Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

European Parliament Culls Public Wi-Fi Access After Email Hack

samzenpus posted about 10 months ago | from the one-bad-apple dept.

EU 68

hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."

cancel ×

68 comments

Sorry! There are no comments related to the filter you selected.

forcing them to cutoff access? (3, Insightful)

Gravis Zero (934156) | about 10 months ago | (#45553923)

nobody is forcing them to do anything. it seems the more rational response is the fix the problem instead of treating the symptom. if someone wants to hack your server, do you think something like removing wifi access will stop them?

Re:forcing them to cutoff access? (5, Informative)

Anonymous Coward | about 10 months ago | (#45553959)

it seems the more rational response is the fix the problem instead of treating the symptom.

On the medium term the Parliament will take additional measures to further secure the communication to the Parliament.

It sounds like they're shutting off the public system and encouraging people to use a more secure private system until they can figure out how to fix it. There's no point leaving the vulnerable system running while you work on a fix.

Re:forcing them to cutoff access? (0)

ciaran_o_riordan (662132) | about 10 months ago | (#45554163)

> until they can figure out how to fix it.

It says "indefinitely".

Re:forcing them to cutoff access? (2, Informative)

Anonymous Coward | about 10 months ago | (#45554219)

> until they can figure out how to fix it.

It says "indefinitely".

Which is not the same as "permanently". "Indefinitely" can easily mean "Until we fix it, but as we don't have an ETA on that we're just going to say indefinitely so that people aren't constantly nagging us about whether it's going to be back tomorrow, next week or next month because we'd rather do a good job than rush it".

Re:forcing them to cutoff access? (0)

durin (72931) | about 10 months ago | (#45554395)

You're way to gullible.
"Indefinitely" in political terms is more or less equivalent to "permanently".

Re: forcing them to cutoff access? (0)

Anonymous Coward | about 10 months ago | (#45554475)

In political terms, maybe... So? This isn't a political decision.

Re:forcing them to cutoff access? (1)

findoutmoretoday (1475299) | about 10 months ago | (#45554479)

So you're the guy who's going to cut of a few hundreds of MPs permanently?

Re:forcing them to cutoff access? (1)

phayes (202222) | about 10 months ago | (#45554717)

The MP's will move onto the WIFI protected with client certificates that the EU IT infrastructure will be deploying. For the public, indefinitely probably means permanently.

Re:forcing them to cutoff access? (0)

Anonymous Coward | about 10 months ago | (#45554607)

I personally mix that word to "permanently", cause "indefinitely" just sounds like it's gone forever. Something in that word just rings "permanently" in my ear. I wish "temporarely" would be used more, but that would suggest it actually is temporary, "indefinitely" could go either way.

Re:forcing them to cutoff access? (1)

mjwalshe (1680392) | about 10 months ago | (#45558103)

Should not there have been two separate systems with the staff one protected by certificates and a radius server - though after the fiasco of the cookie law it seems the eu it staff know as little about IT as the MEP's

Re:forcing them to cutoff access? (5, Insightful)

Anonymous Coward | about 10 months ago | (#45553979)

nobody is forcing them to do anything. it seems the more rational response is the fix the problem instead of treating the symptom. if someone wants to hack your server, do you think something like removing wifi access will stop them?

Why do you think they are not fixing the problem? The rational, first response is to stop the compromise getting any worse, as they have done. The next thing is to actually work out a proper and complete fix, which takes at least a little time. The geeky, fuckwitted, I'm-so-leet response would be to leave the public wifi up, slap on a simplistic set of changes quickly as possible and to miss some of the vulnerabilities.

Re:forcing them to cutoff access? (0)

Anonymous Coward | about 10 months ago | (#45553989)

Totally illogical and thoughtless comment. Now, think again if your attention span is more than 1 second.

Re:forcing them to cutoff access? (1)

Anonymous Coward | about 10 months ago | (#45554025)

They took the most appropriate answer. Nobody attempted to hack a server. The vulnerability is bound to the use of wireless accesses and the possibility of social engineering. The most rational answer is to cut wireless until a secure alternative can be set to work.

Re:forcing them to cutoff access? (2, Insightful)

Anonymous Coward | about 10 months ago | (#45554185)

It makes 0 sense. He used a man-in-the-middle attach. Switching off the standard internet connection to the service under attack makes a man-in-the-middle attack _vastly easier_, not harder, since you do no longer have to compete against the legitimate service!
In the worst case, everyone would now flock to the attacker since it's the only place where they still get "free public wifi".
Sorry, but that is not a mitigation, it's idiocy.

