[ISN] Study: Wi-Fi users still don't encrypt

From: InfoSec News (isnat_private)
Date: Mon Jul 07 2003 - 00:09:48 PDT

  • Next message: InfoSec News: "[ISN] Hackers disrupt Internet during online battle"

    http://www.theregister.co.uk/content/69/31567.html
    
    By Kevin Poulsen
    SecurityFocus
    Posted: 04/07/2003 
    
    Think you've heard more than enough about war driving and Wi-Fi
    insecurity? Two days of electronic eavesdropping at the 802.11 Planet
    Expo in Boston last week sniffed out more evidence that most Wi-Fi
    users still aren't getting the message -- or are comfortable
    broadcasting their e-mail into the ether.
    
    Security vendor AirDefense set up two of its commercial "AirDefense
    Guard" sensors at opposite corners of the exhibit hall at the Boston
    World Trade Center, the site of the conference, and for two days
    analyzed the traffic flowing between conference-goers and 141
    unencrypted access points set up by the conference for public use, and
    by vendors on the floor.
    
    What they found was that users checking their e-mail through
    unencrypted POP connections vastly outnumbered those using a VPN or
    another encrypted tunnel. Only three percent of e-mail downloads were
    encrypted on the first day of the conference, 12 percent on the second
    day. (The company says it counted all VPN or tunneled traffic as
    e-mail).
    
    That means the other 88% could easily be intercepted by eavesdroppers
    using commonly-available tools, compromising both the e-mail and the
    user's passwords.
    
    Additionally, 84 out of the 523 users monitored were configured to
    allow ad hoc networking, and 74 were configured to automatically
    connect to the access point with the strongest signal strength -- a
    default mode that could leave a laptop prey to a rogue access point.
    
    And then there was the hacking. Passive eavesdropping is undetectable,
    but AirDefense picked-up 149 active scans from war driving tools like
    Netstumbler, 105 denial-of-service attacks, eight probes for known
    exploits against access points, and thirty-two attempted
    man-in-the-middle attacks -- three of the successful.
    
    "People were probably having a little fun, but I'm not sure it was all
    malicious," says AirDefense's Brian Moran. "The real shocking part was
    how many people attached to their corporate e-mails without any kind
    of encryption."
    
    Wi-Fi eavesdropping for any purpose is usually frowned upon in legal
    circles, but AirDefense was a sponsor and the "official security
    provider" at the conference, and Moran say the company provided
    attendees with ample notice of the study. "There were huge signs
    throughout the place saying AirDefense is monitoring all conference
    traffic."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 02:39:55 PDT