Hi All,
I've just joined into the wifi bandwagon with my own 'little' setup
and am playing around with it(wifi + internet). What I'm concerned with is
the transmission security. (I know there's WEP but AFAIK WEP's useless)
I also know about POP mail access being in plaintext, so..
yesterday, I did a little research on what I can "sniff" using ethereal. I
tried logging into my ISP's POP mailserver, fetched my email and all that..
I wasn't very suprised when I found ethereal logging my username & Password
to the mailserver. I even found that MSN/Gaim/Yahoo Messenger is also
transmitting in Plain-text. Some website addresses even shows up in ethereal
when I access the internet using the wifi conn.
I tried logging into my Yahoo-web-mail and looking at the traffic it
generates and trying to see if I'm able to 'sniff" the username&Password. I
can see that the username is being transmitted in plain-text, but the
password is 'hashed' in some form.
The thing is..when one login into the web-based-email-login, you
type in your username and the password. What I would like to know is the
sequence under which the plaintext password will become hashed before being
sent through the internet to Yahoo-mail (eg). It's being sent wirelessly,
so.. what happens to the transmission? Does it get hashed by _my_ Computer
before being sent out (safer) or is the transmission encrypted (unlikely,
since WEP is not enabled). Or.. does it get encrypted/hashed by the
Yahoo-mail-server. Does SSL play a role here? (AFAIK, yahoo mail does not
use HTTPS protocol)
Is there any way for any_one to decipher the transmission to get the
username/password combo? Some of the _FREE_ wifi connections I've been on
would prompt out a message Like "Transmission between the pC and the Server
(radius I presume) is being send wirelessly, there is a chance that it could
be intercepted etc..etc.. "
What I would like to know is how easy would it be for someone to get the
username/password combo and how would he/she do it? And seeing this with my
own 2 eyes, I'm _never_ checking my POP mail or perhaps use MSN without
SSH/SSL when using Wifi.
What about On-Line banking? They use SSL. How _safe_ is that??
Previous to this, using wired, you're afraid he/she's gonna tap your
line,now, he/she can be as far as 1000feet away to _tap_ your line!!!! (More
if he/she uses a pringle can!)
Comments/Advise please.
Cheers, .^.
Mun Heng, Ow /V\
H/M Engineering /( )\
Western Digital M'sia ^^-^^
DID : 03-7870 5168 The Linux Advocate
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
