On Wed, 23 Mar 2005 05:48:11 -0600, "Airhead"
<(E-Mail Removed)> wrote:
>Worth a read if your a hotspot user.
>http://www.pcworld.com/news/article/0,aid,120054,00.asp
It's an old problem. Most of the hot spot owners that I know are not
going to get involved in protecting their customers from any variation
of the "man in the middle" attack. An attacker can also get the same
results with a sniffer and data logger. It would still be necessary
to trick the user into using a fake web page in order to get their
information as all sniffed and "evil twin" traffic is usually
encrypted by an SSL (https) web page. The point about T-Mobile using
a credit card number for access is well taken. They should know
better as it's been dogma since the stone age of computing that the
user name is presumed to be "well known" and should not be anything
that needs protection.
PC World is not known for being rather astute with their "warnings".
For example, they don't question why the author innocently setup a
HostAP access point on his laptop in an airport. I guess MIT security
managers do such things. No mention of XP's overly friendly habit of
connecting with any access point. The article also doesn't make a
connection between their newly coined "Evil Twin" exploit, and the
comments on spyware legislation at the bottom, with no mention of URL
hijacking.
--
Jeff Liebermann
(E-Mail Removed)
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Similar Threads
Linear Mode
