http://www.theregister.co.uk/2005/04/20/wiphishing/ [Since changing the default SSID from Linksys to (202) 323-3205, it seems the number of malicious wardrivers and hotspot hackers prowling around has gone down significantly in my part of town. =) - WK] By John Leyden 20th April 2005 You've heard of war driving and phishing but now there's yet another reason to wear a tin-foil hat every time you surf the net. "WiPhishing" (pronounced why phishing) involves covertly setting up a wireless enabled laptop or access point in order to get wireless-enabled laptops to associate with it as a prelude to hacking attacks. An estimated one in five access points use default SSIDs (such as linksys). By guessing the name of a network that target machines are normally configured to connect to a hacker could (at least in theory) gain access to data on a laptop or introduce malicious code. The scenario is plausible. But like the 'evil twins' risk of earlier this year this is probably a well understood risk given a catchy moniker, backed by an energetic marketing campaign. Nicholas Miller, chief exec of Cirond Corporation, and the man who coined the term WiPhishing, was unable to cite incidents of any actual WiPhishing attacks. Nonetheless he maintained WiPhishing posed a greater threat then war driving. Instead of hackers with laptops trying to break into wireless networks with WiPhishing you have hackers with networks trying to break into wireless networks. He said that even companies with wired networks were at risk from the attack if the wireless access functions of corporate laptops happened to be left on. By hijacking the legitimate connection to a traditional wired computer network, hackers might be able to exploit the soft underbelly of corporate networks and launch even more invasive attacks. Cirond held a press conference at the wireless LAN event in London today in order to discuss WiPhishing and discuss its enterprise tools to control how and when wireless technology is used by employees (AirSafe Enterprise) and its wireless intrusion detection appliance (AirPatrol Enterprise). _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Apr 22 2005 - 03:00:21 PDT