Wow, I never knew how easy it was to grab people’s passwords and information over WIFI. You said something about “encrypted web session” is there a place where a newbie like myself could go to start learning about protecting my information?

What is the best way to ensure your connection is encrypted when you are using public wifi?

Haha, interesting post - sounds like fun!

Shoemoney you have an interesting life. I would love to travel like you do. I am not much into security, but I do get around in unix and linux. Is pubcon open to the public? Funny how SES had so many insecure notebooks… Good thing to know when I go to Chicago!

shamu - shhh

Just make sure you use ssl for your email and important web pages.
Beeing a SES conference I wouldn’t expect that everyone knows how to setup a secure tunnel back to their main machines. Probably the wifi providers could implements some security messures about this.

yes please do tell about the best way to protect a wifi connection from problems like this, is that some kind of software i need to be safe? thanks shoe

I don’t get the 40gig of traffic in 10 mins bit - even if you got the full throughput of 54g then wouldn’t it take like 1.5 hours to transfer that much?

would be nice to know how to protect urself over wifi

you travel places man!! nice..

So how can you protect yourself on a public WiFi network?

hah!

Haha, Naylor mentioned that story on his radio show recently but wouldn’t name the h4×0r d00d who showed him that, I had a feeling it was you!

To the vast array of people wondering how to protect them selves on a public network.

here’s a few google links that I think will assist you.

ssh tunneling information running a ssh server on windows ssh key authentication

Personally I use a ssh tunnel when ever I’m away from the home connection.

You look very drunk in your defcon pics.

Shared hosting is the same thing. It scares me to think of all the passwords that are accessable. Most hosting accounts are wide open to intrusion.

Script kiddies and their toys..

blah.

Defcon and SES… those are the two conferences I most wish to attend.

Good comments on the security issues - they are issues which are generally not taken serioiusly enough among the webmaster community. Having done some security ‘research’ in the last couple of years, I cannot stress how much information is transmitted open to anyone, especially in this day and age of wifi communications.

To the anon with the comment about script kiddies, well, why not? If the work has already been done, I don’t see the problem with taking advantage of it. I write some scripts myself, although I don’t often make them publicly available. Also, most professional security analysts use tools and scripts themselves - why always reinvent the wheel?

Also, the fact that many ‘hackers’ are no more than script kiddies in no way minimizes the danger, as you seem to imply by the way you write them off. Many hackers do it for personal interest, and community prestige and esteem. Most script kiddies do it because they are immature and destructive. Generally, if they get ahold of your data, script kiddies are more likely to act destructively with it than an honest-to-goodness hacker.

At any rate, good job bringing this issue up Shoe - people definately need to be more aware of this at conferences. There is alot to lose!

Yeah! Funny. Thanks!

I didn’t know you were coming to DefCon. You should have dropped me a line, I would have introduced you to some people you’d probably like to know. Next time.

[...] Interesting (read: comical) note from Shoemonkey about Defcon. Defcon is the world’s largest, most revered hackers conference held annually in Las Vegas. Attendees are the movers and shakers in the Information Security world and world-renowned hackers alike. [...]

Any time you install any kind of wireless device make sure you have all the security settings correct, this includes but not limited to, changing the SSID, master password, master login name, enabling WEP or WAP, using MAC filter, along with a good software firewall.

[...] actually wouldn´t even been thinking about going to that conference, if it wasn´t for Jeremy blogging about it last year, so tomorrow I´ll attend the “Hacking social lives: MySpace.com“, the “The [...]

“It was from Google employees and Yahoo and Microsoft.”

hehe

Most of the time there’s little you can do - if the site you’re visiting doesn’t use SSL, you’ve no choice but to either deal with plaintext details being sent, or not login. This isn’t usually an issue at home (since you’re the only one on your network - or so you should be) but in something like a conference with a shared connection it’s obviously a problem!!

For the folks who could not make it and also for you (since you couldn’t possibly see all sessions yourself either, unless you are able to split yourself up into 5 shoemoneys hehe)…

I posted ALL!! 125 session and panel video recordings from DefCon 15 up on the web and as a little bonus did I throw in a link to download the CD-Rom ISOs from the last five DefCons with tools, PDFs and PowerPoints on it as well.

Enjoy!

Great post, I think I’m going to be attending the next one. I missed this years too bad

http://www.optimize-pc.pipbiz.com

Pipbiz Software for optimizing your P C.

Have you ever had The feeling your P C has given up, getting old,getting slower. It happens to all us HUMANS
But there really is no need for it to Happen to your computer. Inexpensive software to optimize your P C, Making it feel like new again. All TRY BEFORE BUY down loadable. All the best names in optimization software.
Give your P C a boost, and cheer your self up too!!

Pipbiz offers Optimization Software

I still don’t dare to use wifi. To many people get it and don’t think about the risks.

the wall of sheep/shame should be put into all conferences IMHO

passing plaintext passwords (normally to access email systems) should be KILL’d

the only comment I have is that now more and more Wifi providers traffic shape the SSL connections so the speed slow’s down

regards

John Jones
http://www.johnjones.me.uk

That defcon thing sounds awesome! I want to go.

I will go next year if my finance allows

First time visiting your blog and the first time hearing anything about this. I am glad for both.

This is not good. E-mailing with so much security issues is too dangerous.

Public Wifi connections are starting to get dangerous everyday. One of your simple mistake can cause a hacked mail account, which will give you pretty much of headache.

Connecting to a VPN, your company’s or your own, first would pretty much take care most of the issues mentioned above.

Disabling your internet aware apps to automatically login/sign-in once a connection is available would also be a good idea.

bad things are bound to happen when the top hackers in the world come together. government agencies must and should take them seriously