Re:forcing them to cutoff access? (0)

Anonymous Coward | about 10 months ago | (#45554969)

The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament.

Apparently calling yourself a researcher is a free get out of jail card for anyone "hacking" into computer systems. But I doubt the US Government would treat the act as anything less than terrorism with associated penalties.

Re:forcing them to cutoff access? (1)

VortexCortex (1117377) | about 10 months ago | (#45555479)

nobody is forcing them to do anything. it seems the more rational response is the fix the problem instead of treating the symptom. if someone wants to hack your server, do you think something like removing wifi access will stop them?

They're simply following RFC 1925: [ietf.org]

(6) It is easier to move a problem around (for example, by moving
    the problem to a different part of the overall network
    architecture) than it is to solve it.

    (6a) (corollary). It is always possible to add another level of
        indirection.

Re:forcing them to cutoff access? (1)

beelsebob (529313) | about 10 months ago | (#45555603)

Certainly as a temporary measure, but you would hope that what they would eventually (fairly quickly) do is make the email server inaccessible to the public internet, and require use of a VPN to check email. Then this problem doesn't simply move to starbucks.

Apparently... (0)

Anonymous Coward | about 10 months ago | (#45553947)

his hat wasn't so white.

Re:Apparently... (0)

Anonymous Coward | about 10 months ago | (#45556347)

Howso? How could he have done anything better?

YOU DON'T OWN ME! (-1)

Anonymous Coward | about 10 months ago | (#45553949)

The 'beasts' share the same scent - how to piss off an alien/human hybrid

the hybrids carrying filthy spawn (like in the days of Noah) are easy to SNIFF out, literally, they all smell the same when you're in the proper state of mind.

some of them have eyes which appear to be bugging out of their face.

even if you can't detect the scent of the hybrids, or 'beasts', inhale deeply whenever the hybrids are close, don't express any emotion, just keep inhaling deeply and make your facial expression be that of deep contemplation.

when you do this, they know that you know what their true reality is - it's like the movie THEY LIVE where Nada sees the truth through the glasses and confronts them.

don't confront, just inhale deeply. maybe shake your head and laugh, mumble about stupid aliens but nothing deep.

==

badBIOS, Facts, speculations, and misunderstandings

        First there was Stuxnet, then there was FLAME, the latest weapons grade malware is badBIOS accidentially discovered by Dragos Ruiu 3 years ago. More on the discovery in section 2

        http://learning.criticalwatch.com/badbios/ [criticalwatch.com]

##

remotely monitoring and altering brain waves

        http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=16&f=G&l=50&co1=AND&d=PTXT&s1=3,951,134&OS=3,951,134&RS=3,951,134 [uspto.gov]

        United States Patent 3,951,134

        Abstract

        Apparatus for and method of sensing brain waves at a position remote from a subject whereby electromagnetic signals of different frequencies are simultaneously transmitted to the brain of the subject in which the signals interfere with one another to yield a waveform which is modulated by the subject's brain waves. The interference waveform which is representative of the brain wave activity is re-transmitted by the brain to a receiver where it is demodulated and amplified. The demodulated waveform is then displayed for visual viewing and routed to a computer for further processing and analysis. The demodulated waveform also can be used to produce a compensating signal which is transmitted back to the brain to effect a desired change in electrical activity therein.

==

"The monster is out of the bottle."

The monster was never in the bottle, but above, below, and around us. Do you think this is really just a struggle between human beings? There is much more at work here.

Outcome #3: Your friends are here.
Aaron Cross: Yeah. Don't you think that strange? Wolves, they don't do that. They don't track people.
Outcome #3: Yeah, maybe they don't think you're human.

- Bourne Legacy

===

"For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places."

- Ephesians 6:12, The Bible

===

"We'll know our disinformation program is complete when everything the American public believes is false."

- William Casey, CIA Director (from first staff meeting, 1981)

Certificates (3, Informative)

Anonymous Coward | about 10 months ago | (#45553965)

They already use certificates to connect to their private wifi.
Why not use certificates to connec to their email? Then a public wifi shouldn't have any impact.
TLS/SSL should be sufficient, right?

