The Hidden Glasgow Forums

To post in the forums you will need to first register. All new members are welcomed, with one caveat: You must behave and be nice AND SEARCH BEFORE POSTING!

Skip to content

Leaving Wi-Fi Open

Moderators: John, Sharon, Fossil, Lucky Poet, crusty_bint, Jazza, dazza

Post a reply

Postby maxpower » Sun Jul 22, 2007 4:19 pm

ninatoo wrote:My X set up a wireless network in my house, for the kids, connecting their computer to mine as well as the internet.

Someone out there very quickly detected us, downloaded their printer onto my computer (a mistake I believe), over-riding my own printer, and then proceeded to download porn, and lots of it. The strange thing is that the history showed up in internet explorer's history, and actually downloaded pictures to the kid's computer. The guy at the computer shop says that wasn't possible but I am here to tell you - it is. Before you all suggest my kids were exploring the net - they were not even home the weekend that I caught this stuff.


Sounds like they were controlling your PC by Remote Access, that'd explain why the sites were in the history. Guy at the computer shop needs to do his homework some more. ;)
maxpower
Second Stripe
Second Stripe
 
Posts: 83
Joined: Sat Nov 05, 2005 5:54 pm
Top

Postby ninatoo » Sun Jul 22, 2007 8:25 pm

Yep Max, that is what I thought after researching the problem on the net.

Anyway, when I get a free afternoon, I will call D-Link support line and get them to walk me through the installation all over again. I don't trust myself to get it right after all that. Come to think of it why did I trust my X? :evil: :P 8O :oops: :x :) It must have been a brain burp.

Nina
User avatar
ninatoo
Second Stripe
Second Stripe
 
Posts: 236
Joined: Mon Mar 06, 2006 5:36 am
Location: Australia
Top

Postby Apollo » Tue Jul 24, 2007 1:26 am

That's a nasty story in ninatoo's account, but probably a reasonable example of what can happen. As I said before, just because it's wireless and you can't see what's happening doesn't make it any less like having someone walk in through your front door without asking, and plugging a cable into your system, especially of there's no security set.

The remote access is interesting, as I used to use this around the country to get onto network in branch offices. The only thing it needed was to have the client part on the host machine. Although I'd heard other managers talk about a host client that could be sent to auto install silently on a target, no-one ever came up with one, and I always needed someone to physically do that with software I sent them, but the idea's no different from a virus payload.

If that was the case, the remote access client should still have been on the PC and findable, unless well hidden away, so there should have been detectable evidence in the worst case.
User avatar
Apollo
Third Stripe
Third Stripe
 
Posts: 2283
Joined: Sun May 09, 2004 10:26 pm
Location: Glasgow
Top

Postby ninatoo » Tue Jul 24, 2007 3:13 am

Apollo, the only evidence I could find that someone else was using our connection was that Internet Explorer History (we use Firefox only at our house, but of course IE installed on our computers) had all the porn sites listed on it. This is how I discovered that the porn was downloaded when my kids were not there. I couldn't find any evidence such as a cookie by using Firefox. And I don;t know how to find evidence other than that.

Another factor which pointed to someone having access was that my computer crashed one night and wouldn't boot. The technician said the problem was that someone had altered what I think he called the BIOS commands needed for boot up. I hadn't touched them, and don't even know how to find them. So now I think this infiltrator was able to do it. Well I don't know....but that's my story.

Nina
User avatar
ninatoo
Second Stripe
Second Stripe
 
Posts: 236
Joined: Mon Mar 06, 2006 5:36 am
Location: Australia
Top

Voice of a cynic

Postby blink148 » Wed Sep 05, 2007 12:18 am

Ninatoo

Before I start I must say that I could be completely wrong and it is possible for hackers to ssh into your network and so on. In fact, for someone in the know it's really not that difficult - although unlikely.

This is where your PC guy at the store is coming from. For simplicity sake he's just telling you it's impossible.

To a location hacker they would actually have to go out their way to surf via your browser. Why not just surf their own and via your account, or spoof yours? If nothing else it leaves traces of them on your machine.

Silly for them.

If they have the knowledge to control your machine there's a very good chance you wouldn't know about it.

