[olug] Slightly OT: "Evil Twins" In Wireless Networking
Don Kauffman
dekauff at cox.net
Sat Jan 22 16:37:24 UTC 2005
There's been some discussion about wireless networks here. I saw this
article on line and thought it might provoke some discussion and
solutions. I personally don't have any wireless connections but know
there are those that do.
Basically they point out that when you connect to a WAP, there is no way
to verify that you've connected to a legitimate access point. What some
shady people have taken to doing is providing an "evil twin" WAP which
allows them to steal all the information that one sends or downloads,
including passwords, banking information, credit cards. They suggest not
using the wireless network for sensitive information. As far as I'm
concerned that takes away a lot of the utility that one gains from
having wireless networking capability.
http://www.ebcvg.com/articles.php?id=530
To get started, my questions are:
1> Is this a legitimate threat? Locally? Broader scale?
2> If so, then are there ways to build more security into the wireless
networks? How would one detect a fraudulent WAP?
3> What might be done in the meantime to minimize the risk?
I'm curious to know how OLUGger's see this.
Don Kauffman
--
"Life may not be the party we hoped for... but while we are here we
might as well dance."
More information about the OLUG
mailing list