Skip to content

Public wireless access points, can you access PC hard drive?

Featured Replies

I got asked "Now what, if anything, stops someone being on a free public wireless access point simply accessing the hidden root c$ share on another XP machine using the access point and looking/copying the files off it"?

To which I don't know the answer, so over to the Tech Shed... :thumbup:

The access point might have some logical separation between hosts.

Hopefully your PC would be set up properly with a firewall and patches etc to prevent an attack.

But if the person trying to attack is good enough they probably could get through, given enough time. time is probably the limiting factor. Unless you have a very open or easily exploitable computer any attacker would probably run out of time before getting anywhere.

TBH it's easier to do a man-in-the-middle attack spoofing the AP and getting you to connect directly to the hostile computer rather than the proper AP.

IMHO I wouldn't do anything financial (shop/bank) on a computer and connection I didn't own and control. Not without 2 factor authentication anyway.

Even with no seperation and no firewall, you'd need an administrator's username and password. (so it's bad news if you have a blank admin password).

  • Author

IMHO I wouldn't do anything financial (shop/bank) on a computer and connection I didn't own and control. Not without 2 factor authentication anyway.

Also I wouldn't check email using a POP3 client connection that isn't encrypted, which I think is the majority of them, certainly seems to be the default settings anyway.

Interesting that it is possible in theory to connect to the hard drive if the machine is not set up correctly, so short answer to the question is yes... Like the thought about pretending to be an access point, how would you know if it was not?

It's just as likely when you're at home as well. So no need to be paranoid.

But I agree with not doing anything financial in public - but more because you never know who's looking, rather than being hacked.

Perfectly feasible. Nowadays most people's routers are secured by default but back in the day I used to leave little messages for people by leaving files in their My Documents folder or printing off a document telling them to secure their network :D

LOL, I changed the SSID of a few that were open and still on default passwords to IAMNOTSECUREENOUGH

There are still many unsecure networks out there.

I wouldn't dream of using them though :rolleyes:

It's just as likely when you're at home as well. So no need to be paranoid.

But I agree with not doing anything financial in public - but more because you never know who's looking, rather than being hacked.

True. You have to remember that even over an unsecured wireless network, any fiancial site will use SSL anyway. Provided that you're confident your PC doesn't have a keylogger, it's as asfe as doing it at home. You're far more likely to get caught by some malware on the PC itself than have anyone intercept your traffic in transit.

There are still many unsecure networks out there.

I wouldn't dream of using them though :rolleyes:

My neighbour has one :rolleyes:

The BMW dealer in Newport did at one point have an un-secured 10mbit connection. Or so I was told :rolleyes:

Thing is with unsecured connections is, there is almost no way of tracing who used it, and it's the owner that would be raided should someone do something illegal using it.

Terrorists can be held for quite some time without being charged ;)

Vista seems better at dealing with wireless networks, the first time you connect to one it asks if its a public or private connection. Click on public and file/print sharing and access to the C: drive is disabled, if you click on private though, then anything goes.

You also never know if an open AP is actually an attempt at a man-in-the-middle attack. There was someone trying this in the local library. He had a laptop set up to broadcast as "Free Internet".

There is a lot to be said for sticking to copper.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.