Wireless hacks

Having a problem here under XP using an unencrypted hotspot.
Even using exclusively Tor to defeat hackers along with a
good software firewall, my client adapter gets reset, turned
off, turned back on again and my network connection settings
get modified along with starting new client adapter entries
that previously did not exist. I have run rootkit, AV and
malware scans and come up empty. Also is this an example of a
honeypot mirroring a gateway router as I read about in one
forum? Is there a security page that emphasizes such wifi so
I can educate myself more on this topic?

On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
<(E-Mail Removed)> wrote:

>Having a problem here under XP using an unencrypted hotspot.
>Even using exclusively Tor to defeat hackers along with a
>good software firewall, my client adapter gets reset, turned
>off, turned back on again and my network connection settings
>get modified along with starting new client adapter entries
>that previously did not exist. I have run rootkit, AV and
>malware scans and come up empty. Also is this an example of a
>honeypot mirroring a gateway router as I read about in one
>forum? Is there a security page that emphasizes such wifi so
>I can educate myself more on this topic?
Sounds like witchcraft to me. Could you be more specific as to
what changes are made ? Windows defaults to the strongest signal,
maybe it's just roaming.
[]'s

Shadow <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
> <(E-Mail Removed)> wrote:
>
>>Having a problem here under XP using an unencrypted
>>hotspot. Even using exclusively Tor to defeat hackers along
>>with a good software firewall, my client adapter gets
>>reset, turned off, turned back on again and my network
>>connection settings get modified along with starting new
>>client adapter entries that previously did not exist. I
>>have run rootkit, AV and malware scans and come up empty.
>>Also is this an example of a honeypot mirroring a gateway
>>router as I read about in one forum? Is there a security
>>page that emphasizes such wifi so I can educate myself more
>>on this topic?
> Sounds like witchcraft to me. Could you be more
> specific as to
> what changes are made ? Windows defaults to the strongest
> signal, maybe it's just roaming.
> []'s

Found the problem, they are blocked now.

On Mon, 20 Jun 2011 02:14:55 +0000 (UTC), humptydumpty
<(E-Mail Removed)> wrote:

>Shadow <(E-Mail Removed)> wrote in
>news:(E-Mail Removed) :
>
>> On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
>> <(E-Mail Removed)> wrote:
>>
>>>Having a problem here under XP using an unencrypted
>>>hotspot. Even using exclusively Tor to defeat hackers along
>>>with a good software firewall, my client adapter gets
>>>reset, turned off, turned back on again and my network
>>>connection settings get modified along with starting new
>>>client adapter entries that previously did not exist. I
>>>have run rootkit, AV and malware scans and come up empty.
>>>Also is this an example of a honeypot mirroring a gateway
>>>router as I read about in one forum? Is there a security
>>>page that emphasizes such wifi so I can educate myself more
>>>on this topic?
>> Sounds like witchcraft to me. Could you be more
>> specific as to
>> what changes are made ? Windows defaults to the strongest
>> signal, maybe it's just roaming.
>> []'s
>
>Found the problem, they are blocked now.

Is it a trade secret ??????

On Mon, 20 Jun 2011 08:36:27 +0100, Bob L
<(E-Mail Removed)> wrote:

>On Mon, 20 Jun 2011 02:14:55 +0000 (UTC), humptydumpty
><(E-Mail Removed)> wrote:
>
//
>>> On Sat, 18 Jun 2011 19:49:39 +0000 (UTC), humpty
>>> <(E-Mail Removed)> wrote:
>>>
>>>>Having a problem here under XP using an unencrypted
>>>>hotspot. Even using exclusively Tor to defeat hackers along
>>>>with a good software firewall, my client adapter gets
>>>>reset, turned off, turned back on again and my network
>>>>connection settings get modified along with starting new
>>>>client adapter entries that previously did not exist. I
>>>>have run rootkit, AV and malware scans and come up empty.
>>>>Also is this an example of a honeypot mirroring a gateway
>>>>router as I read about in one forum? Is there a security
>>>>page that emphasizes such wifi so I can educate myself more
>>>>on this topic?
//
>>Found the problem, they are blocked now.
>
>Is it a trade secret ??????
I was going to ask the same thing.
Who are "they"

[]'s

On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <(E-Mail Removed)> wrote:

>>Is it a trade secret ??????
> I was going to ask the same thing.
> Who are "they"

SMERSH

--
Pooh the cat
Internet Terrorist, Mass Sock puppeteer, Agent provocateur, Gutter rat
Devil incarnate, Linux user#666

On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
<(E-Mail Removed)> wrote:

>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <(E-Mail Removed)> wrote:
>
>>>Is it a trade secret ??????
>> I was going to ask the same thing.
>> Who are "they"
>
>SMERSH
OMG, I'll just have to grab 99 and keep under covers....

