

A Hacker's Story: Let me tell you just how easily I can steal your personal data - thomasyale
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data

======
mmaro
Someone is eventually going to go to prison after stupidly uploading evidence
of themselves wiretapping a wireless network they don't own.

There's also an interesting double standard here: would it be quite so
acceptable to casually listen in on people's GSM calls or wireless house phone
calls?

~~~
rottencupcakes
Does there exist legal precedent for this? It would seem hard to argue for
expectation of privacy on an unsecured wireless network on a protocol without
TLS.

~~~
varjag
Why is that so?

A landline phone is also trivial to tap into. Should you not expect some
degree of privacy on the phone?

~~~
gloob
Phones, like mail, are a special case in a whole bunch of ways, legally, is my
(Not A Lawyer) understanding. Using them as a basis for comparison is probably
not going to reveal a lot.

~~~
varjag
Well we were talking about expectations here, were we not? I certainly expect
my IM, email, VoIP and other forms of communication to be no less private than
phone or post. So does, I believe, nearly everyone else. Just because one
stumbles (stumble is not the right word though for what article described -
the malicious intent was clear) into an unsecured segment does not make it
right to eavesdrop.

------
kleiba
So, what exactly is the point of this article? "If you're on an insecure
network, people can steal your data." ?? Not such a big surprise...

~~~
Kadin
Not to people who read HN, certainly, but just judging from behavior, it's
something that's totally lost on a lot of people (even people who ought to
know better). There's a weird assumption of nonexistent privacy when people
use their computers; a fair number of users seem not to grasp that using the
Internet at Starbucks (or at a hotel, or in an airport) is very different and
much less secure than using it at home.

Trespassing into an apartment building seemed a bit gratuitous and creepy,
though, and might distract from the lesson (by making people think they can
really improve their security by being on the lookout for nerds tailgating
them in the door). I think the point could have been made just as well by
sitting in a coffee shop, or checking into a hotel with free Internet access
for an evening.

------
jeffreyg
should be renamed 'A Script Kiddie's Story'

~~~
kolemcrae
Wow, had no idea the article would become so popular.

I wrote the article and would just like to make a few points.

I am NOT a hacker. I don't claim to be. I'm just a geek that's curious about
network security. They called it "A hacker story" because this is what hacking
is to the general populace.

I understand that REAL hacking is completely different.

The point of the article is this:

It's REALLY easy for even a non-hacker to get all this information. I'm not
saying to stop using open netqworks, just be careful what you do on them.
That's all.

Thanks everyone for reading it.

------
crocowhile
>Also, don't browse hardcore porn on a public network.

OMG people will know someone likes porn!! People do FAP. Get over it.

------
watty
I'm sorry but looking at packets on an unsecured network is in no way
"hacking". Even cracking a WPA network and using a MITM attack is trivial with
all the tools and tutorials available.

~~~
mcherm
What is your point? The fact that it is trivial was the point of the article.

------
gallerytungsten
Reports of the death of wired Ethernet are greatly exaggerated.

------
joeyh
physical intrusion? lame.. get a parabolic or yagi antenna

------
girlzhack
Let me tell you an even easier way hack - download Firesheep

~~~
Locke1689
Firesheep is just an automated GUI for what we've been doing all along.
Ettercap, wireshark, etc are far more flexible and can be used to execute a
wider variety of attacks. Firesheep, for example, won't ARP poison on a wired
network.

~~~
nands
Try Cain Able, its it probably the best ARP spoofing tool around for pc.

~~~
iuguy
You don't need to ARP spoof on an open wireless network.

But Cain is in my standard pentest toolset for various reasons, not just ARP
spoofing.

~~~
Locke1689
_You don't need to ARP spoof on an open wireless network._

Right... which is why he didn't mention wireless networks...

That's like saying, yes SQL injection is powerful, but it doesn't work on CSRF
vulnerabilities -- complete non sequitur.

