Interesting - Real or Setup?

Either way it makes you think

http//youtube.com/watch?v=A88XB7_Jz7s

It's realistic, but I think the real concern would be in apartment complexes and really crowded residential areas. Sure there's concern for anyone who leaves it open but not as bad. I pick up my neighbor's wireless (14% connection, but still enough) and I was able to login to it, until he encrypted it and he's a good 70 yards away.

WEP is easy to crack but how you can see what pages the guy is currently surfing I have no idea, unless he has his whole drive shared and they are just looking at his cached files. You shouldn't be able to install some spying program just by having access to his drives (unless you install a path to his startup folder which links to one and he restarts). Well, unless you have skills...

...but yeah, either way it's probably a set-up like most things on TV. It would be hard to find a wireless network under the right conditions and have a hacked user who just happens to be booking trips and buying stuf at the same time.

[quote91166fa401="hehehhehe"]WEP is easy to crack but how you can see what pages the guy is currently surfing I have no idea, unless he has his whole drive shared and they are just looking at his cached files. You shouldn't be able to install some spying program just by having access to his drives (unless you install a path to his startup folder which links to one and he restarts). Well, unless you have skills...
[/quote91166fa401]


Yeah I kept wondering what he was using to see what he was browsing, that can't be anything easy to do.

To answer TSJ's question... it's definitely a setup. It's illegal (in the UK and US) to crack his network and get on it unless he gives consent beforehand.

Is it possilbe to check if anyone had access to your wireless network?

Guys, it's no setup. I can't speak to that particular show, but what they did is certainly possible. If I can crack your WiFi -- and if it's using no encryption, or only WEP encryption, I can do that easily -- then unless specific steps are taken I can sniff all traffic passing across your network. That includes HTTP (web) traffic, which I can capture off the air using a sniffer, and then view the pages in real time. I can also capture any data input into those pages, provided the pages are not SSL encrypted (which is why you NEVER enter your CC# on an unsecure web page).

It's not hard to do at all, and there are hackers on both sides of the law (white hat and black hat) who make a living from it.

WPA is virtually impossible to crack in a practical fashion -- brute force is the only way. But if the key is easily guessed, then you still haven't gained anything by using WPA.

If you're using WEP, you may as well be wide open, as it can be cracked in literally seconds.

Security is most effective in layers, so to hinder hack attempts you should always
[listf0683c7943][lif0683c7943]Disable SSID broadcasts and change the SSID to a cryptic name. Think of it as a first-level password that you wouldn't want somebody to guess. In your wireless clients, you'll have to type this name when you setup the connection, as you won't be able to browse and see it.
[lif0683c7943]Enable MAC address filtering in the access point/router and enter the MAC addresses of only your PC's that will be accessing the AP.
[lif0683c7943]Finally, use WPA to encrypt your wireless traffic.[/listuf0683c7943]
If you do all of those things, the likelihood of being cracked is almost nil.

While technically possible, you don't think that it's a bit convenient that they had a 'mark' who had been booking trips and buying off ebay at the exact time they were snooping? Given budget constraints, I doubt they had hours and hours to stake out several users. That's the part that made me think it's a setup (along with the fact that pretty much everything on TV is setup - 'reality shows' for example) but I guess we can never know, they could've gotten lucky.

EDIT dmorris what program can you use to view/sniff html pages in real time? I am gonna try this. I remember trying to sniff my cable network several years ago but could never make sense of the traffic.

Why would they want to break the law and risk the legal trouble when they can just pre-plan it? It's obviously a setup to me. Of course it's possible to do in reality, but it [i7d60405bec]was[/i7d60405bec] a set up.

Well this is all probable. WEP has been broken for quite sometime and has become somewhat trivial to hack.

YourGiftsFree There is software out there that will monitor the MAC addresses on your network and set off an alarm everytime a new one is found. Or you can check DHCP on your router whenever your internet seems slow for no reason. Look for unknown addresses being handed out.

dmorris I know of a few commercial apps, like eEye, but do you have any free ones that allow for webpage caching like that? Or are you doing something inside Ethereal/Wireshark to make that happen?

[quote281a90c092="hehehhehe"]
EDIT dmorris what program can you use to view/sniff html pages in real time? I am gonna try this. I remember trying to sniff my cable network several years ago but could never make sense of the traffic.[/quote281a90c092]

Yeah I want to see if I can go at my wireless connection to see how bad it is. I don't remember if it was encrypted when it was setup.

what did it say...i was distracted by the blonde ;)

i have always used protection on my network but that is a cool piece of info

I know many commercial sniffers now allow real-time HTML viewing -- I couldn't get a good look at the one they were using in that show, but it could have been any of them. They said they "purchased it on the internet" so it wasn't a freebie. I don't remember if AirSnort does it or not.

I haven't done real-time HTML rendering while sniffing, but I've seen it done, it's just a matter of using the right tool.

I've used Ethereal/Wireshark for years, and I seem to recall a plug-in or display filter or some other add-on that rendered HTML on the fly. I never had a need for it myself so I didn't pursue it, but I seem to recall one existing.

[b19823c8b9d]Edit[/b19823c8b9d] EffeTech has a product that does it, and it's cheap ($30).

http//www.effetech.com/sniffer

I should mention that packet sniffing and analysis is probably not for those who aren't network literate. It can be a bit overwhelming to set everything up properly and then know what you're looking at once you successfully capture packets.

I don't know whether it is worth securing my network or not. We have like two or three neighbors in a pretty isolated neighborhood. Its just a pain to install security on 4 computers.

There is no way my nearest neighbor could pick up a wireless signal from us.

fugger citing 2, same day.

Just a mirage son, just a mirage. ;) ("Sighting" too, btw)

I heard of a bootable disk that supposedly does some of this stuff. Called Auditor, I think. I'm not sure it's as good as what David mentioned, though.

[quote1026888e0e="dmorris68"]Guys, it's no setup. I can't speak to that particular show, but what they did is certainly possible. If I can crack your WiFi -- and if it's using no encryption, or only WEP encryption, I can do that easily -- then unless specific steps are taken I can sniff all traffic passing across your network. That includes HTTP (web) traffic, which I can capture off the air using a sniffer, and then view the pages in real time. I can also capture any data input into those pages, provided the pages are not SSL encrypted (which is why you NEVER enter your CC# on an unsecure web page).

It's not hard to do at all, and there are hackers on both sides of the law (white hat and black hat) who make a living from it.

WPA is virtually impossible to crack in a practical fashion -- brute force is the only way. But if the key is easily guessed, then you still haven't gained anything by using WPA.

If you're using WEP, you may as well be wide open, as it can be cracked in literally seconds.

Security is most effective in layers, so to hinder hack attempts you should always
[list1026888e0e][li1026888e0e]Disable SSID broadcasts and change the SSID to a cryptic name. Think of it as a first-level password that you wouldn't want somebody to guess. In your wireless clients, you'll have to type this name when you setup the connection, as you won't be able to browse and see it.
[li1026888e0e]Enable MAC address filtering in the access point/router and enter the MAC addresses of only your PC's that will be accessing the AP.
[li1026888e0e]Finally, use WPA to encrypt your wireless traffic.[/listu1026888e0e]
If you do all of those things, the likelihood of being cracked is almost nil.[/quote1026888e0e]

I keep SSID broadcasts on at home only because I don't know any other way to connect to a wireless network without setting one particular network as the first choice and then hiding the SSID. MAC addy filtering and WPA are good too, but you can't have WPA without this

http//www.kurtm.net/wpa-pskgen/

It uses javascript to generate a 63 character password 8)