Skip to main content

Honeypot WIFI networks - Stealing your datarz :-)

I occasionaly connect to WIFI networks that redirect me and ask for some type of username and password. Often when out and about, on trains and at airports are good examples. Luckily in my laptop I have a 3g sim and so don't have a need for their wallet busting prices. 

I suppose if you were fairly keen on getting a username and password for one of these services, you could always

  • Connect to the network in question
  • Save the page the you get redirected to
  • Set up your laptop as a wireless hotspot and call the network BT_OPENZONE
  • Modify the page slightly, posting and saving to a text file of your choice and force visitors to redirect to your new Page. Anyone foolish enough to login (not noticing that it's not on https etc..) will give you their password and username.
  • Logon using your stolen details. Of course you need to remember that the action would be illegal..

It got me thinking that you could be even more malicious. Sitting down in a Starbucks, mimicking their WIFI and modifying your hosts file to redirect to fake local pages of major banks, email sites and the like is essentially a giant honeypot for collecting personal data. Someone could even prepare a complete web server install so that numpties wouldn't have to code the various fake sites etc... 

Having thought of this makes me glad I stick to my 3g! I wonder how many people don't even think about accessing private sites without https on public networks. I wonder how many people walk out of The House Of Commons into a local pub and access sites on their Smartphones over the local WIFI without even thinking about things like this. If I was a nasty little spy I would be doing things like this. In fact I am certain they are doing things like this to our technologically demented MPs right now. 

Labels:

Comments

Dom Finn said…
Nice one, I'll check it out!
23 March 2012 at 13:02
Post a Comment

Popular posts from this blog

Making your domain less mutable

This happens regularly to me (and from my anecdotal investigation everyone involved in large / old projects). We need a new piece of functionality. I write it, it's beautiful and I win the internet. I have estimated 8 days (or 22.23 lol-points depending on how you live) and it's only taken 4 days. Ah, but then a very small; mostly ignored and very unimportant detail rears it's cruel head. You need to make it work with the code that exists already. This is normally in the form of saving to some pre-existing entities. Oh dear. You save everything through the various management / service classes that exist already and nothing works. So begins the next couple of days of horror. You find that you didn't set the work = true . Most of my woes in this area are caused by modifications at layer further down (or the stored procedure it finally ends up in) changing the object that I was trying to save or not saving part of the object because of some rule. So many errors
Post a Comment
Read more

IIS Administration using Microsoft.Web.Administration using F#

A friend had mentioned his joy at using Powershell. I guess this is pretty cool and I don't mind Powershell. I sort of missed the boat a little with it because I haven't done any Windows Administration since I used to look after Windows Server 2000 machines (and possibly a couple of 2003). At that time I had a different arsenal to cause untold woe on my fellow colleagues....VBSCRIPT!!!! Boy could I cause trouble with that. With a combination of that, VBA and SQL I used to love creating spider webs of pure madness, once written the apps were tied together so precariously; one false move and the entire thing would explode.... anyway that's a different story. Back to the Powershell. He was using it to automate IIS (or else I heard what I wanted to so I could try and push F# onto him, who knows?). I have heard various stories of extremely large platform automation scripts being written recently (for example  .net rocks interview with Steve Evans ) and whilst they seem to be g
Post a Comment
Read more

My home office upgrade wish list.

My home office is almost due an upgrade. I have been holding off until my youngest daughter is out of her cot as then we can finally dispatch the enormous monstrosity of a cot out from the kids bedroom and the drawers that are in my office can be banished giving me better access to my wonderful whiteboard. My other improvements will be purchasing a new, larger monitor. I currently work from a single 22ich Samsung which just doesn't cut it anymore, I did have two at some point but I can't recall what I did with it. I really enjoy using a touch screen so I think I will go for one of these 27inch Hannspree models that I have used before. I put a lot of hours in at home and whilst I have a reasonable chair I still tend to suffer with some back problems, so my next port of call will be to get a Varidesk for home. It works an absolute treat at work and just lets me switch stuff up when I feel like it. they take a reasonable amount of desk space up but I tend to leave my desk fairly
1 comment
Read more