how does hotel wi-fi work,and why does it need a browser to log in?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
how does hotel wi-fi work,and why does it need a browser to log in?  

It's strange--just like the title says, hotel Wi-fi and a lot of private bu=
siness wi-fi needs a browser to activate your internet connection, with a p=
assword, but when you flush the cache and close the browser, when you reope=
n the browser it often still works to give you internet.  Somehow there's a=
 hidden cookie that is not erased.

Anybody know how hotel or private wifi works?  Some sort of a program that'=
s become popular seems to me, as I don't recall this from years ago.

RL

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

I'm thinking... Wait.. I know you.. First, this is entirely off topic
here. Second, I remember you as being a total asshole towards me. So, I
would suggest you google it. I'll give you a clue, it's most likely NOT a
cookie. (I've only seen one setup that was like that).


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?

Dustin wrote:

Quoted text here. Click to load it

Probably MAC address if I had to guess.  

I've never been on one of them long enough to look (or care) to
see how it works.  Last time I got on a public WIFI was at IAH
(the big airport here) and I was so glad to get a connection I
went straight to handling the business I needed the 'net for.

--
I drank some boiling water because I wanted to whistle. -Mitch Hedberg


Re: how does hotel wi-fi work,and why does it need a browser to log in?

G. Morgan wrote:
Quoted text here. Click to load it
My guess was that the session was re-established, you only need to
re-negotiate if you gave it time enough to expire.

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

Yep.
 


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?

On Wednesday, April 11, 2012 3:57:40 AM UTC+8, Dustin wrote:

Quoted text here. Click to load it

That's a first, shit for brains.

Quoted text here. Click to load it

It's an unmoderated forum you idiot.

Quoted text here. Click to load it

Not true, turd.  You yourself admitted that you wrote viruses and released them
to the wild, and you're calling me an asshole?  Idiot.

Quoted text here. Click to load it

Don't need a clue, I needed an answer.  I got the answer in this thread, it's
called a captive portal, Shit for brains.  Enjoy your retirement and don't be
surprised if law enforcement shows up someday at your doorstep to ask about
those viruses you wrote.

RL

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

I'm not the one who created a thread asking how hotel wifi worked. You
did. Shit for brains. heh. :)

You're pathetic.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

Btw, Shit for brains, the captive portal as you were enlightened uses your
MAC address to keep tabs on you. Not a cookie, stupid fuck.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

It's an alt newsgroup yes. But, it's for anti-virus discussion. Not
basic WIFI network configuration questions. And your question was basic,
related to networking, not antivirus. There are alt newsgroups for
networks too. Unmoderated just means theres nobody here to verify your
posts have something to do with the newsgroup.

People like you don't do well in a moderated group.
 
Quoted text here. Click to load it

Yes, I did. A long time ago.
 
Quoted text here. Click to load it

I still think googling would have been faster. Incidently, I know what
it's called; I've set a few of them up. They use your MAC address to
determine if they've seen you previously or not and what if any access
you may have.

Quoted text here. Click to load it

I've been retired from VX for 12 years. Law enforcement can't touch me
for any of those activities due to a statute of limitations. Please do
feel free to drop by and educate me again sometime tho. I always look
forward to our pleasant chats.



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?

wrote:

Quoted text here. Click to load it
business wi-fi needs a browser to activate your internet connection, with a
password, but when you flush the cache and close the browser, when you reopen
the browser it often still works to give you internet.  Somehow there's a hidden
cookie that is not erased.
Quoted text here. Click to load it

It's called a captive portal

http://en.wikipedia.org/wiki/Captive_portal

--
p-0^0-h the cat
Internet Terrorist, Mass Sock puppeteer, Agent provocateur, Gutter rat
Devil incarnate, Linux user#666, BaStarD hacker

Re: how does hotel wi-fi work,and why does it need a browser to log in?

On Tue, 10 Apr 2012 12:35:20 -0700 (PDT), RayLopez99

Quoted text here. Click to load it
business wi-fi needs a browser to activate your internet connection, with a
password, but when you flush the cache and close the browser, when you reopen
the browser it often still works to give you internet.  Somehow there's a hidden
cookie that is not erased.
Quoted text here. Click to load it

It's called a captive portal. Not all hotels need a browser to log in.

And it generally remembers your session by your MAC address. If you
were to have a built in WiFi and a USB WiFi, and you connect with your
USB WiFi, authenticate, then connect back with your built in WiFi,
likely you'll get redirected again.
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.

Re: how does hotel wi-fi work,and why does it need a browser to log in?

