Re: [Full-disclosure] What is the ulitmate vulnerability ?

Hash: SHA512

Why require passwords? It's trivial for a malicious user to bypass it,
and inconvenient for the legitimate user at the Denny's across the
street that just wants to check their email. Of course if you are
sending customer information, or any other sensitive data, the
information should be encrypted (or better yet, not in the air at all).

If an admin doesn't want anyone on their network, then it's their right
to disable it, but I would hardly call offering free Internet a
"security hole".


K Tucker wrote:
> I know we all get so exited about some very complex
> and ingenious hack, but sometimes the most simple
> thing can be the biggest problem. So many hotels are
> offering wireless network that beams out all over the
> premises and even out to their parking lot. I am
> surprised how many don't even require a password to
> log on. It is so easy for some teenager that want to
> be the "evil genius hacker" to sit in the parking lot
> and do whatever he likes and be untraceable unless you
> physically catch him in the process. As an Admin I am
> tracing more and more hacks from such locations.
> Whenever I stay at a hotel that has easy access
> wireless, I am taking the time to speak to the
> managers and have had some success in getting them to
> secure things up a little. Of course even the best
> protection in such an environment is not an end all,
> but at least it keeps some of the script kiddies from
> doing harm. I would encourage any Admin that reads
> this to take up the same practice. Thanks
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -
Version: GnuPG v1.4.2-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages

  • Re: Oh Dear, Where to start?!
    ... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ...
  • RE: Securing workstations from IT guys
    ... Find the admin who is leaking the data and fire him. ... Securing workstations from IT guys ... Use encryption program to encrypt those files. ... Advise HR guys to assign passwords to their excel/word files. ...
  • Re: Securing workstations from IT guys
    ... Change all Local Admin passwords so that even IT helpdesk/other doesn't ... Advise HR guys to assign passwords to their excel/word files. ... someone from domain admin group to be able to start C$/D$ share and browse ... incoming connections to C$ and pop up and alert whenever someone tries it ...
  • Re: Apple Safari on MacOSX may reveal users saved passwords
    ... console of a logged in computer (or connected in some other ... If I have a malicious user at my console logged in ... I've got more problems than web form passwords being revealed. ... And the whole point of Keychain is preventing ...
  • Re: Passwords and Cookies
    ... Passwords are not sent over the wire in a Windows network. ... >> accounts. ... any malicious user with a NIC in promiscuous mode and a sniffer ...