Skip to main content

Honeypot WIFI networks - Stealing your datarz :-)

I occasionaly connect to WIFI networks that redirect me and ask for some type of username and password. Often when out and about, on trains and at airports are good examples. Luckily in my laptop I have a 3g sim and so don't have a need for their wallet busting prices. 

I suppose if you were fairly keen on getting a username and password for one of these services, you could always

  • Connect to the network in question
  • Save the page the you get redirected to
  • Set up your laptop as a wireless hotspot and call the network BT_OPENZONE
  • Modify the page slightly, posting and saving to a text file of your choice and force visitors to redirect to your new Page. Anyone foolish enough to login (not noticing that it's not on https etc..) will give you their password and username.
  • Logon using your stolen details. Of course you need to remember that the action would be illegal..

It got me thinking that you could be even more malicious. Sitting down in a Starbucks, mimicking their WIFI and modifying your hosts file to redirect to fake local pages of major banks, email sites and the like is essentially a giant honeypot for collecting personal data. Someone could even prepare a complete web server install so that numpties wouldn't have to code the various fake sites etc... 

Having thought of this makes me glad I stick to my 3g! I wonder how many people don't even think about accessing private sites without https on public networks. I wonder how many people walk out of The House Of Commons into a local pub and access sites on their Smartphones over the local WIFI without even thinking about things like this. If I was a nasty little spy I would be doing things like this. In fact I am certain they are doing things like this to our technologically demented MPs right now. 

Comments

Dom Finn said…
Nice one, I'll check it out!

Popular posts from this blog

My home office upgrade wish list.

My home office is almost due an upgrade. I have been holding off until my youngest daughter is out of her cot as then we can finally dispatch the enormous monstrosity of a cot out from the kids bedroom and the drawers that are in my office can be banished giving me better access to my wonderful whiteboard. My other improvements will be purchasing a new, larger monitor. I currently work from a single 22ich Samsung which just doesn't cut it anymore, I did have two at some point but I can't recall what I did with it. I really enjoy using a touch screen so I think I will go for one of these 27inch Hannspree models that I have used before. I put a lot of hours in at home and whilst I have a reasonable chair I still tend to suffer with some back problems, so my next port of call will be to get a Varidesk for home. It works an absolute treat at work and just lets me switch stuff up when I feel like it. they take a reasonable amount of desk space up but I tend to leave my desk fairly

Making your domain less mutable

This happens regularly to me (and from my anecdotal investigation everyone involved in large / old projects). We need a new piece of functionality. I write it, it's beautiful and I win the internet. I have estimated 8 days (or 22.23 lol-points depending on how you live) and it's only taken 4 days. Ah, but then a very small; mostly ignored and very unimportant detail rears it's cruel head. You need to make it work with the code that exists already. This is normally in the form of saving to some pre-existing entities. Oh dear. You save everything through the various management / service classes that exist already and nothing works. So begins the next couple of days of horror. You find that you didn't set the work = true . Most of my woes in this area are caused by modifications at layer further down (or the stored procedure it finally ends up in) changing the object that I was trying to save or not saving part of the object because of some rule. So many errors

Creating star ratings in HTML and Javascript

I'd searched around a little for some shortcuts to help in doing this but I couldn't find anything satisfactory that included the ability to pull the rating off again for saving. I'd ended up coming up with this rather cheeky solution. Hopefully it helps you too! This is my first post in a while (I stopped blogging properly about 8 years ago!) It's strange coming back to it. Blogger feels very crusty and old by todays standards too.