Re: WIFI Security
 

There is the possibility that someone in a wifi hotspot can act like a fake DNS and play man-in-the-middle, hijacking your connection. There should be some warning of this, however; the bad certificate warning mentioned above.

If you can't get an SSL connection, and you're paranoid about how dead-easy it is to traffic sniff on wifi, you can set up an encrypted tunnel using SSH.

I explain how to set up the MicroB browser to use this tunnel (as a SOCKS5 proxy) here. Note that your traffic can be sniffed once it leaves the other end of the tunnel for the Internet, but I have a much higher (probably false) sense of security on the wired Internet.

Re: WIFI Security
 

One more thing; since we're talking about wifi security, please note that you MUST change your root password if you install SSH on your tablet. If a hacker sees you in a cafe with your N800, and she's a moderately good hacker, she can *easily* gain root access using the default root password, and then run any command and copy files to/from your device with SFTP.

When I say easily, I mean DEAD-EASY. All she needs is your IP address and Google, and she's in your tablet and leafing through your files as she sips her mochaccino latte.

Re: WIFI Security
 

Without giving too many details, can you explain how this is achieved? My N800 isn't as far as I know accessible via WiFi unless I initiate the connection, so are you suggesting someone can establish a connection to my device over WiFi once I've brought up the WiFi interface? I wouldn't have thought this was possible as I'm not running an ad-hoc WiFi connection, and I would have thought my N800 will only accept connections via the access point to which I am authenticated.

Re: WIFI Security
 

Milhouse, you're correct that you'd need to have your Wi-Fi connected to be vulnerable. I think that was assumed in qole's scenario. But then anyone else on the same AP can reach your tablet, and if there is no firewall at the cafe then it could even be reached by anyone else on the Internet.

If you have an open port (eg. because you installed SSH) then they could connect to that and start trying ID/passwords to get authenticated. Which is why it is important that you not leave the default password in place after installing SSH.

Re: WIFI Security
 

If you install SSH, it allows anyone to connect remotely to your device if they know your password. The password is widely known for the root account ("rootme"), so anyone who does ssh root@1.2.3.4 (being the IP of the tablet) can use that password to get in.

If you are connected to the same wireless AP as someone, or on the same network as someone they can do this. An assumption was made that if there was a hotspot in the vicinity you'd be on it (being an Internet tablet user and all).

If you do have SSH installed, login as root, and change the root password. If you don't have SSH installed, stop worrying.

Re: WIFI Security
 

Well, if the browser tells you
"Oh somebody is probably trying to hack your computer, do you want to continue" ?
Then
Click No :D

From the ssh client you will see this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
or this
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!

The bad guy will have to trick the person into clicking yes at this.

I would be interested to see a demonstration :D

It's not a problem really of Wireless or Nokias.
If you are in your company with wired network (switched on not), anybody skilled enough can do this on your PC.
Good to know..

Re: WIFI Security
 

Wifi access points are for the most part just hubs. So once you're connected and browsing it shouldn't be too hard to find it. If I get some time later I'll install openssh on my nokia, and do a port scan of it.

Re: WIFI Security
 

OK that makes sense - all users on the same AP are most likely visible to all other users of the same AP unless the AP takes precautions to prevent users from communicating with each other. I had kind of assumed that a public access point wouldn't allow associated computers to communicate with each other as it's a fairly obvious security risk - does anyone know if public access points provide this level of protection? Of course even if some did, it wouldn't be advisable to depend on such protection as you're bound to end up connecting to some cheap @rse access point that leaves you wide open. :)

Re: WIFI Security
 

So far all the public wifi I've ever connected to didn't. They were using higher end Cisco gear.

Re: WIFI Security
 

All APs I ever had could be set up not to route between different addresses within their wireless network, so the trivial attack with a spoofed packet immediately redirecting traffic to the attackers laptop is blockable. But it barely increases security, what with the waves being sniffable for ARP and BIND requests and fake packets being injectable, an attacker can still do spoofed redirects to any pwned computer anywhere on the internet.