WHY (INSECURE) WIRELESS NETWORK IS DANGEROUS?

Who am I?

▪ Sumedt Jitpukdebodin▫ Research And Develop Engineer▫ i-Secure

▪ My Experience▫ LPIC-1, NCLA, CompTIA Security+, C|EH v6, eCPPT▫ Speaker Of Network Security Day @KU

What’s Evil Twin?

▪ Fake Wireless Access Point.▪ Promiscuous Wireless Adapter▪ Use DHCP and airbase-ng to make.▪ Easy to make, easy to attack.

Free (Fake) Wifi?

▪ TrueWifi▪ TOTWifi▪ Home Wifi

▫ Is it true?▫ Is it safe?

Demo

How to defense.

▪ Don’t trust any free hotspot.▪ Don’t trust any client if you don’t know them.

Firesheep

▪ Develop by▫ Eric Butler

▪ http://codebutler.github.com/firesheep/▪ Big news for skip kiddy (But not for Hacker)▪ Public at Toorcon 12th

Firesheep(2)

▪ Session Hijacking(Side Jacking)▫ Steal Cookie that has session id▫ Modify the packet before send to the web.▫ And finally get in.

DEMO

How to defense.

▪ Use VPN Network▪ Use Wireless Network That Encrypt With

WPA2▪ Use HTTPS every time when you visit the site.▪ Use HTTPS Everywhere Addon of Firefox.▪ Use Firesheperd Addon Of Firefox.▪ Use Blacksheep Addon Of Firefox.

What is Tap Nabbing?

▪ Develop By Aza Raskin▫ http://www.azarask.in/blog/post/a-new-type-of-

phishing-attack/

▪ New Social Engineering▪ Target to client.

What is Tap Nabbing?(2)

▪ How’s it works?▫ Lure victim to navigate the page like normal looking

site.▫ When victim lose focus on it for a while.▫ Replace the favicon with website’s favicon. And

change the page like the real website.▫ After the victim has entered their login information

and you’ve sent it back to your server, you redirect them to real server.

Demo

How to defense.

▪ Awareness.▫ Don’t click the link when you receive the email.▫ Use the tools to check the “TRUST”◾Use WOT Addon Of Firefox.◾URL Void Website◾Long URL Website◾Etc.

▪ Always seeking the SSL before login any website.

Question?

Thank you for attention.

▪ Safe Or Not Safe, you should know.