Thanks guys for the info. Although this was done in a some what "testing" scenario for Dan, there were also non SRCLE laptop users in the cafe, that could have had there passwords compromised.
--Manny On Mon, Dec 29, 2008 at 11:06 AM, David Kaiser <[email protected]> wrote: > Right. ARP spoofing made everyone's laptop on that network send their > packets to Dan's laptop instead of to the router. ARP spoofing can be > done with a number of little tools that any script kiddie can download > and run. > > And that's the problem with script kiddies - they actually haven't done > anything innovative... I don't think Dan Tentler actually wrote any > code or ever did anything original - certainly nothing educational to > the group - he just ran someone else's application and harvested > everyone's packets looking for personal information. Any one of us > could do that (but none of us have except for him.) > > The big issue I have with his actions is that at the end of the night we > all had a big question mark about what amount of our information was > exposed. It would be different if we saw his screen and saw when he > started & stopped the capturing, and were able to audit his equipment > and personally verify what of our personal data he either did or didn't > have at the end of the night - but instead we have a big question mark. > > Yes, Dan Tentler says he didn't log any of the data and that he erased > his capture session - but I don't know him well enough to trust his > words on face value like that. I certainly don't find his actions > (either online or in person) that trustworthy. > > So in my mind that means that any personal data (username, password, IP > numbers, etc.) that anyone transmitted to the network on Saturday night > is under a big question mark - we can't verify that he didn't retain > it - no matter what he says about the issue. > > From a security exposure perspective, that question mark is worse than > knowing exactly what details someone has - because you have to assume > the worst case. If you sent any usernames or passwords in the clear - > you should change that password now. > > > > > On 12/29/2008, "Roger E. Rustad, Jr." <[email protected]> wrote: > >>Chris Penn wrote: >>> SSL is safe, as long as you don't accidentally accept a bad cert. I >>> was accepting a cert for pidgin when I accidentally just hit enter for >>> a cert that pop up as I was booting up on the local lan at its a >>> grind. While pidgin was loading I had Firefox loading as well which >>> was logging in to gmail. When that happens, ssl is working fine, but >>> no longer matters. >> >>Also, when this happens, you're not sending your traffic to, say, the >>wireless router in the coffee shop, you're sending it to someone else's >>laptop (thanks to ARP spoofing). As soon as that happens, the ssl cert >>(or whatever) breaks and you're prompted to confirm the change...which >>Chris inadvertently did. >>_______________________________________________ >>LinuxUsers mailing list >>[email protected] >>http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