On Wednesday, April 11, 2012 3:35:20 AM UTC+8, RayLopez99 wrote:
Quoted text here. Click to load it
 password, but when you flush the cache and close the browser, when you reo=
pen the browser it often still works to give you internet.  Somehow there's=
 a hidden cookie that is not erased.
Quoted text here. Click to load it

Follow-up question:  given that https (session layer transport security) is=
 only secure between nodes, can hotel employees read your bank log-on infor=
mation if you use https on a captive portal in a hotel wifi network?  I don=
't think so.

RL

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

Back so soon Ray? Didn't you ask how https worked before?


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?

This is=20

On Friday, April 13, 2012 9:50:06 AM UTC+8, Dustin wrote:
Quoted text here. Click to load it

You have a better memory than I thought, in particular since you mis-charac=
terized me as your enemy when in fact I'm your frenemy.  Perhaps writing vi=
ruses and destroying other people's property sharpens the mind?

As we left it a while ago, we concluded https was secure "between nodes", m=
eaning between transmission points.  So it prevents simple man in the middl=
e attacks (most of the time, excluding traffic analysis, see the Wikipedia =
cite below).  But since my encrypted messages go through the hotel's WiFi s=
erver, by definition it can be decrypted at the hotel server, in particular=
 if the server has the HTTPS certificate and is using it rather than my cer=
tificate on my hard drive for decryption.  (see below on "simple" https vs =
"mutual" https.  I am assuming I am using "simple" not "mutual" https in th=
is hypothetical of this paragraph).

As a (retired virus writer) and security guy you should be aware of how *in=
secure* https is.  How it can be decrypted potentially by any PC that retra=
nsmits the https message.

RL

http://en.wikipedia.org/wiki/HTTPS

SSL comes in two options, simple and mutual.

The mutual version is more secure, but requires the user to install a perso=
nal certificate in their browser in order to authenticate themselves.

Whatever strategy is used (simple or mutual), the level of protection stron=
gly depends on the correctness of the implementation of the web browser and=
 the server software and the actual cryptographic algorithms supported.

SSL does not prevent the entire site from being indexed using a web crawler=
, and in some cases the URI of the encrypted resource can be inferred by kn=
owing only the intercepted request/response size.[11] This allows an attack=
er to have access to the plaintext (the publicly-available static content),=
 and the encrypted text (the encrypted version of the static content), perm=
itting a cryptographic attack.

Because SSL operates below HTTP and has no knowledge of higher-level protoc=
ols, SSL servers can only strictly present one certificate for a particular=
 IP/port combination.[12] This means that, in most cases, it is not feasibl=
e to use name-based virtual hosting with HTTPS. A solution called Server Na=
me Indication (SNI) exists, which sends the hostname to the server before e=
ncrypting the connection, although many older browsers do not support this =
extension. Support for SNI is available since Firefox 2, Opera 8, Safari 2.=
1, Google Chrome 6, and Internet Explorer 7 on Windows Vista.[13][14][15]

From an architectural point of view:

    An SSL/TLS connection is managed by the first front machine that initia=
tes the SSL connection. If, for any reasons (routing, traffic optimization,=
 etc.), this front machine is not the application server and it has to deci=
pher data, solutions have to be found to propagate user authentication info=
rmation or certificate to the application server, which needs to know who i=
s going to be connected.
    For SSL with mutual authentication, the SSL/TLS session is managed by t=
he first server that initiates the connection. In situations where encrypti=
on has to be propagated along chained servers, session timeOut management b=
ecomes extremely tricky to implement.
    With mutual SSL/TLS, security is maximal, but on the client-side, there=
 is no way to properly end the SSL connection and disconnect the user excep=
t by waiting for the SSL server session to expire or closing all related cl=
ient applications.
    For performance reasons, static content that is not specific to the use=
r or transaction, and thus not private, is usually delivered through a non-=
crypted front server or separate server instance with no SSL. As a conseque=
nce, this content is usually not protected. Many browsers warn the user whe=
n a page has mixed encrypted and non-encrypted resources.

A sophisticated type of man-in-the-middle attack was presented at the Black=
hat Conference 2009. This type of attack defeats the security provided by H=
TTPS by changing the https: link into an http: link, taking advantage of th=
e fact that few Internet users actually type "https" into their browser int=
erface: they get to a secure site by clicking on a link, and thus are foole=
d into thinking that they are using HTTPS when in fact they are using HTTP.=
 The attacker then communicates in clear with the client.[16]

In May, 2010, a research paper[17] by researchers from Microsoft Research a=
nd Indiana University discovered that detailed sensitive user data can be i=
nferred from side channels such as packet sizes. More specifically, the res=
earchers found that an eavesdropper can infer the illnesses/medications/sur=
geries of the user, her family income and investment secrets, despite HTTPS=
 protection in several high-profile, top-of-the-line web applications in he=
althcare, taxation, investment and web search.

