News have spread that there will be a free WiFi zone in the Sinulog Festival Route. This connection was brought to us by PLDT DSL. According to Roberto Cabarrubias, user’s name and password will be provided for FREE to control the user so that the bandwidth will be maintained at its highest level. They will issue an internet card for free at the designated outlet to be announced on a later date.
As a concerned Cebuano, I tried to get more information about this WiFi zone thingy so I asked Kevin Ray Chua about the security measures that the PLDT are working on and he said, “NMS (Network Management System) will be inaccessible to the public and will be tunneled. System ads will be also working here in Cebu.It’s not open access. Monitoring of wifi access will be in Quezon City and local hardware will be in Cebu City.There also have enough people to work on the security aspect of the service.“
I’m not really sure if they have IDS or Intrusion Detection Systems and transparent bridge firewalls but most probably they have. Now let’s not touch the NMS of the PLDT Wifi Zone for the Sinulog Festival, let’s focus on the possible security risks of people who are connected to public Access Points of the connection. We can’t deny the fact that there are malicious people who will be connecting to the network. So what can they do?
Some people may be tempted to sniff some users who are logging in to their accounts. Some users may do Man In The Middle Attacks against people who doesn’t have a clue about the risk of connecting to a public WiFi Zone or they could do HTTP session hijacking attacks with FireSheep which is a free and open source extension in Firefox. SSL or HTTPS is not an exemption to these kind of attacks even though it is one of the world’s most important forms of commercial encryption because a tool called Sslstrip is also on the loose.
Thus sniffing in a public WiFi zone allows the attacker to gain valuable information like credit card information, login credentials, MAC Address of the user, passwords, emails, etc. from the user.
Another common attacks used by exploiters against users are some buffer command overflows just like MSRPC DCOM Overflow or the Freefloat FTP Server APPE Command Overflow which allows a remote attacker to to execute arbitrary code or may cause a dos attack.
Android phones and tablets are also risky especially the older versions so you better update your version to avoid Android data stealing and privileged escalations.
Here are some simple tips to prevent these kind of attacks:
1. Even though SSL can be exploited, remember to use HTTPS when logging in to your Facebook, Twitter, email accounts, etc.
3. To detect a user who is using FireSheep in your network use BlackSheep.
4. Use two-way firewalls to prevent exploit attacks (though it can be bypassed by some experts). You can download free two-way firewalls in filehippo.com.
5. Patch and update your Windows operating system.
6. Update your antivirus and internet security softwares.
7. If possible, be a ninja and be active.