Eurofurence Community > General Discussion
WLAN at the hotel?
Kralle:
--- Quote from: CodeCat on 07.08.2008, 12:16:24 ---What, no IRC? Can't we even tell our friends on there how great EF is and how much it sucks that they're not here? :P
--- End quote ---
IRC, WEB, MAIL
Hyper:
Now I know this is a stretch but will there be wifi in the Dealers room? To me this is the most important place to have it. Like if an artist want something scanned then just emailed to them *if they don't have a computer there*, internet would be VERY useful.
Is there ANYWAY to make this possible? Please? If so let me know so I can get wifi setup, otherwise not much reason to bring it.
TiGWolf:
--- Quote from: Suran on 07.08.2008, 08:16:40 ---What about using wlan instead of a cellular-phone to accept credit-cards on my table in the dealers den. ;)
Or just keeping the stock updated for the online-customers that visit my shop during the convention?
There are valid reasons to ask if a public wireless lan is present.
--- End quote ---
Processing credit-cards over a public wifi is extremely irresponsible of a merchant, whether the connection is secure or not. Even if the website you are visiting states you are secured, a hacker only has have to sniff the very first packet of the transaction which holds the initial keys for the encryption. Then encryption or not, that hacker has the info.
I have run across this exploit in the past and have seen it done. Once you understand how encryption works, it's fairly easy to exploit this flaw.
This is why we will NOT be accepting credit cards at EF.
TiGWolf
FetishZone.net
Oddity:
--- Quote from: TiGWolf on 23.08.2008, 20:41:39 ---Even if the website you are visiting states you are secured, a hacker only has have to sniff the very first packet of the transaction which holds the initial keys for the encryption.
--- End quote ---
Colour me extremely sceptical. Any references?
Seriously, SSL/TLS was designed to be secure against both passive attacks (sniffing) and man in the middle attacks. Otherwise they'd be pointless. Just make sure you don't accept any keys/certificates without actually *verifying* them first. (Usually that's done automatically by the PKI.) Also, verify that the URL is the right one. Oh, and verify that it's using SSL version 3.
Suran:
Please learn about the things you talk of before spreading FUD TiGWolf.
With an SSL-mitm atack you can cicumvent the encryption but
a) You cannot circumvent the authentication, thus making your atack fail. (like Oddity pointed out)
b) It can be seen on the network that you are doing such a thing (usually a second DHCP or spoofing the gateway or local DNS-server, seldomly simple dns-cache-poisening.).
I have no problem using SSL to my own server in networks like the yearly Chaos Compuer Club -conference and yes, if you know what you are doing it is still perfectly secure acording to the state of the art.
Suran (diploma in computer science, long standing CCC-member, successfull freelance software-developer, sys-admin, published author on computer-security)