Posted on 01/26/2007 9:55:50 AM PST by John Jorsett
The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country.
You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.
If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.
(Excerpt) Read more at computerworld.com ...
Anyone putting anything senstive over an open airport network is ignorant. The network themselves are insecure so this hype doesn't really mean a thing. Just another attack on microsoft.
Anyone using Wi-Fi ANYWHERE should be aware that they could be potential targets.
"You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge."
The exact same could be said about ANY wireless netwrk that is unsecure.
hg |
As a hacker of 38 years, people need to pay attention to this.
|
A lot of people don't recognize the dangers of using unsecured wireless networks and should be warned. Of course, few of the ignorant are likely to be reading ComputerWorld.
;o)
I don't know if it is an attack on MS exactly... it really speaks to the inherent problems of 802.11x in general.
On a legit, but open, wifi network a user can still use their VPN and firewall to minimize the risk of the open wifi.
But attacks like this are after the casual or careless user anyway. A packet sniffer on the man-in-the-middle machine could harvest a wealth of stuff in no time.
You can tell users a millions times about something like this, and they will jump into it headfirst every time.
There are still so many people that do not even come close to knowing what the computer they are using actually does.
"No way! the little brickwall icon and yellow shield icon in the lower right corner say I'm fine...
You're right, your data is encrypted from your computer to the other server, and the Wifi network cannot access it.
But that doesn't mean you're safe. Not being able to see your data stream is of small consequence if they've taken over your computer and are having all your keystrokes sent to them.
Most people barely know how any technology they use, including something as simple as a light bulb, actually works. Most technology might as well be magic as far as most people are concerned. The blame, at least partially, properly belongs with companies that produce insecure operating systems, websites (no reason that passwords should ever be sent over the network in clear text, for example) designers/operators, networks, and so on. For example, why isn't wireless networking traffic encrypted by default? Truth be told, the PC is not really ready for general home use for sensitive applications, as it really needs an expert to secure it (and even then, you're still susceptible to software with memory leaks, unbounded arrays, and so on).
hg |
I live lakefront on a very large and popular lake and on the big weekends like the 4th of July when the lake is packed with boats, I open up my connection to the public, fire up CommView (packet sniffer) and watch boats congregate around my dock after a bit of war driving. It's amazing to sift through data and see what people allow to travel through an unknown person's network. It's even more fun to log the sites they visit.
I agree that having an open router to the net isn't dangerous if you know what you are doing. It's simple to secure your network, files and printers and other computers. It's logging onto an unknown open network that'll get you in trouble. I also agree that this doesn't have a darn thing to do with Microsoft. IEEE 802.11 has nothing to do with MS. |
You said -- "A packet sniffer on the man-in-the-middle machine could harvest a wealth of stuff in no time."
Well, that's excellent. He may get a "wealth of an education" from the Free Republic articles...
Regards,
Star Traveler
"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus
Here's how ignorant most wireless users are. I left Raleigh-Durham Airport driving on the I-540 North and West. In just a few miles, I picked up over 20 networks on my AirMagnet, none of which were secure, from the freeway!
Very simple. Flip the switch to the "on" position.
I became suspicious as soon as McDonald's began offering WiFi. When I think of the typical McDonald's customer, I don't think of tech geeks that can't leave their computers for five minutes to grab a bite to eat.
bump
So literally, you saying "all your keystrokes are belong to them?"
what is a good way to check for those keystroke viruses? i so not work on an unsecure wifi network but it'd be good to know.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.