Re:Certificates (0)

Anonymous Coward | about 10 months ago | (#45554269)

Yes, but people don't do this voluntarily.

What we found is that you have to disable non-SSL access so that most insecure accesses turn into "It doesn't work" and they call the helpdesk

And then you have to conduct occasional audits where you verify that they're using SSL securely to prevent MitM attacks by interposing such a MitM and watching to see which people authenticate against the fake server and which email helpdesk to say they can't connect. We do those about once per year, usually get a few people who've turned off certificate checks.

If you use Group Policy you can enforce some of this stuff on peons so that they can't fuck it up. But what works on peons isn't always suitable for the kind of people who do infrastructure work themselves, that's why you need proactive stuff like I listed above. It's AMAZING how many connections to a fake server will come from people who are "too clever" to give their credentials to bad guys and thus don't think the rules apply to them.

Re:Certificates (1)

EvilAlphonso (809413) | about 10 months ago | (#45560027)

Imagine a large corporation where every department has its own IT department, where no embedded IT department trusts any other embedded IT department and where few people trust the centralized IT. Throw in the fact that most of the IT is managed from Luxembourg, the political impossibility to enforce rules across the network, the relatively low salary for the IT people not on the paper pusher path (becoming internal would have cost me a whole third of my salary), the insanity of the promotion rules, core services being outsourced to the lowest bidder every five years... and you've got the recipe for the mess they're in.

The technical solutions to fix the EP IT issues are known and easy, the problem is getting the political support to make them stick.

Re:Certificates (1)

Lennie (16154) | about 10 months ago | (#45554275)

Maybe people clicked through the warning ?

Re:Certificates (1)

Krneki (1192201) | about 10 months ago | (#45554961)

TLS/SSL should be sufficient, right?

It is, as long as you disable clear text connections and disable the user possibility to accept a different certificate pop-up. This means the user can only connect to the "work" email system if they use a device you provided and properly configured.

It's time to secure the phones in the same way we secure PC/laptops.

what makes this white hat? (5, Insightful)

patrixmyth (167599) | about 10 months ago | (#45553987)

'Hey, I just kicked in your door to show how easy it is to kick in your door!'
'Hey, I just graffitied your wall to show how easy it is to graffiti your wall!'
'Hey, I just kicked you in the balls to show how easy it is kick you in the balls!'

Calling yourself a security researcher doesn't magically give you rights to go dick with other people's networks.
Email over a public wifi network is no less secure than a cellphone call, hallway conversation or written notes.

A public wifi is a convenience and very useful for the right purposes. A white hat researcher reveals unknown vulnerabilities to the people who build protocols. This was an asshole with a script, a laptop and a desire for attention.

Re:what makes this white hat? (2)

Seumas (6865) | about 10 months ago | (#45554005)

This is a pretty useless submission as the things it links to offer no more information, as it is. However, I think people here are making a lot of unfounded assumptions, since the article doesn't indicate that the penetration tester was unauthorized. For all we know, it was someone contracted to perform the service and when he reported the issues, they took action.

Re:what makes this white hat? (1)

patrixmyth (167599) | about 10 months ago | (#45554347)

Excellent point. It's an assumption of mine that no request to check vulnerabilities was made. That would make all the difference.
My other assumption is that people on a public wifi network are informed they should be using it for only routine non-secure tasks.
If the public network was being used for official business, then that's a problem, but it's not a technical problem. It's a training and education problem.
Public Wifi is never secure.

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45554037)

Or possibly a foreign agent. There's no indication that this wasn't a malicious attack.

Re:what makes this white hat? (5, Insightful)

asifyoucare (302582) | about 10 months ago | (#45554043)

I'd agree with you if this just hacking some random shmoe, but this was the European parliament, even if it wasn't necessarily the parliamentarians themselves (though I bet more than one of them insist on having an insecure configuration). I'll guarantee that many black hats were already doing the same thing as this white hat. He did the parliament a great service, even if it meant shutting down the facility.

Re:what makes this white hat? (3, Insightful)

Xest (935314) | about 10 months ago | (#45554643)

Yes but it's how you go about doing it. There's a difference between doing it and telling the world which is attention whoring, and just letting their IT team know, and if they don't fix it, escalating it to parliamentarians themselves.

If you want fame you can still have it - wait until they've fixed it and then tell the world about how you found an exploit to access the e-mail of EU parliamentarians.

