'Evil Twin' Threat to Wireless Security

Posted by michael on Thursday January 20, 2005 @01:48AM from the lives-in-the-attic-and-eats-fish-heads dept.

BarryNorton writes "The BBC are currently reporting on research from Cranfield University on the ability of unscrupulous third parties to spoof wireless networking clients into believing they are connected to a 'valid base station' and compromising their passwords for Internet banking etc. Of course the rest of the connection through the Internet, even from a trusted router, is insecure in any case and such sites should be using end-to-end security like SSL. Is there, therefore, anything (other than the cute name 'evil twin') to this story?"

1 of 222 comments (clear)

Min score:

Reason:

Sort:

Re:Yes by scovetta · 2005-01-20 01:57 · Score: 1, Flamebait

How often do you look at the name in the SSL certificate for each page that you're on? Do you regularly review your CA trust configuration? SSL is *very* susceptible to MITM attacks. Are you also using a local DNS server or are you asking the router for the IP of "www.capital1.com"? Are you at least resolving the IP independently and verifying?

Anyone who thinks SSL is secure needs to get their learn-on.

--
Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche