Whats the point in having SSL...

pike

You will be molested
Aug 8, 2004
639
0
0
Cleveland, OH
#1
...on a public forum? Can't everyone read the messages we post anyway?
 

Hoagie

I suggest you tread lightly
Wackbag Staff
Mar 24, 2004
13,643
312
628
Your Mom's box
#2
Zag went to a hacker convention and he got scared.
 

MAV

Registered User
Nov 23, 2005
10,578
1
368
Denver, CO
#3
i dont think its the messages that hes worried about.
 
Jun 30, 2005
10,778
1,995
616
outsiddah Boston
#5
it's because in 2008 wackbag is going to be a pay site and they need to set up the debit's and what not with peoples bank accounts. The account number will be tied to a user name and based upon number of threads read you will incure a fee, this fee was set as you are an ass if you are starting to get pissed thinking that wackbag is going to be a pay site because clearly this is a norton style lie
 

sniper

Front, and to the right...
Wackbag Staff
It's My Birthday!
Oct 13, 2004
3,850
0
341
Masshole
#6
After learning that tacos are the new "in"...

Think about all this next time you're at a "free wireless hotspot" and remember there's people like me sitting in starbucks on a lazy sunday with nothing better to do.

I rarely give free advice of this nature, so use it wisely.
AND WITH THAT, TLDR POSTS WILL BE DELETED! Fuckers

This also goes for ANY website, not just wackbag. This includes hotmail, gmail (any webmail really), non-ssl shopping sites (why would you??? However I've seen sites ask for CC information in plain text for reservations and made them call me for it.) Myspace is susceptible to this in a MAJOR way, as well as other blogging and social networking sites, since they don't even offer an ssl option. non secured mail clients send your passwords in plain text, so do FTP clients.
At wackbag, we're doing this to protect you, should you decide to use it.

information on the internet is transmitted and received through packets. Anyone on the same network can "sniff" those packets and unless the user being "sniffed" is using encrypted (SSL) packet transfer, the information is right there in real time in plain text.
Here's a sample of a plain text transmission of a new user (ssltutor) sending a private message to me on wackbag. In this example i'm using Wireshark to capture the packets from my lab computer.

Code:
POST /private.php?do=insertpm&pmid= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.wackbag.com/private.php?do=newpm
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Host: www.wackbag.com
Content-Length: 406
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: wackbagsessionhash=967e5de2bd12ecd24f13fde3a2fdfc02; wackbaglastvisit=1192314141; wackbaglastactivity=0; IDstack=%2C45240%2C; __utma=19816894.866893488.1192314023.1192314023.1192314023.1; __utmb=19816894; __utmc=19816894; __utmz=19816894.1192314023.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

recipients=sniper&bccrecipients=&title=this+is+a+test+message.&message=This+is+a+test+message+that+i+don%27t+want+anyone+to+see%2C+cuz+it+has+phone+numbers+and+other+personal+information+in+it.%0D%0A%0D%0ABut+watch+what+else+you+can+do.%0D%0A%0D%0AThink+about+this+the+next+time+you+use+a+free+wireless+hot+spot.&wysiwyg=0&iconid=0&s=&do=insertpm&pmid=&forward=&sbutton=Submit+Message&savecopy=1&parseurl=1HTTP/1.1 302 Found
Date: Sat, 13 Oct 2007 22:27:25 GMT
Server: Apache/2.2.4 (Fedora)
X-Powered-By: PHP/5.1.6
Expires: 0
Cache-Control: private, post-check=0, pre-check=0, max-age=0
Pragma: no-cache
Location: http://www.wackbag.com/private.php
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Let's break this down.

