[olug] Slightly OT: "Evil Twins" In Wireless Networking

Terry td3201 at gmail.com
Sat Jan 22 19:00:28 UTC 2005


Interesting article.  When one sends banking information across the
wire (or air in this point, a certificate is in place or should be in
place to encrypt this traffic between the browser and the server.  I
feel that if I am not sending the information across a secured channel
(outside of the wireless "security") then I should be able to
broadcast the information.   The Internet and wireless networks and
more or less public domain and should be treated as such with regards
to the information that traverses them unless there is strong
encryption place.

On Sat, 22 Jan 2005 10:37:24 -0600, Don Kauffman <dekauff at cox.net> wrote:
> There's been some discussion about wireless networks here. I saw this
> article on line and thought it might provoke some discussion and
> solutions. I personally don't have any wireless connections but know
> there are those that do.
> 
> Basically they point out that when you connect to a WAP, there is no way
> to verify that you've connected to a legitimate access point. What some
> shady people have taken to doing is providing an "evil twin" WAP which
> allows them to steal all the information that one sends or downloads,
> including passwords, banking information, credit cards. They suggest not
> using the wireless network for sensitive information. As far as I'm
> concerned that takes away a lot of the utility that one gains from
> having wireless networking capability.
> 
> http://www.ebcvg.com/articles.php?id=530
> 
> To get started, my questions are:
> 
> 1> Is this a legitimate threat? Locally? Broader scale?
> 
> 2> If so, then are there ways to build more security into the wireless
> networks? How would one detect a fraudulent WAP?
> 
> 3> What might be done in the meantime to minimize the risk?
> 
> I'm curious to know how OLUGger's see this.
> 
> Don Kauffman
> --
> "Life may not be the party we hoped for... but while we are here we
> might as well dance."
> 
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list