Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Jaypup]

Will there be Wlan available at the hotel? If i remember right last year there was supposed to be Wlan but the hotel had some problems whit it!

[Nocturne]

Why do you wanna surf the internet at a con? 

[Barney]

Like checking your E-mail? Or uploading a shitload of pictures and movies and stuff?

[Yeno]

Checking email is something you can do, if you'r back at home, too... You can't check your real mail either, and there's most likely more important stuff.
Same goes for uploading movies etc.

[Suran]

What about using wlan instead of a cellular-phone to accept credit-cards on my table in the dealers den.
Or just keeping the stock updated for the online-customers that visit my shop during the convention?

There are valid reasons to ask if a public wireless lan is present.

[Cheetah]

There will be WLAN in the lobby and the bar. However, all we have at our disposal is consumer-grade equipment, and that tends to be a little bit overloaded if you have 700 people with a hundret laptops crowding one single area ... and some of them actively trying to disrupt your service, or causing large amounts of traffic.

(People, if you take your laptops to a con, don't try to seed the bittorrents of your latest blue ray rips. It's antisocial.)

So it will be quite tightly firewalled. Don't expect anything but standard SSH, FTP and HTTP/HTTPS to work. Please, bear with us

[Jaypup]

Thank you Cheetah of your reply, that was what i needet to know.

[Wawik]

What about using wlan instead of a cellular-phone to accept credit-cards on my table in the dealers den.

Oh yes, I would love to see your customers' credit card numbers flying around on the public, unencrypted WLAN. 

FWIW, there's also a T-Mobile hotspot at the hotel, but then again, owing to its distance from the CO, the whole place probably hasn't got much more than 2 Mbits at all, so *that* link will be easily saturated as well.

[CodeCat]

What, no IRC? Can't we even tell our friends on there how great EF is and how much it sucks that they're not here?

[Suran]

Oh yes, I would love to see your customers' credit card numbers flying around on the public, unencrypted WLAN. 

You know as well as I do that everything is encrypted and authenticated above the TCP-layer, so it does not matter if
the wireless lan is encrypted or not.
With the covered areas as given by Cheetah it will be UMTS in the dealers den again anyway.

[Kralle]

What, no IRC? Can't we even tell our friends on there how great EF is and how much it sucks that they're not here?

IRC, WEB, MAIL

[Hyper]

Now I know this is a stretch but will there be wifi in the Dealers room? To me this is the most important place to have it. Like if an artist want something scanned then just emailed to them *if they don't have a computer there*, internet would be VERY useful.

Is there ANYWAY to make this possible? Please? If so let me know so I can get wifi setup, otherwise not much reason to bring it.

[TiGWolf]

What about using wlan instead of a cellular-phone to accept credit-cards on my table in the dealers den.
Or just keeping the stock updated for the online-customers that visit my shop during the convention?

There are valid reasons to ask if a public wireless lan is present.

 
Processing credit-cards over a public wifi is extremely irresponsible of a merchant, whether the connection is secure or not. Even if the website you are visiting states you are secured, a hacker only has have to sniff the very first packet of the transaction which holds the initial keys for the encryption.  Then encryption or not, that hacker has the info.

I have run across this exploit in the past and have seen it done. Once you understand how encryption works, it's fairly easy to exploit this flaw.

This is why we will NOT be accepting credit cards at EF.


TiGWolf
FetishZone.net

[Oddity]

Even if the website you are visiting states you are secured, a hacker only has have to sniff the very first packet of the transaction which holds the initial keys for the encryption.

Colour me extremely sceptical. Any references?

Seriously, SSL/TLS was designed to be secure against both passive attacks (sniffing) and man in the middle attacks. Otherwise they'd be pointless. Just make sure you don't accept any keys/certificates without actually *verifying* them first. (Usually that's done automatically by the PKI.) Also, verify that the URL is the right one. Oh, and verify that it's using SSL version 3.

[Suran]

Please learn about the things you talk of before spreading FUD TiGWolf.

With an SSL-mitm atack you can cicumvent the encryption but
a) You cannot circumvent the authentication, thus making your atack fail. (like Oddity pointed out)
b) It can be seen on the network that you are doing such a thing (usually a second DHCP or spoofing the gateway or local DNS-server, seldomly simple dns-cache-poisening.).

I have no problem using SSL to my own server in networks like the yearly Chaos Compuer Club -conference and yes, if you know what you are doing it is still perfectly secure acording to the state of the art.

Suran (diploma in computer science, long standing CCC-member, successfull freelance software-developer, sys-admin, published author on computer-security)