PS Didn't know cats strayed this far from alt.comp.freeware..
[]'s

On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
<(E-Mail Removed)> wrote:

>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <(E-Mail Removed)> wrote:
>
>>>Is it a trade secret ??????
>> I was going to ask the same thing.
>> Who are "they"
>
>SMERSH

More probably WITCH (Wireless Intercept Terrorists and Computer
Hackers). They've been known to lurk in obscure coffee shops and
wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
sniff the traffic, and then sell the collected data to the highest
bidder. When there's no traffic to sniff and sell, they tend to
occupy the time hijacking patrons computers and tweaking the
configuration files.

Fortunately, they're easy to spot. The standard uniform includes a
large black hat, which is commonly worn indoors. While normal coffee
shop patrons tend to order overpriced and exotic coffee based
formulations, the WITCH operatives tend to order the cheapest decaf.
If you see someone slowly sipping such a mundane drink, be suspicious.
The laptop may also be a clue. If you see someone with a small dish
or panel antenna, slowly scanning the room, it's most likely a WITCH
operative.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Tue, 21 Jun 2011 09:20:10 -0700, Jeff Liebermann <(E-Mail Removed)>
wrote:

>On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
><(E-Mail Removed)> wrote:
>
>>On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <(E-Mail Removed)> wrote:
>>
>>>>Is it a trade secret ??????
>>> I was going to ask the same thing.
>>> Who are "they"
>>
>>SMERSH
>
>More probably WITCH (Wireless Intercept Terrorists and Computer
>Hackers). They've been known to lurk in obscure coffee shops and
>wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
>sniff the traffic, and then sell the collected data to the highest
>bidder. When there's no traffic to sniff and sell, they tend to
>occupy the time hijacking patrons computers and tweaking the
>configuration files.
>
>Fortunately, they're easy to spot. The standard uniform includes a
>large black hat, which is commonly worn indoors. While normal coffee
>shop patrons tend to order overpriced and exotic coffee based
>formulations, the WITCH operatives tend to order the cheapest decaf.
>If you see someone slowly sipping such a mundane drink, be suspicious.
>The laptop may also be a clue. If you see someone with a small dish
>or panel antenna, slowly scanning the room, it's most likely a WITCH
>operative.
LOL
They use a Yagi broom for that....

[]'s

On Jun 21, 9:20*am, Jeff Liebermann <je...@cruzio.com> wrote:
> On Tue, 21 Jun 2011 11:33:07 +0100, Pooh the Cat
>
> <supersec...@IPaddress.invalid> wrote:
> >On Mon, 20 Jun 2011 13:42:33 -0300, Shadow <S...@dow.br> wrote:
>
> >>>Is it a trade secret ??????
> >> * * * *I was going to ask the same thing.
> >> * * * *Who are "they"
>
> >SMERSH
>
> More probably WITCH (Wireless Intercept Terrorists and Computer
> Hackers). *They've been known to lurk in obscure coffee shops and
> wireless hot spots, wait for unsuspecting users to connect via Wi-Fi,
> sniff the traffic, and then sell the collected data to the highest
> bidder. *When there's no traffic to sniff and sell, they tend to
> occupy the time hijacking patrons computers and tweaking the
> configuration files. *
>
> Fortunately, they're easy to spot. *The standard uniform includes a
> large black hat, which is commonly worn indoors. *While normal coffee
> shop patrons tend to order overpriced and exotic coffee based
> formulations, the WITCH operatives tend to order the cheapest decaf.
> If you see someone slowly sipping such a mundane drink, be suspicious.
> The laptop may also be a clue. *If you see someone with a small dish
> or panel antenna, slowly scanning the room, it's most likely a WITCH
> operative.
>
> --
> Jeff Liebermann * * je...@cruzio.com
> 150 Felker St #D * *http://www.LearnByDestroying.com
> Santa Cruz CA 95060http://802.11junk.com
> Skype: JeffLiebermann * * AE6KS * *831-336-2558

Hey, I drink black coffee, though leaded or half-leaded, depending on
the time of day.

I was running kismet to snoop on myself in a coffee shop environment.
I had been working on what I believe to be a privacy bug in blackberry
wifi. If you save profiles of the wifi you have used in the past, the
blackberry probes those WAPs. Anybody with a sniffer could see I drink
a lot of coffee and frequency nothing better than 3 star hotels/
motels.

I found there is a check off box in the blackberry profile where you
can indicate the WAP broadcasts it's SSID. If you check that box, the
blackberry does not probe for the WAP. The connections still work. I
presume the phone waits for the SSID to be broadcast. Perhaps the
probe makes a faster connection.

For TMobile, there are two predefined WAPs. One for the @home (their
UMA router) and one for TMobile hotspots. [In 2011, wifi that you pay
for must be a crappy business.) You can't alter the settings of those
WAPs, but you can disable them in your profile, and thus eliminate the
probe,

At this point, I can leave my wifi on without it singing "cheap ass
coffee drinker"!

When I put the wifi dongle on the table, the woman at the next table
gave me "the look." The combination of wrap around sun glasses and
black T-shirt perhaps was a bad idea. Had she got to know me better,
she would have discovered the cammo boxers.