Posted on 22/8/08 by Felix Geisendörfer
sorry to interrupt the normal broadcasting schedule, but one article of this blog has gone crazy. Pretty much 2 years ago, I wrote a post called Hacking a commercial airport WLAN. It essentially documents an incredible stupid hole in the system of one of Atlanta's WiFi providers at the airport. Next thing I know is that suddenly a few days ago, we got hit by StumbleUpon, Reddit and even freaking lifehacker.com. Wtf. Traffic is through the roof and I'm surprised how well our little blog here is holding up to the load.
Anyway, what I'd like to do is to share the story behind the article with the people who normally read this blog.
Summer 2 years ago. I was flying out of Atlanta back to Germany after having stayed with my old host family there. My flight was delayed by 3 hours and I was borded and noticed some open wifi's around. Sure enough they wanted to charge me $7,99 for 24h hours of internet usage. Besides the fact that I didn't have a credit card back then, paying 30x the price of what my internet costs at home seemed to be quite a rip off. But even if I had a credit card back then, putting a lock on a box just gives it this compelling challenge. In this case the message sounded something like this: "Hey our Software has automated the process of ripping people off and there is nothing you can do about it!"
Nothing? I doubted it. There had to be a loop hole somewhere. I was hoping that by disabling redirects I could prevent being thrown back to their homepage portal every time I accessed a site, no chance. I tried a few things here and there, but nothing. Eventually I decided to look at the html of their portal and noticed they were including some of their images from an external site. A few minutes later and I turned this knowledge into a workable exploit. Well, that's if you can call appending '?.jpg' to every url you type in an exploit ...
Anyway ... the recent popularity if this posts scares me a little given the fact that I want to travel to the US in a week from now. Who knows, maybe I qualify as a terrorist now? Maybe I'll be interrogated about how I was able to pull of an attack against the sophisticated infrastructure of the USA? Anyway, I love the USA and I hope they'll continue to love me as well ; ).
-- Felix Geisendörfer aka the_undefined
Update: Shit, I posted this 6 seconds before loosing 50 bucks - that was close.
You can skip to the end and add a comment.
This post is too old. We do not allow comments here anymore in order to fight spam. If you have real feedback or questions for the post, please contact us.