[Owasp-singapore] [security-77] Fake Wireless at SG AP at AMK?

Wong Onn Chee ocwong at usa.net
Sat May 30 06:27:56 EDT 2009


Hi Ray,

I will strongly recommend against using Wireless at SG, as anyone can
masquerade their rogue AP as Wireless at SG.

3G broadband is a much safer option.

Again, pardon my limited legal knowledge, but it may not be an offence
to masquerade Wireless at SG unless IDA or the providers complain.
Akin to our previous thread on the cyber-squatting of domain names.


Ray Foo wrote:
> Nope, I don't even get the login page.
>
> Ray.
>
> On 5/30/09, Frenky Tjioe <tjioefrenky at gmail.com> wrote:
>   
>> Did you test the "fake" Wireless at SG with wrong password?  If it's fake, it
>> won't be able to tell whether your password is wrong.
>>
>> Regards,
>>
>> On Sat, May 30, 2009 at 12:19 PM, Ray Foo <gunblad3 at gmail.com> wrote:
>>
>>     
>>> Hi guys,
>>>
>>> Was at AMK (hawker center behind Jubilee, not the S11) where I found
>>> something weird when I was surfing around on Wireless at SG, not sure
>>> whether it's a fake AP, but it definitely isn't normal.
>>>
>>> I didn't seem to have authenticated properly (my initial oversight),
>>> but when surfing later, HTTP sites all were served ok, but all HTTPS
>>> sites (including Gmail) returned a cert error.  Can anyone confirm
>>> this?
>>>
>>> I wasn't able to check the cert details as I was using my iPod Touch
>>> then, and I didn't want to accept the wrong cert to find out what
>>> happens...
>>>
>>> Hope someone's not running a fake AP, it'd be pretty dangerous...Fyi
>>> the range of the AP was detectable for a pretty large area in AMK
>>> central as I was walking around.
>>>
>>> Ray.
>>>
>>>
>>>
>>> --
>>> Please Note: If you hit "REPLY", your message will be sent to everyone on
>>> this mailing list (security-77 at meetup.com)
>>> http://security.meetup.com/77/
>>> This message was sent by Ray Foo (gunblad3 at gmail.com) from The Singapore
>>> Security Meetup Group.
>>> To learn more about Ray Foo, visit his/her member profile:
>>> http://security.meetup.com/77/members/5643827/
>>> To unsubscribe or to update your mailing list settings, click here:
>>> http://www.meetup.com/account/comm/
>>> Meetup Support: support at meetup.com
>>> 632 Broadway, New York, NY 10012 USA
>>>
>>>
>>>       
>
>
>
> --
> Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list (security-77 at meetup.com)
> http://security.meetup.com/77/
> This message was sent by Ray Foo (gunblad3 at gmail.com) from The Singapore Security Meetup Group.
> To learn more about Ray Foo, visit his/her member profile: http://security.meetup.com/77/members/5643827/
> To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/comm/
> Meetup Support: support at meetup.com
> 632 Broadway, New York, NY 10012 USA
>
>
>
>   



More information about the Owasp-singapore mailing list