I'll start with the obvious first. There's my not-so-private message right there to read, as well as who it was sent to:
recipients=sniper&bccrecipients=&title=this+is+a+test+message.&message=This+is+a+test+message+that+i+don%27t+want+anyone+to+see%2C+cuz+it+has+phone+numbers+and+other+personal+information+in+it.%0D%0A%0D%0ABut+watch+what+else+you+can+do.%0D%0A%0D%0AThink+about+this+the+next+time+you+use+a+free+wireless+hot+spot

Now, once you get rid of the server formatting we know:
This message was sent to user sniper
the title of this message: This is a test message
and the body of the pm:
This is a test message that i don't want anyone to see, cuz it has phone numbers and other personal information in it.

But watch what else you can do.

Think about this the next time you use a free wireless hot spot.
"aww c'mon I don't PM or send any PMs with personal info"
Good for you!
No really, good!

ok, there is one of those 'howevers' in there.
Before I get to that though, let's take a look at what your browser sends when you log onto wackbag.

Code:
POST /login.php?do=login HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.wackbag.com/login.php?do=logout&logouthash=709cabd46defc31277434ee0ef6c3759
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Host: www.wackbag.com
Content-Length: 169
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IDstack=%2C45240%2C; wackbagsessionhash=e5c738b741c8067e99c8268d900e50a5; __utma=19816894.866893488.1192314023.1192314023.1192314023.1; __utmb=19816894; __utmc=19816894; __utmz=19816894.1192314023.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

vb_login_username=ssltutor&vb_login_password=&s=&do=login&vb_login_md5password=1570db1431bb76a0156b49c2cd775570&vb_login_md5password_utf=1570db1431bb76a0156b49c2cd775570HTTP/1.1 200 OK
Now, luckily, we at wackbag love our users and pay for the software the board runs on. Vbulletin encrypts your password a bunch before it leaves your browser. The above tells you it's an MD5 hash, which by itself can be dictionary attacked or brute forced to reveal the real password (if you have the time), however this board adds more variables to that encryption process to pretty much make that useless, it'd take less time to fly to the person's house, stake them out for a week, break in, and install a keylogger.

So we'll let other sites just give away your passwords. Maybe now you can understand why it's not good practice to use the same password for every site you visit ;)

Ok, no password here, fine, we'll just dig for information.
Let's take a look at what else your web browser gives up in the process.


Cookie: IDstack=%2C45240%2C; wackbagsessionhash=e5c738b741c8067e99c8268d900e50a5; __utma=19816894.866893488.1192314023.1192314023.1192314023.1; __utmb=19816894; __utmc=19816894; __utmz=19816894.1192314023.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Like most sites on the net Wackbag's sessions are cookie based. The web wasn't really created for all the things that's been created for it.
Using a tool (find it on your own) the attacker can steal your cookie and hijack your currently logged in session. What's that mean?

They log in as YOU! This is how myspaces get hacked, and why they shortened the time you have to be inactive before they make you log in again. (Myspace is lazy)
Now the attacker can view all of your PMs, (not just the ones you sent or were sent to you while online in the coffee shop), and who you correspond with. This also works the same way with webmail. :icon_eek:

"How do I keep this from happening!???!?1one"
Use ssl: Lets look at the same transmission using the ssl site.

Code:
....a...]..G.Xk[e...qeD.5,.Y.t>.y..[.7..(V. ...Tf..K.=T.....KK...Is..U...>p........
...d.b.........c......J...F..G.X.btu.[I1..J.e......+.8..!..G. ...Tf..K.=T.....KK...Is..U...>p..............8l...P>D[.e.M..O..d~p>7..'. ..f.....{...L.*c!7H.[.....#............8.8....6..v.\7Sd..Y+.
k....F.y...l@...r.3WEe..7z..`..6#.......r.K;.....B...ec....7..%m.Ci.(f.8"...9..4..g._.......Q.tx.L.F.....".....-E{2....3.N.2..W{.*QX...m..C3.H.Q,...=]-O.q..-:s...(......
.0..s.....L.M..)..C.Lp...$....;..M......2..B}=.q.7...@..2.m...l
..........Z.Z<...J..6.:9.h0...[.....E.)......1.R".t.j.dX...&.....0...:..i.B.o.....ak..!*...QL.. ...l..R..-Xp...AH....O...8A@.
.0#$...i..v...$^l. .;a.kdB~~LQ.Y..+...-w.,.m@..l$o.'.........>1E..f....@.[;B....4.l.Z.2.x20..p...A.<a..K.g.O.......H;.....P$.....{.Q.:..V.......yC...)..;sbb...%P.~.K..T...D
....S......+....AX........H.Y.>>.5.$~....A]....._.~.,T....y..F.8h$..Td.....XU....%)...J.Ow..7.....6.tB...8.....$..O....u
...I.>........:...P.....k.y...N...(,n.]..RAb....3...U..0....$.?.h\..#..L.M.I..py../..aB.m...z.TNA....e4..p).h...Wa6.....1.'q.n...p.....%......&. ...T...@G.Cz.5qu..fl...R'&..Ll....0..-G${N...+....-i.YH .iB=k..+>C.0&
....e
TG..v.Jtm.J.....2..#..{....q......6./...F.`....(.(....#.2x...u..q.g....j#*.(~...r.m....d.t-P.)..b...V5...\U.taY.....Z....N1..,....L^......w,..8..nC....B .
..y......xDctM}.-..S7...ni.1.{.P.e.L....e.:.y.....n{d..F...^....Wt9.7OD.{U....9..[.k...Ao...I..jK....#....4....D.T.G.w.".7.JP.... .[..MJz@.I.C>...../.......F..A..7....j..P..R....M`r)..5Ok.[..!....~.*.H.....^.=.{qB..C.....A."..^l......k.MJC.....
...l='[..\.......t...J%.V..j@*..).....8......%.m..Xx....9....<..q.....l4#....u.]/.
..~.&X4U!..at.c..F............R....z.....T.....?..G...D..O.}^[..=x.U.[...,."|.-....9\.0C.>HQ....T.....z.=b.L.9(5.\...7">q.4........~mh.i..eQ..k..9?...$r..`.V.....>...}......7...."....`uhn ..<h,W.?..AI*$.I.c.4..#.../....n.lys..Cc.VS..*4.Y..<......n.^....<.nup...QG.,p"."._h...M....~.-..)...U.....F..O.....G.@{G\J..#......f]..we.....I2y{-.E.s.Y.
.f........a.p=..`..<.......K.c.A....ly.5/..B.j)[..@|..E).58.
J=.a..N.U..a.L,.4.,.V.y..P.+.._..Ma.Z....'...w.R.Xqo.....HP..B.P....Y.l.V.?...j.+......l../,..k.....~E.B...!..2Z.........eT..5........
.U.J5S...s]b..T3....MXe...(i.
.....X.s.2W...wq.._,.H.FB..."..
K!.S"m+.....x,u.t..& .0.F..|.?......7K;9.Q'".......Uj\-.+...@...+<r..$.
..uv./#.q.*...8..Z.+.....=AoUb[y...6.....(..8..5.'...:\/..!.+.$g..E....=$h......gA..c?......k6w...2}Z....B.5../.b.Z.a.,L..*M.....72R5H....^L..b.99.)F+3..Z..F........<...KF......>.[.a.......g=...23".............