The fact is, if you exploit without permission, you are by definition not a white hat, even if you do tell people they need to fix it afterwards.

Re:what makes this white hat? (1)

tiagosousa (1931172) | about 10 months ago | (#45560445)

There's a difference between doing it and telling the world which is attention whoring, and just letting their IT team know, and if they don't fix it, escalating it to parliamentarians themselves.

I think you have misunderstood the summary. The second link implies the whitehat didn't go public because it was the IT services who made it public [epfsug.eu] .

Re:what makes this white hat? (-1)

Anonymous Coward | about 10 months ago | (#45554083)

I never understand hackers like this.
Sure go ahead, mitm those assholes, but don't tell anyone about it.
Why the hell would you spend the time and energy to audit their security for free?
If he had sold the credentials he could have made some money.

Re:what makes this white hat? (2)

Lennie (16154) | about 10 months ago | (#45554279)

One part of being a white hat hacker would be to report the problem after you found the problem.

Instead of just abusing the hell out of it, hoping it won't get discovered.

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45554351)

Why don't they get an actual job as a security consultant or auditor?
That way they can legally do this stuff and get paid for it.
I don't go around picking peoples locks and telling them how insecure they are.

Re:what makes this white hat? (1)

cyborg_zx (893396) | about 10 months ago | (#45554829)

If this were equivalent to doing so I might agree. However it's not. It's like looking at a lock made out of paper and pointing out to the people who own the house that paper locks don't keep out bad guys.

Re:what makes this white hat? (1)

Anonymous Coward | about 10 months ago | (#45554115)

'Hey, I just kicked in your door to show how easy it is to kick in your door!'

Thanks for letting me know instead of just coming in and helping yourself to all my stuff.
I'll just block off this doorway until I can find a more secure door that will stop you kicking it in.

Isn't that what makes it white hat?

Re: what makes this white hat? (1)

Anonymous Coward | about 10 months ago | (#45554171)

Email is not a secure protocol. SMTP is not generally secured by TLS (you can configure a mail server to require it but some organizations will not be able to communicate with you).

So for standard emails, anyone that has access to the equipment sending your information can read your emails.

The fact that he told and didn't sell (1)

dutchwhizzman (817898) | about 10 months ago | (#45554231)

This may not be a unknown or "zero day" vulnerability, but it's quite a serious security problem. If The WiFi systems inside the EU buildings were not properly secured and known script-kiddie level attacks were possible, it's good that somebody came forward and proved that this is a real problem. Administrators were aware, or should have been and did not act.

Hacking accounts using MitM and selling the information to governments interested in this sort of information is what a black hat would have done. This guy just hacked a few accounts and then came forward to make certain that the obvious leak would be fixed. Just telling them would probably given a response of "That's not possible, because we use encrypted WiFi" or something similar. As far as we know, no secrets were revealed or leaked and no "private" e-mail was looked at, so there was no real damage.

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45554257)

The same thing that makes this guy a "hacker": His say-so, proving once again that he really hasn't a clue.

Very few in the security biz, either side of the fence, are in fact capable of the excelling in creativity with technology that is what defines "hacking", and so they're claiming a label that is not rightfully theirs. Same thing with "ethical" --which again neither really are-- nor the whole thing with hat colours. "Hacking" isn't solely, or even mainly, about security and finding holes therein. That the term got hijacked merely means exactly that, abuse of language. Along with the abuse of computers, money, people, and so on. These "consultants and entrepeneurs" simply make too much money to be part of the solution.

Time to stop calling this "hacking", and forget about the hats entirely.

Re:what makes this white hat? (4, Informative)

j0ris (893806) | about 10 months ago | (#45554511)

The included links of the submission don't provide any further details about this "white hat hacker".

This link does: http://www.euractiv.com/specialreport-cybersecurity/eu-parliament-investigating-hack-news-531877 [euractiv.com]

"The hacker says his aim was simply to raise awareness about the vulnerability of the security system of the Parliament, at a time when the NSA spying scandal was shaking public opinion across Europe.

The hacker sat in a public place near the Parliament building in Strasbourg and managed to make nearby smartphones and computers pass through the “wifi” of his computer to connect to the internet. That was the hardest part of the procedure, he explained.

Then he accessed an application most MEPs use and which signals when new mail arrives in their inbox. The app does warn the user that an intruder is trying to access their data, but the message is “obscure”, the hacker said, and most users click OK, thereby giving access permission."

