Receive new posts as email.
RSS 0.91 | RSS 2.0
RDF | Atom
Podcast only feed (RSS 2.0 format)
Get an RSS reader
Get a Podcast receiver
| Sun | Mon | Tues | Wed | Thurs | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator or JiWire, Inc.
Entire site and all contents except otherwise noted © Copyright 2001-2006 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Powered by
Movable Type
« Marshalls Use of WEP Leads to 200m Stolen Credit Card Numbers | Main | Sensible Take on the Municipal Part of Muni-Fi »
The Times mades a big blooper, mistaking a login bypass for an attack: The Times Online has this story about how Starbucks in the UK are being targeted by hackers (phishers and simply criminals, really) who are setting up evil twins, which are computer-based hotspots that masquerade as the legitimate local network. The evil twin itself connects to the legitimate network to provide backhaul. Evil twins are useful at harvesting information sent in the clear, as well as providing fake DNS coupled with locally hosted phishing Web sites that might convince a user to enter private data.
Unfortunately, the Times’s information, uncovered in a chat room, points to a method by which hackers are bypassing paying for T-Mobile’s Starbucks-based service. The chatroom discourse begins with someone asking about man-in-the-middle (MitM). In classic MitM, an intruder inserts themselves between two parties, relaying information while listening in. In cryptographic circles, MitM is defeated by using effective key exchange with out-of-band confirmation through certificate authorities, reading a fingerprint to one another, or other methods.
The next chatroom messages the Times discusses, however, are about tunneling Internet traffic from DNS (domain name service). DNS is used to take a domain name and retrieve the associated Internet Protocol (IP) address. Because the login process for a hotspot requires DNS to work, DNS requests are generally passed through without restriction. However, DNS requests can return loads of other information in special resource record types. With the right kind of software on both ends—on your laptop and a remote server—you could perform an end run around authentication and tunnel your traffic over DNS just like a virtual private network connection tunnels all its traffic via the VPN connection. Devicescape uses DNS to retrieve authentication information in its lightweight device-oriented hotspot login environment.
The chatroom participants pretty much state this outright: “I am now able to tunnel my way around public hotspot logins…It works GREAT. The dns method now seems to work pass starbucks login.” In fact, there are two popular DNS tunneling packages available.
Hotspots can throttle DNS traffic, or filter queries, but there are clever ways around this, including returning data as part of the alias for a domain name that’s requested (a CNAME or canonical name record). So much of DNS requires passthrough of arbitrary data that I don’t know how large a problem this is. One of the quoted chatroom messages in the Times article notes that the user was only able to get a few kilobits per second, which could be a result of either throttling or overhead. It’s possible T-Mobile has throttled DNS traffic to a very low speed, which would make sense.
Posted by Glennf at May 5, 2007 2:11 PM
Categories: Security
TrackBack URL for this entry:
https://db.isbn.nu/mt3/mt-tb.pl/4549