in person) that trustworthy. So in my mind that means that any personal data (username, password, IP numbers, etc.) that anyone transmitted to the network on Saturday night is under a big question mark - we can't verify that he didn't retain it - no matter what he says about the issue. >From a security exposure perspective, that question mark is worse than knowing exactly what details someone has - because you have to assume the worst case. If you sent any usernames or passwords in the clear - you should change that password now. On 12/29/2008, "Roger E. Rustad, Jr." <[email protected]> wrote: >Chris Penn wrote: >> SSL is safe, as long as you don't accidentally accept a bad cert. I >> was accepting a cert for pidgin when I accidentally just hit enter for >> a cert that pop up as I was booting up on the local lan at its a >> grind. While pidgin was loading I had Firefox loading as well which >> was logging in to gmail. When that happens, ssl is working fine, but >> no longer matters. > >Also, when this happens, you're not sending your traffic to, say, the >wireless router in the coffee shop, you're sending it to someone else's >laptop (thanks to ARP spoofing). As soon as that happens, the ssl cert >(or whatever) breaks and you're prompted to confirm the change...which >Chris inadvertently did. >_______________________________________________ >LinuxUsers mailing list >[email protected] >http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