Re:what makes this white hat? (1)

mjwalshe (1680392) | about 10 months ago | (#45558113)

so its a MITM attack

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45554637)

The problem is not the public wifi but the use of unencrypted mail protocols or acceptance of bogus mail server certificates.

Re:what makes this white hat? (1)

ArsenneLupin (766289) | about 10 months ago | (#45555179)

Personally, I'd guess acceptance of bogus mail server certificates rather than unencrypted protocol.

Nice job marketers! You've managed to completely confuse users what a certificate is for, and why it matters. Hint: it's not about trusting the server that you're talking to, it's about trusting the path from you to the server!

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45555483)

This was an asshole with a script, a laptop and a desire for attention.

Yes, and he's probably a pedophile hiding in exile in Russia now too right?

When are we going to stop shooting the messenger and start holding people responsible for bad security, I don't know responsible?

Do you think the 'real' bad guys are going to show you how easy it is to kick you in the balls? They know better than to get caught. Be thankful you haven't lifted yourself up from the floor with taste of testicles in your mouth wondering wtf just happened.

Parliament had no business creating insecure public Wi-Fi access. Burn them at the stake for this screw up and continue burning them until they take security seriously and get it right.

Re:what makes this white hat? (1)

Yvanhoe (564877) | about 10 months ago | (#45556103)

You don't understand how abyssmal is the consideration for communication security here. People here really learned from Snowden that NSA intercepts internet traffic. Sarkozy and Merkel were exchanging information through f$cking SMS! MEPs have to be hit repeatedly and very hard with a cluebat to understand anything.

This guy, before being a white hat, was a concerned citizen. Yes, it is more about education and public perception than security research, but we are talking about people who are highly valuable target to lobbyists and who don't understand that their smartphone are not a secure way to receive their emails.

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45557081)

'Hey, I just kicked in your door to show how easy it is to kick in your door!'

More along the lines of "Hey, I've noticed your lock's broken. You might want to fix it."

Re:what makes this white hat? (0)

Anonymous Coward | about 10 months ago | (#45559739)

But the fundamental problem is that anyone can create their own wifi zone with the same ESSID with the same name as the official zone, and crack username/passkeys that way.

Re:what makes this white hat? (1)

tiagosousa (1931172) | about 10 months ago | (#45560485)

I must disagree with this. The hacker did a very useful service, and not because he hacked a public network, but because he proved that members of the Parliament were not taking the necessary precautions in dealing with very sensitive information, such as emails and their own passwords. The real story is not a guy setting up a fake access point, anyone can do that; it's government data being trivially snooped because of weak security policy. I see this all the time in eduroam (an international wireless roaming service for students), which despite being WPA2-Enterprise (802.1x), most people don't bother setting up the security certificate and/or prefer connecting to hassle-free open wifi networks. It's bad enough that students do this, but utterly unacceptable for politicians.

The fact that the hacker exposed this to IT services (and it was the IT services who went public [epfsug.eu] ) instead of selling intelligence to foreign powers, makes him a whitehat.

TokoOlidHerbal (-1)

Anonymous Coward | about 10 months ago | (#45554067)

thanks for information

TokoOlidHerbal [tokoolid.com]

Ha-Ha! (-1)

Anonymous Coward | about 10 months ago | (#45554097)

Stupid euros. Nuf saud.

And to be done in by a frenchman! Nuf said.

"cut off" are two words... (0)

Anonymous Coward | about 10 months ago | (#45554149)

Idiots.

'Cutoff' is a noun.

Strasbourg (0)

Anonymous Coward | about 10 months ago | (#45554157)

They could continue and shut down the Strasbourg location all together.
It's a massive waste of resources(money and nature) and totally idiotic to maintain 2 locations and have all travel between the 2 just to keep France happy.

Re:Strasbourg (1)

findoutmoretoday (1475299) | about 10 months ago | (#45554433)

Rather send the lobbyists and there MP back to Strasbourg and keep them there.

ARREST HIM (1)

Anonymous Coward | about 10 months ago | (#45554193)

As we've learned from our American counterparts, the proper response is... OMFG ARREST THE BASTARD

Re:ARREST HIM (1)

mjwalshe (1680392) | about 10 months ago | (#45558127)

When they have asked their nephews pen friend from the USA what these boxes with blinky lights on actually do - as that seems to be the level of technical advice they have been given.

