WiFi

[-zero-]

Deluxe, is that enough of a risk to not use it? I'll probably end up cashing out as much as possible and still playing...

[JerseyDP]

Deluxe8520 makes perfect sense, it's called a Man in middle attack and is very well known computer security issue.

Wikipedia Man in Middle

[Capitola]

The susceptibility of SSL to man-in-the-middle attacks apparently depends on how well the site software implements SSL.

SSL Man-in-the-Middle Attacks

SSL Man-in-the-Middle Attacks refer the MITM attacks through SSL/TLS channles. SSL/TLS was supposed to mitigate that risk for web transactions by providing endpoint authentication and encryption. However, it is discovered in late 2000 the feasibility of mounting a MITM attack on the protocol. One faulty SSL client implementation, Microsoft's Internet Explorer, allows for transparent SSL MITM attacks when the attacker has any CA-signed certificate. An even greater risk is posed by unprotected systems where an attacker can preload his/her own trusted root authority certificates. The mitigation for such attack is to properly configure client SSL that would warn the user about problems with the server certificate.

Link 1
Link 2

Most sites probably won't give you much detail about their SSL implementation, but here's what PokerStars says:

Our client software uses the industry standard SSLv3 protocol. It is configured to use RSA for authentication and key generation and triple-DES (EDE3, in outer-CBC mode) for encryption. Currently we are using 512-bit RSA key, which according to [1] is sufficient for short and medium-term (up to several years) secrets. As we update server private keys every three months, we are secure with a good safety margin. The use of Triple-DES EDE3 for session encryption is considered even safer.

Beats me whether this is good enough to defeat MITM attacks, but maybe with a little research you could find out.

[Deluxe8520]

[ QUOTE ]
Deluxe, is that enough of a risk to not use it? I'll probably end up cashing out as much as possible and still playing...

[/ QUOTE ]

Only you can answer that my man. Its the equivalent of shutting the front door to your house but not locking it. Most likely nobody will come in. Most people arent looking to rob your house. Most people wont even try to see if its unlocked. However, if somebody is determined and wants to rob you....they can.

[PLOlover]

[ QUOTE ]
It does make sense. Your computer is not the endpoint when you are using a router. The ROUTER and the WEBSITE are the two endpoints. You are connected to the internet through the router. All of the computers using the router connect to the internet through the router. If you are inside the wireless network of the router you can see ALL the traffic from any computer using that router if you have the right tools(SSL included). Thats why WPA2 security is so important.

[/ QUOTE ]

Doesn't internet traffic go through multiple routers?

[Deluxe8520]

[ QUOTE ]
[ QUOTE ]
It does make sense. Your computer is not the endpoint when you are using a router. The ROUTER and the WEBSITE are the two endpoints. You are connected to the internet through the router. All of the computers using the router connect to the internet through the router. If you are inside the wireless network of the router you can see ALL the traffic from any computer using that router if you have the right tools(SSL included). Thats why WPA2 security is so important.

[/ QUOTE ]

Doesn't internet traffic go through multiple routers?

[/ QUOTE ]

No, your internet traffic goes through the router you are connected to. Maybe you are thinking of "ports". Your computer has many ports in which to establish a connection with another computer or to a server.

[Lyrrad]

[ QUOTE ]


It does make sense. Your computer is not the endpoint when you are using a router. The ROUTER and the WEBSITE are the two endpoints. You are connected to the internet through the router. All of the computers using the router connect to the internet through the router. If you are inside the wireless network of the router you can see ALL the traffic from any computer using that router if you have the right tools(SSL included). Thats why WPA2 security is so important.

[/ QUOTE ]

Your point still is incorrect.

Properly implemented poker software would likely require the following:

1) First, you have to trust the software on your computer.
2) Then, in order to verify the site, your computer (client) contacts the site and receives data with a digital signature. Your client knows it's talking with the site and not an impostor because it can compare the SSL signature with its own copy of the site's public certificate.

3) The client can then work with the site to generate session keys to pass data back and forth.

A compromised router would not hurt the secrecy of the data passed.

Please note:

1) An untrusted router could drop your connection to generate a type of denial of service attack.
2) If SSL is not properly implemented, then a MITM attack could work. However, if this is the case, then it would work with any router along the route from your client to the site.

[Lyrrad]

[ QUOTE ]
[ QUOTE ]


Doesn't internet traffic go through multiple routers?

[/ QUOTE ]

No, your internet traffic goes through the router you are connected to. Maybe you are thinking of "ports". Your computer has many ports in which to establish a connection with another computer or to a server.

[/ QUOTE ]

Sigh...

Yes, your internet traffic goes through the router you are connected to as well as many other computers on the way to the destination, which are also called routers. Maybe you are thinking of a "wireless access point". Your computer that connects wirelessly will connect to one access point in order to establish a connection with another computer or to a server.

[Deluxe8520]

[ QUOTE ]
[ QUOTE ]


It does make sense. Your computer is not the endpoint when you are using a router. The ROUTER and the WEBSITE are the two endpoints. You are connected to the internet through the router. All of the computers using the router connect to the internet through the router. If you are inside the wireless network of the router you can see ALL the traffic from any computer using that router if you have the right tools(SSL included). Thats why WPA2 security is so important.

[/ QUOTE ]

Your point still is incorrect.

Properly implemented poker software would likely require the following:

1) First, you have to trust the software on your computer.
2) Then, in order to verify the site, your computer (client) contacts the site and receives data with a digital signature. Your client knows it's talking with the site and not an impostor because it can compare the SSL signature with its own copy of the site's public certificate.

3) The client can then work with the site to generate session keys to pass data back and forth.

A compromised router would not hurt the secrecy of the data passed.

Please note:

1) An untrusted router could drop your connection to generate a type of denial of service attack.
2) If SSL is not properly implemented, then a MITM attack could work. However, if this is the case, then it would work with any router along the route from your client to the site.

[/ QUOTE ]

An SSL certificate is between your connection(the wireless router since that is your internet connection) and the secure website. If the router is unsecure and a hacker can get in hes is inside your network(using the same connection). The SSL certificate is now between you, mr.hacker and the secure website. I am not saying it is easy but a skilled hacker can do it. I did a quick google search for ya.

http://www.nellis.af.mil/news/story.asp?id=123035765

[Deluxe8520]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]


Doesn't internet traffic go through multiple routers?

[/ QUOTE ]

No, your internet traffic goes through the router you are connected to. Maybe you are thinking of "ports". Your computer has many ports in which to establish a connection with another computer or to a server.

[/ QUOTE ]

Sigh...

Yes, your internet traffic goes through the router you are connected to as well as many other computers on the way to the destination, which are also called routers. Maybe you are thinking of a "wireless access point". Your computer that connects wirelessly will connect to one access point in order to establish a connection with another computer or to a server.

[/ QUOTE ]

Im pretty sure he was talking about the traffic leaving his computer. In which case it will always leave the router he is connected to first. Also for the purposes of hacking and being able to capture your internet traffic what you said has absolutely no relevance. Have a nice day [img]/images/graemlins/grin.gif[/img]