In the continuing efforts to understand Wifi, here comes another article from the popular press.
This one does not consider the types of people who use Wifi, or their patterns, but rather the security risks associated with connecting to Wifi hotspots.
The article contains quotes from an "ethical hacker" who talks about how easy it is to uncover the data being sent by users. The article also details another common type of attack -- rogue access points. Again, according to the "ethical hacker", this attack consists of setting up an access point with the same SSID as a legitimate access point in an attempt to lure the user into their control. Once a user is associated with the rogue access point, the "ethical hacker" claims it is easy to control their computer.
He does echo my sentiments when it comes to online security: assume that nothing is secure. Only then will you be more likely to make wise decisions about storing or transmitting sensitive data.
By the way, I use quotes around "ethical hacker" since that is a very odd term that seems invented by this guy or CNN. I have heard of "grayhats" and "whitehats", but "ethical hacker" is new to me! Do you believe that such "ethical hackers" exist? Or is the lure of that susceptible data too much to resist?
Subscribe to:
Post Comments (Atom)
3 comments:
I personally enjoyed the fact box:
Be wary of fake hot spots that look real; prepay for wireless access in advance.
How does prepaying help exactly? And how would I know a hot spot is not real? Isn't that like proving I don't have $1,000,000 (well, maybe it isn't -- I don't want to be presumptuous ;))
You are correct, sir. Prepaying does not help, as far as I know.
When I was hotspot hopping in Poland and paying for network access, the connection instructions included this sentence:
"Connect to network with SSID Idea.pl"
So, if I were to plop down an access point and set its SSID to Idea.pl I could still hijack users.
I would assume that T-mobile does something similar and therefore offers no additional protection.
Unfortunately, I think that's what the hacker was referring to!
I wish that people were more careful of where they type into text fields. The SPAM that I get from the eBay, Banks, etc scams have excellent recreations of the original sites. So, it seems like someone recreating the login page of T-mobile, or other pay providers, is not that far-fetched.
Its really quite sad.
Post a Comment