From a fax? Come on now! Maybe got their credit card number lifted in a restaurant, but not from a fax, unless they left it at the Safeway after they sent it ;-)
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
Liberals are so cute. Dumb as a box of rocks, but cute.
Even password-protected FTP travels across the Internet in the clear. A hacker might not be able to trigger a download without the password. But even that is trivial to sniff.
ssh would be better. But getting non geeks to set that up and configure it would be a problem. Best bet: If you have a server you can configure (like set up FTP accounts, etc.) set up a secure web service (https). That'll encrypt the 'net traffic to slow down the average hacker. And you can apply user ids/passwords to individual subdirectories or trees of subdirectories. Managing these passwords does not require admin permission over the host (like FTP does). Only write permission over your own web share. I'm assuming Apache or something similar. IIS might be a nightmare to configure.
--
Paul Hovnanian mailto:Paul@Hovnanian.com
------------------------------------------------------------------
Disclaimer - These opiini^H^H damn! ^H^H ^Q ^[ .... :w :q :wq :wq! ^d
exit X Q ^C ^? :quitbye CtrlAltDel ~~q :~q logout save/quit :!QUIT
^[zz ^[ZZZZZZ ^H man vi ^@ ^L ^[c ^# ^E ^X ^I ^T ? help helpquit ^D
man quit ^C ^c ?Quit ?q CtrlShftDel "Hey, what does this button d..."
Lets say somebody wants to 'sniff' the WiFi traffic at a local coffee shop. It could be your competitor, hoping you are going to send some data while sitting at Starbucks. Or just someone sniffing the general traffic, looking for SSNs.
There are hacks that people can use to knock the network DHCP service off. Then, they just run their own on that subnet, directing traffic anywhere they want. Its even possible to set up 'man in the middle' attacks on secure sockets, making https services insecure (This assumes that users don't pay attention to certificate warnings that pop up, or the web site's certificate chain of authority has been compromised). The entire hostile system could easily be implemented on one powerful laptop and, in the event the hacker thinks the law might be on his trail, packed up and removed.
This appears to have happened at a local hangout near my home. Its actually a service provided by the county library system. In spite of my warning their administrator that 'something funny' appears to be going on with their network, they have yet to catch on after several months. I'm trying to correlate instances of odd network behavior with the presence of certain individuals. Unfortunately, this is also the hangout of the local organized crime muscle, so I'm guessing its their operation and the hacker with the laptop is being looked after.
--
Paul Hovnanian mailto:Paul@Hovnanian.com
------------------------------------------------------------------
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam. (Translation from Latin: "I have a catapult. Give me
all the money, or I will fling an enormous rock at your head.")
I get 'level 1' pay-as-you-go voip call termination in NZ for
0.0341/minute-- that's negligible-- only about $2 an hour-- but mobiles are 6x more expensive. Just for comparison, China is even cheaper at 0.0225 ($1.35/hour) for both land line and mobile termination.
And they're not the cheapest provider around, by any means. I think I've seen 1.2 or 1.5 cents per minute.
It's pretty much transparent (works like a POTS phone) once it's set up.
Best regards, Spehro Pefhany
--
"it\'s the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com
some does, some ftp clients and servers support TLS encryption. ftp isn't intended for sensitive data. (it's a bit of a mess there are at-least 2 different ways (not including sftp which is ssh)).
for windows machines putty and pscp are pretty easily had, (I don't know of any windows ssh server)
that seems slightly confused you don't need to be able to set up FTP accounts (which typically requires admin permission) to set up security on web pages or trees.
The was a story going around a while ago about how the Pentagon got infected with some nasty virus. The bad guy droped a thumb drive in the parking lot. Somebody picked it up and plugged it into his PC to see who owned it.
--
These are my opinions, not necessarily my employer\'s. I hate spam.
But my favorite trick is, since I'm PC-based, is to send them back 100 pages of all-black, except for a small window in the middle declaring, "Don't send to this number again" ;-)
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine Sometimes I even put it in the food
When I tried emailing a few years ago. it was problematic, but now greatly inproved. I still fax out, and I like having the hard copy right there for record. Might as well fax if your going to print a record. I have had good luck on the email filtering being done, but sometimes it can pose problems. On my main email, I don't see those 20-30 spams each day.
Yes, https would be the next step. However, FTP can also be used to transfer encrypted files and, like Linux, doesn't have enough critical mass to garner the attention of crooks. They are more interested in careless email senders, looking for account information and "hot" attachments.
--
Regards, Joerg
http://www.analogconsultants.com/
"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
Yes, pain is Mother Nature's way of saying, "Don't do that." ;-)
I once felt the signs of incipient CTS (carpal tunnel syndrome) and so I just repositioned my hand, wrist, and mouse so that my wrist didn't hurt. I've never, ever carpal tunnel. It's caused by people ignoring the pain, or "playing through the pain", and a real handy excuse for people who want to get out of work.
Yes, I believe they won't let you do that via a cell phone. Maybe there are options, too, like a number you call that then relays you to your destination. But I haven't looked because I do not need an expensive cell plan with oodles of "free" minutes.
That fee is IMHO reasonable. After all, I guess they must pay AT&T for the two or more additional pages that they have to print out, collect the money and send it over to them. It all gets invoiced on your regular POTS bill, no credit card numbers or any of that. Doesn't get any easier than this.
--
Regards, Joerg
http://www.analogconsultants.com/
"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
I'm don't like to load up my mind with paranoia ;-)
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona 85048 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine Sometimes I even put it in the food
Essentially WiFi without encryption is the same as providing an "insert phone tap here" connector in front of a residential T1 concentrator and knowing that no one is likely to notice if you make use of it: You now have a relatively small number of connections to sort through simultaneously, so if no additional encryption is employed for the actual data transmission, yeah, you're vulnerable.
Putting together binary PDF files that are embedded as e-mail attachments is still a bit trickier than just searching for a short text string that looks like it could be a SSN, though. Hmm... next time I'm at an airport or hotel with WiFi, I'll be sure to send lots of text with "457-55-5462" embedded in it. :-) (That's Todd Davis's SSN, of LifeLock "infamy," who makes $10/month for notifying the credit bureaus that his subscribers consider their identities to be at risk, and therefore any credit checks should be flagged. I suspect his profit margins are around 90%...)
You may be correct that someone's trying to hack their network, but given how the vast majority of wireless network "funniness" is due to slightly incompatible bits of software and hardware, if the library's administrator isn't particularly proficient when it comes to in-depth networking knowledge, I'm not surprised he hasn't really given you a satisfactory response: He probably doesn't know how to proceed in tracking down the problem.
Not paranoia, common sense. When we installed a sturdy lockable mailbox some folks chuckled. Sure enough, a few month later ... now they want to know where we got it.
Some protection cannot be achieved with a 9mm Glock :-)
--
Regards, Joerg
http://www.analogconsultants.com/
"gmail" domain blocked because of excessive spam.
Use another domain or send PM.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.