Beware of spoofed Wi-Fi access points in public places, scamming users and harvesting passwords, the so called “evil twin”.That's the term for a Wi-Fi access point that appears to be a legitimate one offered on premises such as airports, railway stations and hotels, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers, with the aim of stealing credit card information and data.
Unfortunately, experts say there is little consumers can do to protect themselves, but enterprises may be in better shape.
A rogue Wi-Fi connection can be set up on a laptop with a bit of simple programming and a special USB thumb drive that acts as an access point. The access points are hard to trace, since they can suddenly be shut off, and are easy to build.
Corporate users can protect themselves by using VPN (virtual private network) when logging into company servers, but consumers are at a particular disadvantage, since they are likely not using VPN and will access free Web e-mail applications that could send passwords in clear text.
More at:
“Evil twin” wi-fi hotspots are one of many issues addressed on the IT and Information Security Management session on Security Management Stage 1 (19 – 30 November 2007). The workshop, which takes place on Thursday 22nd November, is also available as a one-day seminar. Contact Janet for information on how to book a place.
