If I was in a coffeeshop, using my laptop....would someone be able to sniff my username and password info, and anything I'm talking on on ICMAG?

Or is everything encrypted?

[pmorris]

when u connect up at the coffeeshop check your network settings to see if WEP or WPA is enabled. otherwise your wireless isnt secure, someone can connect to your network and can run freely available software that can monitor your network activity.

[Existenzophile]

Quote:

Originally Posted by Indicad2006

If I was in a coffeeshop, using my laptop....would someone be able to sniff my username and password info, and anything I'm talking on on ICMAG?

Or is everything encrypted?

Anyone behind the same router as you can sniff your traffic regardless of the network encryption. WEP can be cracked in under 15 minutes, and WPA is also a broken standard. So even unauthorized users can quickly gain access to what you belive to be a secure network THERE CURRENTLY IS NO SUCH THING AS A SECURE WIRELESS NETWORK!!!

You can however mask your traffic on open networks by using TOR. But packet sniffing is the least of your worries if you're using an open network for secure communication :/

https://tor.eff.org

bump

Okay, thx for the responses...but it wasn't what I was looking for..

Here is the answer:

I have a packet sniffer, and was sniffing my own wi-fo node while I logged onto icmag.

Your username for the message board is in clear text.... but the password appears to be encrypted.

Also, everything you write is in clear text...I think every single thing listed on the message board... if it shows up on your screen, its been sent in clear text.

If you use a site like myspace.com..... your username and password are CLEARLY shown... so thats at least one site I found that you shouldn't use in an open wi-fi.

[Existenzophile]

Passwords in vBulletin since version 2.20 (i think?) have been stored on the SQL database as an MD5 hash of the password you enter plus some randomly collected data (called salt, which ensures that even if two users have the same password the MD5 hash will be different) What you are querying the database for isn't your plain text password, but the md5 hash of you password. When you log into Myspace, you are not logging into a vBulletin message board.

But like I said, if you are using an unsecure network for secure communication the least of your worries should be someone sniffing you packets with ethereal...

Thats interesting...

So what else is there to worry about?

[pmorris]

Quote:

Originally Posted by Indicad2006

Okay, thx for the responses...but it wasn't what I was looking for..

Here is the answer:

I have a packet sniffer, and was sniffing my own wi-fo node while I logged onto icmag.

Your username for the message board is in clear text.... but the password appears to be encrypted.

Also, everything you write is in clear text...I think every single thing listed on the message board... if it shows up on your screen, its been sent in clear text.

quick question, is your "wifi network" using WEP or WPA? while you are sniffing or is it off?

[Underground Man]

AFAIK wep/wpa only protects the network from "outsiders." So it won't hide your traffic from other users of the same access point.

Some websites/servers/whatever have secure password transmission, some don't Of course an attacker may not need to steal your password if all your other traffic is being transmitted in plain text.

Quote:

Originally Posted by Existenzophile

But like I said, if you are using an unsecure network for secure communication the least of your worries should be someone sniffing you packets with ethereal...

I am not sure I understand your point. The internet itself is an unsecure open network, when you send a packet through it you never know where it will go. or who will be able to see it. Wireless just makes it a bit easier for a snooper to "plug-in" locally.

I agree that Tor is good for preventing local snooping. Don't use public access points without it.