Receive new posts as email.
RSS 0.91 | RSS 2.0
RDF | Atom
Podcast only feed (RSS 2.0 format)
Get an RSS reader
Get a Podcast receiver
| Sun | Mon | Tues | Wed | Thurs | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 |
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator or JiWire, Inc.
Entire site and all contents except otherwise noted © Copyright 2001-2006 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Powered by
Movable Type
« Convergence Emergence and the iPhone | Main | Meraki's Mesh a Hit in Beta: 15,000 Users, $5m Investment »
Computerworld reports that in testing at airports, they found honeypots intended to lure unsuspecting users: I’m a bit lagging on this story, reported two weeks ago, but it’s still relevant. The “Free Wi-Fi” scam involves password snatchers setting up fake Wi-Fi networks in public places, like airports, that use free in their network name. Connecting to these locations puts your machine at risk. Further, for Windows users, your laptop might connect in the future to other identically named locations without asking if you want to connect. The attacker can snarf unprotected passwords and unencrypted email, as well as infect your computer.
Computerworld cites security firm Authentium as having found dozens of “free,” ad-hoc wireless networks of this sort at airports across the U.S. The firm told Computerworld that in multiple visits to O’Hare, they found over 20 ad-hoc networks advertising free service each time, and saw “fake or misleading” MAC addresses, the numbers designed to identify each Wi-Fi or Ethernet adapter uniquely.
The article offers specific advice on how to avoid this problem. The most prominent in my mind? Use a VPN. Several firms offer VPN-for-hire for travelers who don’t work for companies that offer or require VPN use on the road. Try JiWire’s Hotspot Helper (Windows only, $25/year) or WiTopia.net’s personalVPN (Windows/Mac, $40/year), for instance.
(Disclosure: I have a very small stake in JiWire.)
Posted by Glennf at February 5, 2007 10:49 AM
Categories: Security
TrackBack URL for this entry:
https://db.isbn.nu/mt3/mt-tb.pl/4358
Many of these so called scammers are probably just unsuspecting travelers running a version of windows on their laptops that included a 'feature' where it will create an ad-hoc network using the SSID of the network it last connected to if it cannot find any others in the user's preferred list to connect to.
For many travelers, those last used connections are very likely to be hotspot networks, hence it looks like there are lots of people pretending to be hotspots.
While there are risks associated with this feature, it probably isn't as serious a threat as some people are making out. I've not seen any reports where the "investigators" actually connected to the networks and saw fake login web pages. Of course, before connecting to any network you should verify that it is what it says it is. You can also set your preferred networks to not auto-connect, and to not connect to ad-hoc networks, which will prevent your laptop connecting without your knowledge.
The bigger risk is that your laptop beacons out one of these ad-hoc connections while you're working in a public place without WiFi, and somebody connects to it and gains access to your PC.
(By the way, the "fake" MAC addresses are probably just the random BSSIDs that ad-hoc networks are required to use!).
Posted by: John at February 6, 2007 12:19 PM
This is correct. What is even scarier in a way is that some airports that offers free service utilize gateway solutions that can't handle (or possibly even worse) blocking vpn connections.
Last week I was through Phoenix Sky Harbor airport that is one of the airports in the US that offers free internet access. However I couldn't establish a VPN connection (neither l2tp, pptp so never bothered to check ipsec). Speeds where great but basically couldn't do any useful work so ended up just checking a few websites and finished my session.
I also stayed at numerous hotels that can or will not handle vpn properly which is as bad.
Posted by: Eje at February 5, 2007 7:36 PM
So do these scammers connect you to the internet? In that case, you can easily turn the tables and take advantage of the free connectivity if you make sure you encrypt your stuff.
The easiest way to do that is not a VPN but rather SSL. All decent email services support that (but generally don't require it-double check!) and just make sure you see the lock in your browser before doing anything sensitive over the web.
Posted by: Iljitsch van Beijnum at February 5, 2007 11:22 AM