Wi-Fi Week: Mobility at the cost of security

Friday, 30 January 2004, 2:19 PM EST

The mass media has had a lot of fun with wireless security: war driving, virus insertion and bandwidth stealing have all had their day in the sun. Public hot spots are more vulnerable to attack than private networks, where individual users can have their hardware authenticated as permanent network members. This means when you log onto a hot spot, there is a possibility that it has been compromised. It's not unknown for people to mount man-in-the-middle attacks, where they set up a bogus hot spot that overlaps with the provider's legitimate one, and then intercept logins.

If you are not connected to a service securely -- using SSL for websites, SSH for text services or a corporate VPN -- then you should be aware that your link may be transmitted in the clear and open to interception. Some service providers do have extra security in their wireless links, but if they also allow roaming then you should check that the security is in place no matter who's running the hot spot.

By Rupert Goodwins at ZDNet.

[ Read more ]

Related items


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th