http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=12&articleId=9017825&intsrc=hm_topic
OK - so you're at this fashionable hotel - either staying or picking up someone - and you whip out your fashionable laptop, the one with diamonds and rubies encrusted on the logo that screams "YUCK!"
You power it up, and as expected, the 'top finds a few free networks (unsecured, of course, for easy exploitation). You connect to one of them start surfing. The name of the access point matches the name of the hotel, so there are no second thoughts of any warning bells in your head giving you an impromptu migraine.
Three days later, all of a sudden, you notice your email account has been hijacked, and also your credit cards. Hmmm how could this happen?
It could happen because the shifty-eyed person that was sitting just a few feet away from you WAS the access point and he simply named his AP the same as the name of the hotel to fool you.
This method of attack is virtually impossible to detect because the entire AP can be brought down by the attacker in a matter of seconds. So there is no trace of his presence.
How do you protect yourself? Simple - do not use any unsecured connections that appear 'free' - if in doubt ask the company about their WiFi policies and the name of their AP. Plus, warn them if you find an AP with a similar name or the same name. Be careful about submitting any sensitive data over these lines, and definitely do not submit passwords/SS numbers/medical/financial information. Use it to surf aimlessly while waiting for your date, but don't go beyond that. It's not worth it.
Be safe!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment