13 Comments
The Attack is Trivial
If you don’t switch over to using Columbia’s new secure wireless, you will be hacked. Accept that as a simple definitive statement. Breathe it; live by it; tattoo it onto your upper thigh. Security is a real issue, and until recently, hackers with a fairly limited skill-set could trivially camp out in Butler with an ordinary laptop and read your messages, emails, see some of your passwords, and hijack your Facebook account. To stress again: if you do not use secure Wi-Fi, hackers will mess with you.
So what’s the big deal? Well, while some websites use encryption of their own through a protocol suite called HTTPS (which you should have been using with Facebook already), the reality is that most websites fail to protect your account after you’ve logged in. This allows hackers to fire up programs like Wireshark and execute what’s called a “cookie hijacking attack.” In fact, the entire hack can be automated using novice tools like Firesheep.
The University has in the past offered another form of encryption called a virtual private network, which encrypts all your traffic and sends it through a central server, but this was only offered to faculty and staff. Over the past week, Columbia finally began offering wireless encryption using the WPA2 protocol, which allows all Columbians with UNIs to receive proper wireless encryption. This encrypted network isn’t available all over campus yet, but we’ve found it in Butler, Mudd, Schermerhorn, and a few dorms. It will presumably also be campus-wide soon. It’s protection—use it where you got it.
If you can’t figure out how to connect to the clearly marked “Columbia U Secure” network with your UNI and password, CUIT has put together a nice little automated wizard web page.
It’s about time.
Update 5/3: If you’re still having troubles connecting to the network, CUIT asks that you to let them know so they can help at askcuit@columbia.edu.
Hacking via Firesheep
Loading …
13 Comments
@Does it work on the series of tubes?
@Anonymous doesnt this make it easier for columbia to track your online activity?
@is this completely inconvenient for anyone else too? it keeps signing me off and making me re-enter my password….
@Anonymous Has anyone gotten it to work on Ubuntu 11.04?
@Anonymous Works fine on Maverick. I don’t think much has changed with NetworkManager, so there’s no reason it shouldn’t work with Natty.
@CUIT Bringing you the latest technology only decades after it’s invented.
@Anonymous New encrypted network doesn’t work with my mac…. any suggestions?
@Genius We must consult the Tauron-Ra.
@south park reference FTMFW
@Anonymous are you using Google Chrome?
@Do you have an older Mac? It works fine with my MBP from 2008. I ran the wizard from Firefox.
@GuerrillaWarfare Thanks for letting me know about the hacking programs, I can’t wait to start going after the peeps that don’t use the new encrypted network.
@yowza Another option: ssh -D 8080 uni@cunix.columbia.edu then SOCKS proxy to localhost:8080 (also allows for CU network off campus)