Google Pushing HTTPS Further

https featured image 740x427

Implications for Public Facing Wi-Fi Security, Advertising and Analytics.

You may have already noticed – Google search has been strictly using HTTPS for some time now. Typically, you would not enter passwords in a keyword search and so people probably were not terribly worried about search sites not using HTTPS (Bing still allows HTTP). Nonetheless, Google has led by example by adopting strict HTTPS for search. With this, they have also demonstrated that HTTPS isn’t the bottleneck for transactions scalability of the site.
Additionally, just last month, Google disclosed that they will provide (slight) SEO rank incentives to HTTPS sites. If the trend picks up and most useful sites on the Internet move to HTTPS (news and other type of information distribution sites have the least penetration of HTTPS), it will impact public facing Wi-Fi in some interesting ways.   Read more

Wi-Fi Insecurity Wrap-up for 2010

The year 2010 witnessed continued growth in the enterprise WiFi deployments. The growth was fueled by the latest 802.11n revision to WiFi technology in the late 2009 and ready availability of WiFi in most consumer electronic devices launched in 2010, including the smart phones, printers, scanners, cameras, tablets, TVs, etc. The year 2010 also witnessed… Read More

SSLstrip: Even Careful Users Can Be Trapped by Wireless Honeypots

Moxie Marlinspike presented SSLstrip at Blackhat early this year. The author made observation as to how most people initiate access to secure (HTTPS) websites using insecure connection (HTTP) which creates opportunity for the man-in-the-middle (MITM) attacker to get into the middle of the connection without flashing certificate mismatch message on the user’s machine. It is… Read More

WiFish Finder: WiFi Honeypot vulnerability assessment made simple

What % of WiFi laptop users in your organization are vulnerable to WiFishing attacks? The odds are very high that you don’t have an exact answer.   WiFish Finder is a tool for assessing whether WiFi devices active in the air are vulnerable to ‘Wi-Fishing’ attacks. Assessment is performed through a combination of passive traffic… Read More

Karmetasploit: Integrated Tools Lower Bar On Hacking Wireless Clients

Metasploit Framework integrated with KARMA! Metasploit is most potent security penetration and exploit development platform, while KARMA is a potent Evil Twin (Honeypot) tool with attracts unassuming wireless clients. With this integrated tool, it is all the more easier to establish wireless connectivity with probing wireless clients and “Metasploit” them. http://trac.metasploit.com/wiki/Karmetasploit http://blog.trailofbits.com/karma/