May

2

Mission Critical: Encrypted Wireless Now Available

Written by

The Attack is Trivial

If you don’t switch over to using Columbia’s new secure wireless, you will be hacked. Accept that as a simple definitive statement. Breathe it; live by it; tattoo it onto your upper thigh. Security is a real issue, and until recently, hackers with a fairly limited skill-set could trivially camp out in Butler with an ordinary laptop and read your messages, emails, see some of your passwords, and hijack your Facebook account. To stress again: if you do not use secure Wi-Fi, hackers will mess with you.

So what’s the big deal? Well, while some websites use encryption of their own through a protocol suite called HTTPS (which you should have been using with Facebook already), the reality is that most websites fail to protect your account after you’ve logged in. This allows hackers to fire up programs like Wireshark and execute what’s called a “cookie hijacking attack.” In fact, the entire hack can be automated using novice tools like Firesheep.

The University has in the past offered another form of encryption called a virtual private network, which encrypts all your traffic and sends it through a central server, but this was only offered to faculty and staff. Over the past week, Columbia finally began offering wireless encryption using the WPA2 protocol, which allows all Columbians with UNIs to receive proper wireless encryption. This encrypted network isn’t available all over campus yet, but we’ve found it in Butler, Mudd, Schermerhorn, and a few dorms. It will presumably also be campus-wide soon. It’s protection—use it where you got it.

If you can’t figure out how to connect to the clearly marked “Columbia U Secure” network with your UNI and password, CUIT has put together a nice little automated wizard web page.

It’s about time.

Update 5/3: If you’re still having troubles connecting to the network, CUIT asks that you to let them know so they can help at [email protected].

Hacking via Firesheep

Tags: , , , , , , , , ,

13 Comments

  1. yowza  

    Another option: ssh -D 8080 [email protected] then SOCKS proxy to localhost:8080 (also allows for CU network off campus)

  2. GuerrillaWarfare  

    Thanks for letting me know about the hacking programs, I can't wait to start going after the peeps that don't use the new encrypted network.

  3. Anonymous  

    New encrypted network doesn't work with my mac.... any suggestions?

  4. CUIT  

    Bringing you the latest technology only decades after it's invented.

  5. Anonymous  

    Has anyone gotten it to work on Ubuntu 11.04?

  6. is this  

    completely inconvenient for anyone else too? it keeps signing me off and making me re-enter my password....

  7. Anonymous  

    doesnt this make it easier for columbia to track your online activity?

  8. Does it work

    on the series of tubes?

© 2006-2015 Blue and White Publishing Inc.