More likely, from my own experience: A neighbour has bought a wireless router and muddled through. Instead of joining their own network when the new flashy 'join network' option appears.. they have joined yours. Surprisingly this can happen even if their own wireless node is 2 feet away from them. Channels, interference, people being idiots etc...

After joining your network (thinking it is theirs) they have then set up a network printer. This is the key. Good chance it is a neighbour within 100 feet assuming it's a standard router.

As to the porn history. I'm a cynic, what can I say. It's not even feasible for a trojan to work like this. Why would anyone leave a trace on your machine? Unless they are a bit clueless of course.
The difficulty in running porn 'through' your login just isn't worth it.

I would look closer to home. If you can truly say 100 percent that no-one in your household has had the access to go to those sites - truly (forget the time stamp) then someone is messing about with your files but they are more of a nuisance than a threat.

Of course, you can just press the reset button on the back of your router to make it all go away. Until the next uber-hacker gets a hold of you of course.

Remember, the best way to get a WI-FI password from your neighbour is to go in for a cup of tea and take a note of the big sticker with the password on the side of the modem. Long live social hacking ;-)
blink148
Just settling in
Just settling in
 
Posts: 5
Joined: Sun Jul 08, 2007 10:21 pm
Top

Postby Rossco » Sun Sep 09, 2007 1:34 am

I agree with blink148 completely:

I think the whole 'wireless security' mania is nothing more than histrionics.

Okay, someone might use your connection for activities you'd rather they didn't, but criminal liability for this lies with the person responsible for the activity rather than the connection with which it was performed. The Computer Misuse Act and the Communications Act criminalise those accessing unsecured networks without permission rather than the owners of the networks themselves regardless of the use that was made of it. This law acknowledges that data networks may often be fleeting and ad hoc (such as rf, bluetooth connections and bluetooth scatternets) and that ownership can't be established. And with legitimate open networks everywhere from Glasgow Caledonian University to Apple on Buchanan Street, it's not like you're aiding and abetting! The 'unsecured network' argument has been a successful argument against RIAA prosecutions too.

Secondly, security isn't really an issue so long as the individual computers within your network (wireless or wired) are all secure. I mean, it's a bit of a leap of faith to hope that your router will successfully take on the security threats of the most dangerous of connections - the internet through your broadband connection. Personally, I don't and secure every machine on my home network as though it were internet facing (virus checker, firewalls, software updates...) And to say that you only tinker with these things when your computer isn't working is just asking for trouble - you drink water and eat fruit to stay healthy - you put oil in your car to stop the engine grinding to a halt - you brush your teeth to keep them from rotting. It'd be considered negligent to do anything else.

And so what if people can see what you are surfing? Big deal? I'm not all that bothered because I know that anything really important is encrypted between me and the secure servers (such as those with your bank, online shops, web based email). And SSL decrypting - are you having a laugh... Even if this were possible by your average hacker, the security an encrypted wifi network would offer wouldn't stand up to a fraction of the power required to crack ssl and so this is an entirely moot point. Okay, instant messaging isn't encrypted (most of the time) and can be sniffed (the process by which a hacker would gather up your data to look at it) but I wouldn't give out anything confidential anyway that way.

So what's the big deal about leaving your internet connection open? I'm not sure... I'm really not.

My real concern is that the hysteria is being fueled by the police who would rather we all locked down our networks so that they know that when someone accesses an illegal site or performs a criminal offence online, then the list of suspects will be limited to only those with access to the network from which the crime was performed. Currently, the police are calling for ISPs to keep all data traffic and surrender it to them on demand so that they can catch criminals at work but this isn't currently legal under data protection laws. ID cards are leading us sleep walking into a police state - are secured networks taking that police state virtual? How's that for a twist :P

Ross
User avatar
Rossco
Busy bunny
Busy bunny
 
Posts: 18
Joined: Sat Nov 15, 2003 1:27 am
Location: Glasgow City Centre
Top
Previous
Post a reply

Return to Glasgow Chat (Coffee Lounge)

Who is online

Users browsing this forum: Google [Bot] and 7 guests

Powered by phpBB® Forum Software © phpBB Group | Hidden Glasgow is supported by Infinite Eye