Why You See 'Free Public WiFi' In So Many Places 260
An anonymous reader writes "Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.' Of course, since it's ad hoc (computer to computer) it's not actually access to the internet. So why is this in so many places? Turns out it's due to a bug in Windows XP. Apparently, the way XP works is that if it can't find a 'favorite' WiFi hotspot, it automatically sets up the computer to broadcast itself as an ad hoc network point, using the name of the last connection the computer attempted. So... people see 'Free Public WiFi' and they try to log on. Then their own computer starts broadcasting the same thing, because it can't find a network it knows. And, like a virus, the 'Free Public WiFi' that doesn't work lives on and on and on."
almost as bad as linksys (Score:1, Interesting)
but at least linksys gets you a internet connection 99% of the time. BTW this story is a dupe from last year.
Yep, noticed this long ago. (Score:3, Interesting)
I have no idea why, but someone must have tried to connect to it. Now, almost a year after leaving that school, people still tell me that the 'ghost' of my laptop broadcasting can still be seen.
There are 2 ad-hoc networks out there that are 'ghosts' now, the first is my nickname (yeah, bad choice for a perpetuating network, I know) and the second is named after the university network, which is accessible on clear days.
Re:"They Still Use Windows XP?!" (Score:1, Interesting)
Hell, I'd still be using W2K except I have one or two apps that won't run under it. I actually downgraded from 7 last year after determining that 7 did absolutely nothing I needed that XP didn't, and had plenty of quirks that drove me crazy.
Re:Possible attack vector (Score:3, Interesting)
I've got my laptop set up so that anything important (EG: Email, file transfer) is set up with strong encryption. Websites, not so much, though I do have a squid proxy server so if it matters, it's a single command and three clicks to secure my web browsing. [calomel.org]
Re:Dupe (Score:3, Interesting)
Slashdot is starting to become a news aggregator. I knew about this bug since 2003 and evey few years someone digs it out, either blaming it on a bad configuration or a virus attack. Hell its not even a bug if you have your WiFi properly set up to never connect to ad-hoc networks.
To be honest, this is the first time I have read the true reason and not try the whole "the internet is dangerous and full of viruses" reason. Its hard to even classify it as a bug as it would make it convenient to auto connect to a local ad-hoc network. Still consider it a bug if you have to turn off ad-hoc to disable though:P
Re:So... (Score:2, Interesting)
I don't believe that works for TLS. (Score:3, Interesting)
While most people use the term "SSL" to refer to "secure internet" most https connections today use TLS.
TLS uses pseudo random element in the handshake which prevents the MITM scenario you described.
Sadly Google Chrome doesn't support TLS (no friggin idea why) so server will negotitate down to the less secure SSL v2 or SSL v1 standard.
IE 8 or later, Firefox 2.0 or later. and Safari (no idea what version) all support TLS but obviously google thinks security is over-rated.
Re:Heh! (Score:1, Interesting)
So does WPA.
Re:I see this alot (Score:5, Interesting)
Actually, it is pretty easy to hijack about any wireless network using WPA. WPA2 is only a tad bit more harder and both are easier then wep until you get into some business class security. Basically, all you need to do is flood the connection to force a reconnect between the devices then run a script or program on those packets.
It's actually a little more difficult then that, but once you find the right programs and the right hardware to work with them, it's not much more difficult then that. And the most difficult parts are already taken care of and reusable for the most part.
I have a laptop set up specifically to do this. Whenever I have a customer claim their rocket scientist nephew, or son, or the neibor's- dog's- sister's- aunt's cousin, or the time warner cable guy swears that wireless is safe and I don't know what I'm talking about, I simply tell them to go ahead and install it, then show up to ask how it's going with the wireless and show them that I'm already on the network. Sometimes I have to wait outside for about a half hour before I get it cracked, but I haven't ran into one wireless network yet that took longer then 2 hours to crack into. And yes, all the software needed is pretty much free and available on the interweb waiting to be downloaded and used. There is a pretty steep learning curve though but it's not that hard and there are a lot if tutorials out there. This is especially easy when the time warner guy and most outside techs try to use a phone number for the key phrase. Often, if you have a list of phone numbers to a building with wireless, going through those will get you a working key without needing all the monitoring and cracking software. Start with the Fax numbers as they are often tied to the DSL or the Cable Internet Phone which makes it easy for the technicians to find if they have to service it again.
Anyways, once you are on the network, it's pretty trivial to send command to any windows box to do things that give you more control. Especially if they have the power shell installed. Most firewalls don't screen addresses on the network as it seems to be universally trusted in most environments.
Re:Poisoned DNS. . . (Score:3, Interesting)
It all depends on how much they want to invest in their attacks. I can see easy ways of doing it that wouldn't require breaking SSL traffic at all. First, look up a wifi pineapple [lmgtfy.com]. If you notice, they are using a regular wifi router with a hacked firmware stuffed into a seemingly innocent object. Just take that firmware a bit further by installing a proxy server that captures the key exchange then decode the traffic. Or better yet, rig the proxy to relay everything until it hits a bank site, then cause the page to reload with a dynamic copy of it to mimic the banking site, and refuse the first and second attempts to connect. You know have basically tricked them into entering their username/account numbers and passwords into something you can easily read. They will concentrate more on trying to type the account information in correctly then noticing the page changed slightly. Allow them through the second or third time unobstructed and they will simply think they fat fingered some character as they typed.
There used to be a proof of concept code that would pretty much do just that floating on the web but a quick search turned up nothing I recognized. It basically intercepted all web requests and relayed the page/pages requested to the user as if it was hosted on the gateway device itself. I think it could even mimic some self signed security certificates but had trouble with most of them. Either way, setting it to hit originally with the right page, forcing a reload with the faked page, then allowing the real page to pass could all be controlled with software and scripts giving access to most of the important stuff.
Re:I see this alot (Score:2, Interesting)
Nah, good businessmen realize that people want cars that work with all the gas, not just the fucking branded gas, and that people will buy more of the cars if they don't have to track down the branded gas.
The assholes that think selling branded gas is awesome are just assholes who like branded gas.
Re:Possible attack vector (Score:1, Interesting)
Well, except for porn sites. Chrome doesn't report back to Google what porn sites you visit, because that would be an invasion of your privacy. It just sends the name of the site to Google first to check it against Google's blacklist of "do not report" sites, and if the site's not listed, Google's server reports back to Chrome to report the site to Google as a place your'e visiting; if it's blacklisted, Google's server reports to Chrome not to report the site back to Google, thus ensuring the user's privacy.