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

I did write viruses at some point in my past Ray. People do all kinds of
things they later regret doing. I could try to split hairs on the
destroying aspect, as I did no hardware damage.. but, you're right. I
did cause some software damage and data loss on occasion with them.

I have a decent memory ray, most of the time. It's a double edged sword
tho.

Quoted text here. Click to load it

I'm getting a headache reading this....
 
Quoted text here. Click to load it

I was waiting for some other wiseass remark.

http://preview.tinyurl.com/cckav4y
http://www.instantssl.com/ssl-certificate-products/https.html
http://preview.tinyurl.com/bsj6ubh

I don't see where from the wikipedia article you got the silly idea any
computer can decrypt it that retransmits the https message. That would
sort of defeat the entire purpose. LOL.

As far as hacking https sure, when you socially engineer somebody into
using http instead.. As the wikipedia article clearly stated was
demonstrated. No insecurity in the https protocal, just dumb users not
paying attention to the url.

Or, in other words, no, when your using the wifi at your hotel,
mcdonalds, etc, so long as your browser is doing https with your bank
and not http; mcdonalds/hotel/whatever isn't privy to the conversation.

:)
 
Quoted text here. Click to load it

Which is mathematically true of many comms systems.
 
Quoted text here. Click to load it

This is because the entire encryption process is offline. Had HTTPS been
enabled, they wouldn't be presenting anything.
 
Quoted text here. Click to load it

Would require specific details to comment. Likely tho, improper
configuration on the server side allowed the information to be
improperly accessed.
 



--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?

On Saturday, April 14, 2012 4:02:02 AM UTC+8, Dustin wrote:
[routine canonical replies by Dustbin deleted, leaving not much else]

Well Dustin, you demonstrated an understanding of how routine "man-in-the-m=
iddle" attacks work, but you failed to grasp the distinctions between "mutu=
al" HTTPS and "simple" HTTPS, probably because you don't understand the dif=
ferences.

As I said, there's a more than mathematical chance that the hotel servers a=
re the HTTP certificate proxies for any HTTPS that gets served on your brow=
ser, as a hotel guest.  The issue is whether the hotel staff has the wherew=
ithal to exploit this to read your encrypted data stream.  I'll leave it fo=
r more enlightened readers to inform the both of us.

RL

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

Alright Ray.
 
Quoted text here. Click to load it

I won't hold my breath.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work,and why does it need a browser to log in?


Quoted text here. Click to load it

I thought primitive preschool name calling was dropped when individuals
became adults... However, usenet does tend to bring out the best of the
trash.
 
Quoted text here. Click to load it

Your browser can at your request show you the certificate it was supplied
with, as well as who vouched for it, and for who the domain it's supposed
to be owned by. IE: The hotel can't claim to be your banks domain and use
it's key for the https session.

Quoted text here. Click to load it

The more you demonstrate this holier than thou attitude, the less likely
it is people will continue responding with help of any kind. Especially
when it's offered and you respond in a juvenile fashion.

Maybe some google group will be more to your level?


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work, and why does it need a browser to log in?


Quoted text here. Click to load it

the whole usenet? Usenet is huge!!!!
 
Quoted text here. Click to load it

I said something you didn't like 12 years ago. Big deal.

Quoted text here. Click to load it

All true. Rshack was a camp editor for rainbow six...
 
Quoted text here. Click to load it
Yes...And? usually when someone quotes so much material, they have a
point...What is yours?

So glad to see you again btw. Have you heard from the RIAA yet? You
scared the crew so much with your last post on the subject man, We shit
over 100+ releases to the net. We're still shittin releases man. We're
starting to get dehydrated. We hope they come soon with kickass medical
assistance. Mebbe you should put in another good word for us? Tell em,
"HHI is nearly out of toilet paper, Please send more soon! Oh, and some
pizza and rehydration meds, As we surely need it."




--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: how does hotel wi-fi work, and why does it need a browser to log in?


Quoted text here. Click to load it

Damn. You're on a roll tonight ain'cha?  :-)

--
  --- My mother never saw the irony in calling me a son-of-a-bitch ---

Site Timeline