Most of us nowadays can get internet access while we are in the Airport or in Cafee shop. thanks for the Wi Fi for this great feature and cheap also. But who care about security threats by using this service. In 2001 I started to think about this issue asked my self how to secure users activities while they using public Wi-Fi hot spot. I suggested using Enterprise authentication system and I made a master degree in this topic and my thesis title is "Wireless Enterprise Authentication System using Kerberos & LDAP".
In the last Black Hat event in Las Vegas. One of the co-founder of errata security announce for a tool that could sniff data while user using public Wi-Fi, This tool called FERRET.
What FERRET –Data seepage monitor- is it?
- sniffs more than just passwords.
- sniffs legitimate operations rather than intrusions.
- Sniffs Protocols: DHCP, SNMP, DNS, HTTP, AIM, MSN-MSGR, Yahoo IM, …
- Allows you to browse the data easier by using Ferret Viewer.
He used what he called Data seepage and his definition it is Information that is broadcast or available via simple inquiry or spoofing that may not by itself seem critical but become more important as pieces of a larger puzzle. He has a wonderful presentation which explain with a demo how by using this concept you can get access to users' personal information.
Reference: Errata Security
No comments:
Post a Comment