[Owasp-singapore] [security-77] Fake Wireless at SG AP at AMK?

Ray Foo gunblad3 at gmail.com
Sat May 30 08:53:02 EDT 2009


Hi Onn Chee,

Wireless at SG is risky being a public wifi network, but for some other  
uses (like non-personal/secret sites, or https sites with working  
certs) it's still ok.

Another way is to use VPN but not everyone knows how to use, or cares  
to.

If it's really not illegal to run a fake AP, maybe we should be  
enforcing/educating even more the use of encryption... Or getting the  
law makers to amend the CMA :P

Ray.

On May 30, 2009, at 6:27 PM, Wong Onn Chee <ocwong at usa.net> wrote:

> Hi Ray,
>
> I will strongly recommend against using Wireless at SG, as anyone can
> masquerade their rogue AP as Wireless at SG.
>
> 3G broadband is a much safer option.
>
> Again, pardon my limited legal knowledge, but it may not be an offence
> to masquerade Wireless at SG unless IDA or the providers complain.
> Akin to our previous thread on the cyber-squatting of domain names.
>
>
> Ray Foo wrote:
>> Nope, I don't even get the login page.
>>
>> Ray.
>>
>> On 5/30/09, Frenky Tjioe <tjioefrenky at gmail.com> wrote:
>>
>>> Did you test the "fake" Wireless at SG with wrong password?  If it's  
>>> fake, it
>>> won't be able to tell whether your password is wrong.
>>>
>>> Regards,
>>>
>>> On Sat, May 30, 2009 at 12:19 PM, Ray Foo <gunblad3 at gmail.com>  
>>> wrote:
>>>
>>>
>>>> Hi guys,
>>>>
>>>> Was at AMK (hawker center behind Jubilee, not the S11) where I  
>>>> found
>>>> something weird when I was surfing around on Wireless at SG, not sure
>>>> whether it's a fake AP, but it definitely isn't normal.
>>>>
>>>> I didn't seem to have authenticated properly (my initial  
>>>> oversight),
>>>> but when surfing later, HTTP sites all were served ok, but all  
>>>> HTTPS
>>>> sites (including Gmail) returned a cert error.  Can anyone confirm
>>>> this?
>>>>
>>>> I wasn't able to check the cert details as I was using my iPod  
>>>> Touch
>>>> then, and I didn't want to accept the wrong cert to find out what
>>>> happens...
>>>>
>>>> Hope someone's not running a fake AP, it'd be pretty  
>>>> dangerous...Fyi
>>>> the range of the AP was detectable for a pretty large area in AMK
>>>> central as I was walking around.
>>>>
>>>> Ray.
>>>>
>>>>
>>>>
>>>> --
>>>> Please Note: If you hit "REPLY", your message will be sent to  
>>>> everyone on
>>>> this mailing list (security-77 at meetup.com)
>>>> http://security.meetup.com/77/
>>>> This message was sent by Ray Foo (gunblad3 at gmail.com) from The  
>>>> Singapore
>>>> Security Meetup Group.
>>>> To learn more about Ray Foo, visit his/her member profile:
>>>> http://security.meetup.com/77/members/5643827/
>>>> To unsubscribe or to update your mailing list settings, click here:
>>>> http://www.meetup.com/account/comm/
>>>> Meetup Support: support at meetup.com
>>>> 632 Broadway, New York, NY 10012 USA
>>>>
>>>>
>>>>
>>
>>
>>
>> --
>> Please Note: If you hit "REPLY", your message will be sent to  
>> everyone on this mailing list (security-77 at meetup.com)
>> http://security.meetup.com/77/
>> This message was sent by Ray Foo (gunblad3 at gmail.com) from The  
>> Singapore Security Meetup Group.
>> To learn more about Ray Foo, visit his/her member profile: http://security.meetup.com/77/members/5643827/
>> To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/comm/
>> Meetup Support: support at meetup.com
>> 632 Broadway, New York, NY 10012 USA
>>
>>
>>
>>
>
> _______________________________________________
> Owasp-singapore mailing list
> Owasp-singapore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-singapore


More information about the Owasp-singapore mailing list