Several months ago, I was going to Chicago via Oklahoma by car. On the Turnpike, there is a McDonalds with pay-per-day wireless access. It never occurred to me that I could have potentially given my credit card number to an "Evil Twin".
He also demonstrated a growing concern called "evil twins" — fake wireless hot spots that look like the real thing.
For example, he said, a hacker could be sitting around the corner sending out a wireless signal. It may look like a legitimate one, even offering people a chance to sign up for service. But if you log on, the hacker then would have complete access to your machine.
It's not just about somebody having basic access to your laptop. That's one problem. However, a good firewall will prevent outside intrusion unless the hacker's skill is above average. Even then, products like ZoneAlarm are great at locking down your PC from outsiders. But think about this: what if the hacker doesn't care about what's on your laptop as much as what you are doing online? Did you access your bank account online? Are you sure the username and password you entered to your bank was actually on the bank's Web site?
How about email? All email can be intercepted. Did you send out something with sensitive company information? Or did you email something sensitive to your family like a credit card number, the PIN to your garage door keypad, or your flight schedule?
Did you do work for your company? Did you access a company server from the hotspot? If you used FTP or Telnet, your password was sent in plain text for anybody to see. If you accessed a company server, you may have given a hacker access to your company.
Think about this: if your password was intercepted, is it the same password you use for everything? So now a clever hacker can make some assumptions and pretty much have your full identity after accessing your bank accounts using that password.
The Evil Twin hotspot is a real danger today and a greater security danger in the future. I can imagine an Evil Twin that not only emulates a Starbucks hotspot interface to capture your credit card, but it also emulates the interface to major bank Web sites. You may think you're logging on to Wells Fargo, but it isn't. You enter your information, and it captures it and then passes you along to the legitimate bank site. I can envision these Evil Twins scanning all email for information–not just passwords, but patterns, URLs, IP addresses, exploits, or anything a hacker can use to pretend to be you online.
Remember, if it's wireless, it's not secure. If it's public and wireless, it's even less secure.
Popularity: 1% [?]
Long Way From Home by The Heavy