General Musing

blaze your trail

I just pulled off a phishing operation #security

leave a comment »

T-Mobile Transportation Insecurity
You may know that T Mobile offers free WiFi in Dutch public transport, I discussed the insecurity previously. Here a security researcher saw whether he would be able to fool travelers into using his AP over the one offered in the train… It worked… sigh

I previously discussed T-Mobile here
http://specialbrands.net/2011/01/15/internet-in-the-train-geoip-transport/

Adrianus Warmenhoven
I just pulled off a phishing operation in the dutch trains; I have linux installed on my tablet and I had my WiFi broadcast itself as AP with SSID “tmobilefast”. In linux I had a squid and a dns server with some entries ‘poisoned’ so I could fake the SSL keys (self-signed, mind you). My mobile phone tethered it to the HDSPA.

Within 10 minutes I was watching as facebook, gmail and a companies webmail passing through my squid…

This tells me that people are ripe for the plucking in public transport…

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

May 21, 2012 at 6:59 pm

Posted in Uncategorized

Please Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: