Skip to main content

Honeypot WIFI networks - Stealing your datarz :-)

I occasionaly connect to WIFI networks that redirect me and ask for some type of username and password. Often when out and about, on trains and at airports are good examples. Luckily in my laptop I have a 3g sim and so don't have a need for their wallet busting prices. 

I suppose if you were fairly keen on getting a username and password for one of these services, you could always

  • Connect to the network in question
  • Save the page the you get redirected to
  • Set up your laptop as a wireless hotspot and call the network BT_OPENZONE
  • Modify the page slightly, posting and saving to a text file of your choice and force visitors to redirect to your new Page. Anyone foolish enough to login (not noticing that it's not on https etc..) will give you their password and username.
  • Logon using your stolen details. Of course you need to remember that the action would be illegal..

It got me thinking that you could be even more malicious. Sitting down in a Starbucks, mimicking their WIFI and modifying your hosts file to redirect to fake local pages of major banks, email sites and the like is essentially a giant honeypot for collecting personal data. Someone could even prepare a complete web server install so that numpties wouldn't have to code the various fake sites etc... 

Having thought of this makes me glad I stick to my 3g! I wonder how many people don't even think about accessing private sites without https on public networks. I wonder how many people walk out of The House Of Commons into a local pub and access sites on their Smartphones over the local WIFI without even thinking about things like this. If I was a nasty little spy I would be doing things like this. In fact I am certain they are doing things like this to our technologically demented MPs right now. 

Comments

Dom Finn said…
Nice one, I'll check it out!

Popular posts from this blog

Motorola MC65

We have a new PDA in town now. As a replacement for the army of MC9000 and MC70s that are in the field and are being discontinued, we now are moving up to the Motorola MC65. I have had the new handheld for about a week now and have been impressed so far. It's a great improvement over the MC70. I have no idea how the numbering system of the Symbol / Motorola devices works. I assume there must be several ranges such as the 50s 60s and 70s.? Anyway the?PDA?has windows mobile 6.5.3, a better touch screen and is faster. Much faster. The skin that has been put on the OS has also applied to our software and I think it makes it look much cooler. We had several problems in adjusting our software so it would work with the new MC65. First was the change in resolution. The MC70 has a much lower resolution than the MC65s and as some of our screens were not using the auto scale settings in the form and some of the buttons on our forms were created at run time rather than design time, this posed

Accessing the UI Thread with Tasks in F#

I have a Windows Forms program written in F# that can deploy a code base to n number of sites at once (you select the sites you would like to deploy to and it goes off and completes a number of tasks (backing up current sites, various unpacking and moving of files etc... ). Once you start it, it begins it's merry journey and begins to update the UI with what has happened. At the moment this method of updating the UI is not pretty because the threads I am doing the work on can't update the UI so I perform some fiendery to make that happen (don't ask). I knew there was a better way using some newer .NET features but I just hadn't got round to having a fiddle yet. I have now found that if you use the built in Task class but break your code up in a nicer way and then chain the tasks together you can then pass the correct context into the task that you want to talk to the UI. Here's a little script to give you a feel for it. You can press the "start" butt

Cab Control

Received another call today from a company interested in my  Cab Control Software . Basically it's taxi management . The software needs a re-write to get it from Windows Forms onto the web. I have great hopes for the software. It really just needs to time and ingenuity pouring into it. I have loads of ideas for it but just have so little time.  It currently has this functionality which I'll need to get across:  Add drivers and Taxis and keep track of their contact details, addresses, licence details, CRB checks and eligibility to work in the UK. Basic account management functions, such as creating a customer account and putting the account on hold.  Add Bookings for drivers and customers Creating reports for customer accounts that could be exported as a CSV file for billing purposes.  Creating reports for drivers to know how many pickups the drivers had made. Query the bookings for enquiries and police check up reports. Provide management tools to check MOT and Service details