why (insecure) wireless network is dangerous?
TRANSCRIPT
WHY (INSECURE) WIRELESS NETWORK IS DANGEROUS?
Who am I?
▪ Sumedt Jitpukdebodin▫ Research And Develop Engineer▫ i-Secure
▪ My Experience▫ LPIC-1, NCLA, CompTIA Security+, C|EH v6, eCPPT▫ Speaker Of Network Security Day @KU
What’s Evil Twin?
▪ Fake Wireless Access Point.▪ Promiscuous Wireless Adapter▪ Use DHCP and airbase-ng to make.▪ Easy to make, easy to attack.
Free (Fake) Wifi?
▪ TrueWifi▪ TOTWifi▪ Home Wifi
▫ Is it true?▫ Is it safe?
Demo
How to defense.
▪ Don’t trust any free hotspot.▪ Don’t trust any client if you don’t know them.
Firesheep
▪ Develop by▫ Eric Butler
▪ http://codebutler.github.com/firesheep/▪ Big news for skip kiddy (But not for Hacker)▪ Public at Toorcon 12th
Firesheep(2)
▪ Session Hijacking(Side Jacking)▫ Steal Cookie that has session id▫ Modify the packet before send to the web.▫ And finally get in.
DEMO
How to defense.
▪ Use VPN Network▪ Use Wireless Network That Encrypt With
WPA2▪ Use HTTPS every time when you visit the site.▪ Use HTTPS Everywhere Addon of Firefox.▪ Use Firesheperd Addon Of Firefox.▪ Use Blacksheep Addon Of Firefox.
What is Tap Nabbing?
▪ Develop By Aza Raskin▫ http://www.azarask.in/blog/post/a-new-type-of-
phishing-attack/
▪ New Social Engineering▪ Target to client.
What is Tap Nabbing?(2)
▪ How’s it works?▫ Lure victim to navigate the page like normal looking
site.▫ When victim lose focus on it for a while.▫ Replace the favicon with website’s favicon. And
change the page like the real website.▫ After the victim has entered their login information
and you’ve sent it back to your server, you redirect them to real server.
Demo
How to defense.
▪ Awareness.▫ Don’t click the link when you receive the email.▫ Use the tools to check the “TRUST”◾Use WOT Addon Of Firefox.◾URL Void Website◾Long URL Website◾Etc.
▪ Always seeking the SSL before login any website.
Question?
Thank you for attention.
▪ Safe Or Not Safe, you should know.