• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Simple home wireless network reveals password

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
cantthinkofanickname
Just Arrived
Just Arrived


Joined: 04 Nov 2006
Posts: 1


Offline

PostPosted: Wed Nov 26, 2008 9:51 am    Post subject: Simple home wireless network reveals password Reply with quote

I helped someone setup a wireless connection to their router from a laptop and it all works fine. I did tell him that the connection needs securing. Anyway a week later he said a relative visited who had the latest mobile device and with that managed to connect and his PC revealed one of his passwords. This relative "is a bit of a wizkid" I was told.

I can see how any wireless device could connect and use the broadband service but has anyone any idea how any stored passwords may have been revealed? And if possible what to do about it?
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Wed Nov 26, 2008 5:35 pm    Post subject: Reply with quote

There are lots of variables here, but the answer to your question is yes, it is possible. He could have exploited a weakness in your friends system, or he could have been sniffing packets, maybe he simply just logged in to your friends computer by guessing the password!

The bottom line is that your friend should change his passwords, secure his Wifi connection and secure his computer.
Back to top
View user's profile Send private message
razta
Just Arrived
Just Arrived


Joined: 12 Nov 2005
Posts: 2
Location: 127.0.0.1

Offline

PostPosted: Sat Nov 29, 2008 7:14 pm    Post subject: Reply with quote

If the "whizkid" used your friends machine he could have used Cain's 'Wireless Password Decoder' which uses DLL injection.

To download Cain and test it your self:
http://www.oxid.it/
Back to top
View user's profile Send private message
scyrus.dury
Just Arrived
Just Arrived


Joined: 30 Nov 2008
Posts: 0


Offline

PostPosted: Fri Feb 13, 2009 6:18 pm    Post subject: Reply with quote

What was the mobile device?
Back to top
View user's profile Send private message
SKAP
Just Arrived
Just Arrived


Joined: 18 Feb 2009
Posts: 0
Location: IN

Offline

PostPosted: Wed Feb 18, 2009 9:57 pm    Post subject: Reply with quote

Yes, there are password bruteforce tools like cain which can sniff and decode your passwords. If the password is stronger, then obviously the tool will consume lot of time to decode. But if the guest was able to find it in fraction of second, then he might have guessed it from Hint Question or his friends default password or he might have tried his luck Smile
Back to top
View user's profile Send private message
Nonapeptide
Trusted SF Member
Trusted SF Member


Joined: 10 Nov 2008
Posts: 2
Location: Scottsdale, Arizona

Offline

PostPosted: Thu Feb 19, 2009 2:10 am    Post subject: Re: Simple home wireless network reveals password Reply with quote

cantthinkofanickname wrote:
I helped someone setup a wireless connection to their router from a laptop and it all works fine. I did tell him that the connection needs securing. Anyway a week later he said a relative visited who had the latest mobile device and with that managed to connect and his PC revealed one of his passwords. This relative "is a bit of a wizkid" I was told.


A couple of things puzzle me. First, you say that you left the wireless network unsecured but later say that this "whizkid" managed to connect to the wireless network as if that was something special. Was the wireless network later secured by your friend?

The second thing that puzzles me is that you say that "his PC revealed one of his passwords." What was the password to? Was it the wireless security password or was it a password to some other type of account like a POP3 email account?


cantthinkofanickname wrote:
but has anyone any idea how any stored passwords may have been revealed? And if possible what to do about it?


We need to know what kind of account the password was to. For example POP3 / SMTP email accounts send their account information in plain text. I used that to my advantage when I forgot one of my email account's credentials and sniffed them off the network when I sent an email (my email client stores my credentials, but obscures the password). Very Happy

As others have already pointed out, there are many different tools out there that are made to be virtually "point and click" to scoop credentials from a data stream.
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register