.92w.3...E.\...c.3!...dG.\p.....u:...b.v`..;'.|....t.k.I'[...t..q.=.Zb....:..s.c..wqY3yK.2..a...0.l...P"51._{.4D...JS=.._.z.U..!c...=".%..x....e...P.....~9.....>^.zq.].N...!.].+H..E.z..J5].`../...Z^.f..l...2.N..x.`..@...6.Q..4.b......y(X.k~...Q...q.i.R>.k..j..x....G.=eg.e
j.t....J..k.B..V.U....5w....fW..D......&0 ....l........c.....U.....VI.......J.8p.H-.E.D......e).....W...@..d...e.S.oSdmi.....r.4iz......_.....Y.i._
.....g?s{.c...|..?.....M...9...!.....Y<_.v.....(......\.....]
|..Y.
-\....@.G#;.....zO.L.p.u,P.,M:..H2..q.m.p..aL..Y.:.U*al.i.#..V.".-O!..c..T`._.o.......p.2.$P.ydGZ...G..@...b-.....!(HK....&........|.7Y..I.m.....h
LpP...g.....k.....a.h...?..).|..8AT.9.n..t..V...QC.......V~..6..m.).s..H)$......'u.V....'}...}....3..].}g..EA".$......../K......_!M.S..s......59...... #'.._.Q7.Jn..{.8D..59..dv.G...&....L.X.|Tud.....mj......\....k...4Fx[.........e'..4f1..
T."I.
....{X...FrY.^ .."{.,.'yy'...9...!...i..I^......p..j.%..y.|.:n.}...8../6.
.._\..t...'Y.
.....,8F..T[.<B.E.....R.....z.Dz.;.../?
.Cv...D.....s.o....x.*...%.h..
90.. 
./.I.|.b..Y-.u_..L...D.....{@^s..b2..........Dw/.w.........w.?..KT....G..3.#n.[.&o..;...NW.Gt...Y,.$*.8.;........~.+{V$.....4...w....".h, .b......s.'.....y....b7..+.K.\..a..c.'.....:...............K-v
.yK.......K..S.....J....G
@..pA..C".....+.k.../.(.bl..].A...VU......oe..F.T.l7.$k..y..... ")..8.g.....W........>..NcU..M....AS.^....;.xTG.XzR..."5.y%.u........=.........H}.]w.l....+..>(..D.../U.B...".B.\.UQ3.... .1iQ..R.J.Z...`....Ru$EO..T....k.I...r..*.^#~.a..3........+..l:...0....../..$.....$..<.d.....{.@,.(.......F@...$..#|8..^x\J...4.a.-.............
...q.$>........`.pO......Ws.ar;C..T1..@A..2....1.(..]...t..y...<..>.'..c..^.k}....8.
...........1s...S..8.'......
...=..p.l.......H:.e..8..|..h*S.2.I|.)C..B..<...XB..x...0.B.K.]%...YI9%{.:u....jM.vb......fp..t.).CU..7..A".E...nb.."..CD
dY.i....7...L.A..1.W P.*!c.P.... 9......f......rU.....g.k.&.!....7vl..=s."...S.x.Ar....2."..+..E..gF...z......2.z...#...x...fu.!.......Z./....~.&...]iHZ......y>Z...C..lh...>r.....p.%.v.9..a..)...
/..e"(....^L(=..AF.....h.....H.-..wj.r3.Ac.-....i.
.~J^....WZ.h.8....VE.h.-.k.D.8.....}d.=.l.v....
...C).....W-x...\].Gl......2..K..#........x$..Y....}....b.K.j.e.5()j......S@J.+..Z..
a.h...Y..ob.E.~...D!I.I....
Nq..g....S.J`....(^R..yL..R...........H .g5.=+..]"V....v...v)...........l.0.l.?b....a".:...N.'`....c..
?.LF.... .....j....h.....1|...$...u-,....3...k..^M.....e..v.K.....
oRN.:.s....>s..|.
Can you read that? :D:action-sm
Hope that answered your question.
 
S

ssltutor

Guest
#7
*Takes a bow

:action-sm
 

zagman76

Wackbagger, Geek, Administrator
Wackbag Staff
Nov 18, 2004
12,599
590
628
Long Island, NY
#8
Thank you sniper! That was very nicely put!

In addition, it's not only the person who is capturing your wireless packets, but it could be anyone who is "listening" along this path (this is my path, yours could be longer):
Code:
 # traceroute 66.29.22.106
traceroute to wackbag.com (66.29.22.106), 30 hops max, 40 byte packets
 1  host1 (*.*.*.*)  1.222 ms  1.215 ms  1.145 ms
 2  Loopback0.*.*.*.* (*.*.*.*)  6.532 ms  8.964 ms  8.911 ms
 3  0.so-1-0-1.XT2.NYC9.ALTER.NET (152.63.99.182)  9.203 ms  8.957 ms  8.965 ms
 4  0.so-6-3-0.XL4.NYC4.ALTER.NET (152.63.0.73)  8.968 ms  8.927 ms  8.985 ms
 5  0.ge-5-1-0.BR3.NYC4.ALTER.NET (152.63.3.118)  9.005 ms  8.974 ms  8.981 ms
 6  192.205.34.49 (192.205.34.49)  9.204 ms  8.874 ms  9.008 ms
 7  tbr2.n54ny.ip.att.net (12.122.105.74)  12.034 ms  11.987 ms  8.954 ms
 8  gar1.nwrnj.ip.att.net (12.123.0.157)  8.989 ms  8.995 ms  8.969 ms
 9  att-gige.esd1.nwr.nac.net (12.119.140.26)  9.175 ms  8.960 ms  8.970 ms
10  0.so-5-0-0.gbr2.mmu.nac.net (209.123.11.117)  12.049 ms  11.967 ms  12.004 ms
11  vlan6.esd1.mmu.nac.net (209.123.11.250)  11.968 ms 2.gi1-1.esd2.mmu.nac.net (209.123.11.150)  11.942 ms  11.915 ms
12  0.ge-0-3-0.dar1.mmu.nac.net (209.123.11.154)  12.031 ms  11.943 ms 0.ge-0-1-0.dar1.mmu.nac.net (209.123.11.110)  12.026 ms
13  wackbag.com (66.29.22.106)  12.031 ms  11.996 ms  11.975 ms
 

pike

You will be molested
Aug 8, 2004
639
0
0
Cleveland, OH
#9
Thanks for the explanation sniper. For the record I'm fairly proficient in TCP/IP, HTTP, FTP, etc (I used to be a consultant, had to write scripts, set up networks, etc). I use a program called RoboForm on my computers that automagically generates a unique random password for every site I visit. I don't even know what any of my passwords actually are; RoboForm fills in the login fields in the broswer for me. And I don't use wireless hotspots at all. I guess I was being selfish in asking because I apparently assumed everyone uses their computer as safely as I try to.
 

sniper

Front, and to the right...
Wackbag Staff
It's My Birthday!
Oct 13, 2004
3,850
0
341
Masshole
#10
Thanks for the explanation sniper. For the record I'm fairly proficient in TCP/IP, HTTP, FTP, etc (I used to be a consultant, had to write scripts, set up networks, etc). I use a program called RoboForm on my computers that automagically generates a unique random password for every site I visit. I don't even know what any of my passwords actually are; RoboForm fills in the login fields in the broswer for me. And I don't use wireless hotspots at all. I guess I was being selfish in asking because I apparently assumed everyone uses their computer as safely as I try to.
We could only hope, but since phishing scams as simple as sending an html email asking someone to log in to a site still work.... there's a limit to that hopefulness.
And even though YOU know you're safe, you can only be responsible for YOUR router/modem. Do a tracert, see that path? Could you imagine just sniffing a single one of those nodes for just a single minute? I'm sure the bored NOC admins have at one point, and that's what scares me.
 

CM Mark

The East is Ours!
Apr 13, 2005
27,472
856
513
Pretty Pretty Unicorn
#11
I feel stupider for having read this thread. I understood NONE of it. SO I'll just post this and move along.


 

sniper

Front, and to the right...
Wackbag Staff
It's My Birthday!
Oct 13, 2004
3,850
0
341
Masshole
#12
I feel stupider for having read this thread. I understood NONE of it. SO I'll just post this and move along.


See, pike, people like this use the internet... :action-sm:D