Skip to main content

Honeypot WIFI networks - Stealing your datarz :-)

I occasionaly connect to WIFI networks that redirect me and ask for some type of username and password. Often when out and about, on trains and at airports are good examples. Luckily in my laptop I have a 3g sim and so don't have a need for their wallet busting prices. 

I suppose if you were fairly keen on getting a username and password for one of these services, you could always

  • Connect to the network in question
  • Save the page the you get redirected to
  • Set up your laptop as a wireless hotspot and call the network BT_OPENZONE
  • Modify the page slightly, posting and saving to a text file of your choice and force visitors to redirect to your new Page. Anyone foolish enough to login (not noticing that it's not on https etc..) will give you their password and username.
  • Logon using your stolen details. Of course you need to remember that the action would be illegal..

It got me thinking that you could be even more malicious. Sitting down in a Starbucks, mimicking their WIFI and modifying your hosts file to redirect to fake local pages of major banks, email sites and the like is essentially a giant honeypot for collecting personal data. Someone could even prepare a complete web server install so that numpties wouldn't have to code the various fake sites etc... 

Having thought of this makes me glad I stick to my 3g! I wonder how many people don't even think about accessing private sites without https on public networks. I wonder how many people walk out of The House Of Commons into a local pub and access sites on their Smartphones over the local WIFI without even thinking about things like this. If I was a nasty little spy I would be doing things like this. In fact I am certain they are doing things like this to our technologically demented MPs right now. 

Comments

Dom Finn said…
Nice one, I'll check it out!

Popular posts from this blog

An instantiated object should be "ok"

I've been QA'ing quite a bit of work recently and one common theme I've noticed across both Java and C# projects I have been looking at is that we occasionally open ourselves up unessacarily to Exceptions by the way objects are being created. My general rule of thumb (which I have seen mentioned in a Pluralsight video recently but also always re-iterate in various Robust Software talks I have done) is that you shouldn't be able to create an object and then call a method or access a property that then throws an exception. At worst, it should return null (I'm not going to moan about that now). I've created an example below. We have two Dojos, one is good and one is bad. The bad dojo looks very familiar though. It's a little class written in the style that seems often encouraged. In fact, many classes start life as something like this. Then as years go on, you and other colleagues add more features to the class and it's instantiation becomes a second

Accessing the UI Thread with Tasks in F#

I have a Windows Forms program written in F# that can deploy a code base to n number of sites at once (you select the sites you would like to deploy to and it goes off and completes a number of tasks (backing up current sites, various unpacking and moving of files etc... ). Once you start it, it begins it's merry journey and begins to update the UI with what has happened. At the moment this method of updating the UI is not pretty because the threads I am doing the work on can't update the UI so I perform some fiendery to make that happen (don't ask). I knew there was a better way using some newer .NET features but I just hadn't got round to having a fiddle yet. I have now found that if you use the built in Task class but break your code up in a nicer way and then chain the tasks together you can then pass the correct context into the task that you want to talk to the UI. Here's a little script to give you a feel for it. You can press the "start" butt

NESTA - Next Gen.

via nesta.org.uk Following on from an article on the BBC about Raspberry Pi, this next gen report has some interesting findings. The scariest stat which I picked out from the BBC website was "out of the 28,767 teachers who were awarded Qualified Teacher Status... in 2010, only three qualified in computing or computing science as their primary qualification" Having worked as a computer science teacher for a year in a school that was a specialist in Computing I can concur that the uptake in Comp Sci was woeful. 2 Students for A2... The other teachers backgrounds in Computer Science was also fairly woeful (most knowing a bit about Office but still a paltry amount even about that). I couldn't speak for my counterpart that I was covering however. I suspect they were fairly up on things. All in all what kills me is that Computer science is not a secondary level subject. Areas are often covered, a little in IT, a little in DT subjects (if kids choose Systems and Contr