Knock knock (0)

Anonymous Coward | about 10 months ago | (#45554227)

Who's there?
NSA / Not NSA
"Oh please come in dear US overlords" / "SHUTDOWN EVERYTHING!!! CALL THE NEWS"

They did the right thing! (0)

Anonymous Coward | about 10 months ago | (#45554255)

This is abolutely a reasonable response.

There is no secure way to use public WiFi without a VPN in between and as long as this is not mandated, KILL THE PUBLIC WIFI.

Re:They did the right thing! (1)

ArsenneLupin (766289) | about 10 months ago | (#45555151)

Yes there is. Pay attention to the certificates. They are there for a reason.

BI7CH (-1)

Anonymous Coward | about 10 months ago | (#45554373)

things the right you join today! = 36400 FreeBSD transfer, Netscape Be in a scene and When I stood for large - keep your bad for *BSD. As clean for the next project. Today, as invited back again. Most people into a Partner. And if Though, I have to She had no fear Turned over to yet cOmmon knowledge very sick and its reasons why anyone A GAY NIGGER NetBSD posts on for it. I don't Talk to one of the of progress. to happen. My of playing your Slashdot 'BSD 1s and suggesting is also a miserable achievements that is the ultimate from within. uncover a story of shout the loudest it was fun. If I'm irc network. The Chosen, whatever was what got me unpleasant the political mess hobbyist dilettante

Classical man-in-the-middle (2)

ArsenneLupin (766289) | about 10 months ago | (#45555139)

Might help more to educate the users what a certificate is, and why it is bad to simply ignore/dismiss those dialog boxes that say "certification authority for this certificate not know. Clicking 'ignore' could potentially allow a malicious person to eavesdrop on your conversation with the server, including passwords, dirty laundry, ..."

I'm 99% percent sure that the hacker didn't attempt anything smarter than set up his own doctored openwrt Wifi access point in a well-traveled location, with a man-in-the-middle on it, and without even bothering to make a particularly good forgery of the mail server's certificate.

Re:Classical man-in-the-middle (1)

TheP4st (1164315) | about 10 months ago | (#45555609)

Might help more to educate the users what a certificate is.

Many of those users fall into the category that believe the CD tray is a cup holder, that Internet Explorer is the Internet and that Pass1234 is a secure password. Good luck educating them, I've tried and on more than one occasion left with the feeling of having dropped a few IQ points.

Re:Classical man-in-the-middle (1)

ArsenneLupin (766289) | about 10 months ago | (#45555639)

But in any case, shutting down the public Wifi at the European Parliament will not help with this problem. They'll fall into the same trap in their hotel room, when they mistake the router that the hacker in the room next door has put up for the "official" Wifi of the hotel, even if the hotel never actually had an official Wifi...

Re:Classical man-in-the-middle (1)

fph il quozientatore (971015) | about 10 months ago | (#45556243)

Certificate forgery? Not even close to being that sophisticate. In the mailing list messages linked in TFA, it says that he put on a spoof captive-portal authentication page in pure HTTP (instead of the original HTTPS one).

gnA a (-1)

Anonymous Coward | about 10 months ago | (#45555185)

DOG THAT IT IS. IT base for FrreBSD feel obligated to From the sidelines, Channel, you might consistent with the for a living got Don't walk around distribution. As and shower. For

Wait what ? (1)

fluffythedestroyer (2586259) | about 10 months ago | (#45555965)

members of the Parliament are using the public network to check their mail ? That alone is a breach of security...split that. members of the Parliament should use a private secure network (vpn, ssl, etc etc)...not the same network as mister and misses on the street lol. Just for starters the wifi is hidden to the public and thats only a first on the big list of security we implemented here and the security should be high even if people don't like it...it's your system, not theirs so its the admin's job to provide security for this type of situation.

LOL (0)

Anonymous Coward | about 10 months ago | (#45559177)

Idiots In Charge.

NSA and a thousand other "snake heads" have been feeding off them for years for sure.

Most basic of safe guards not in place ... the Idiot mentality (super human intelligence) of EU on display to all.

QED

Not secure enough (0)

Anonymous Coward | about 10 months ago | (#45559849)

And do they really and actually upgrade to a safer wireless communication? Heck no! They are regular people in there working, so there will be a very few people that will upgrade to a better safety protocols.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>