> I asked the Shepherd how a login goes from being captured to being shown on the Wall of Sheep. Their reply doomed our fun: “I’d type it in.” Oh no. That’s not good. “Isn’t it automatic?”, I asked. The Shepherd paused to rub the bridge of their nose. “Well,” they sighed, “it was until people started sending a bunch of vile usernames and passwords and kind of ruined it2, so now we have to moderate the process.”
The Def Con security conference has open wifi, and people make a game of trying to capture packets of others trying to log into non-SSL websites. If successful, they post the credentials on the “Wall of Sheep”.
One year I got the idea to try to exploit the Wall. I didn't succeed but had great fun trying!
Someone at DEFCON captured the wireless data from a mouse/keyboard dongle. The dongle was connected to a computer that belonged to the organizers, possibly managing the Wall of Sheep. They were able to capture and/or simulate input from/to the dongle.
> I asked the Shepherd how a login goes from being captured to being shown on the Wall of Sheep. Their reply doomed our fun: “I’d type it in.” Oh no. That’s not good. “Isn’t it automatic?”, I asked. The Shepherd paused to rub the bridge of their nose. “Well,” they sighed, “it was until people started sending a bunch of vile usernames and passwords and kind of ruined it2, so now we have to moderate the process.”