I was just talking to my dad about this the other day. Do people not understand that the Internet by nature isn't secure? Sure, it might be *easier* to sniff a clear text password on an open AP, but anyone between you and the server can do that with a wired connection too (or a secured wireless connection).
One of the CNN "tips" is "Don't send sensitive e-mail on wireless networks that don't have high-level security. If you aren't sure, don't do it." HELLO?! Don't send sensitive e-mail PERIOD if you aren't using something like VPN/SSH/SSL. If anything, shit like this leads to a false sense of security. "I'm safe, I have a wired/secured wireless connection." YOU'RE ONLY "SAFE" UNTIL YOU HIT YOUR ROUTER.
Ugg.
Wireless Web puts personal data at risk
By Daniel Sieberg
CNN
ATLANTA, Georgia (CNN) -- What comes to mind when you think of wireless Web surfing? It may not be security, or lack of it. There are nearly 30,000 public wireless "hot spots" in the United States at places such as parks and cafes, but there's more to consider than just where to log on. The convenience comes with a caveat.
"Understand that the information you're sending is very similar to standing up here in the park and shouting out all the information -- would I normally do that?" said Richard Rushing, a wireless expert with security firm Air Defense who visited an Atlanta park to show security vunerabilities.
Rushing is considered an "ethical hacker" and works with companies to strengthen their wireless networks. He said many people don't realize they could have all their personal data stolen while checking out their checking account.
"It's great to be able to sit somewhere and work without having any wires attached, no nothing attached, but you have that risk that it comes back to," Rushing said.
At the park, Rushing was able to log onto an unsecured hotel wireless signal in a matter of seconds. To illustrate how vulnerable such networks can be, Rushing then sent an e-mail and intercepted the entire contents of the message. He could've done the same thing to any of the dozens of people sitting nearby in the park.
"At any point in time, I can reach out and touch everyone's laptop at the hot spot, and there's usually not any way of preventing that -- from me touching and looking at other people's stuff at the hot spot itself," Rushing said.
He also demonstrated a growing concern called "evil twins" -- fake wireless hot spots that look like the real thing.
For example, he said, a hacker could be sitting around the corner sending out a wireless signal. It may look like a legitimate one, even offering people a chance to sign up for service. But if you log on, the hacker then would have complete access to your machine.
He said anybody with some tech know-how and the right tools can break into the basic level of wireless security that's commonly used. There are even how-to video instructions online.
Rushing said people need to imagine that nothing is truly private at a wireless hot spot.
"A lot of the time you really want to stay away from doing certain things at the hot spot that you would normally not do if you knew somebody would be watching," he said.
Nevertheless, Rushing doesn't discourage using wireless. He tells people to be aware of what they're sending and the potential for theft. In other words, it's a good chance to read the baseball scores, but even if you're sitting by yourself, it doesn't mean you are all alone.
There may be no wires attached, but the convenience still comes with strings.
Wireless DANGERS
- lukpac
- Top Dog and Sellout
- Posts: 4591
- Joined: Wed Apr 02, 2003 11:51 pm
- Location: Madison, WI
- Contact:
Wireless DANGERS
"I know because it is impossible for a tape to hold the compression levels of these treble boosted MFSL's like Something/Anything. The metal particulate on the tape would shatter and all you'd hear is distortion if even that." - VD