After reading the thread Evil Twins... http://www.antionline.com/showthread...hreadid=265466 I started a reply but reconsidered and posted it here.
:confused: WHY ??? :confused:Quote:
Originally posted here by zencoder
... Would you go check your email, do some online banking, and log in to several web site accounts if you were at a huge lan party? Then why do it when connected to a public access point? ...
True story:
I went to a convention within the past year ( not a tech convention ) which was geared for people in the field of “ Education”. On the floor were exhibits of all kinds pushing architectural services, engineering services, managerial services, professional services, construction and building materials , and yes, computer hardware, software, services, etc. ( you get the idea ).
Anyway, A couple of major computer vendors ( won't say the names ) sponsored free “cyber cafes “ for those attending the convention, some machines were hardwired, some were wireless, and they provided access points for attendees to utilize. ( see where this is going? )
I've attended many conventions, and this one for several years and kind-of-knew what to expect as I stood there with my fresh hot cup of coffee trying to shake off the night before. I watched in awe as one after the other logged on to the hard-wired machines, did their business, and left without so much as simply clearing the cache. ( the clicking on “ save password” though made me spit my coffee ).
Now I usually look forward to going to these things just to bust some balls of vendors ( like the vendor who was offering a service utilizing software I reviewed the year before, the same software that they said could not compete with their's at the time ... now swearing up and down that the new software was better, safer, and utilized SSL2 encryption ( it did, if they knew how to configure it ) on the web-based client-server. Just happened a friend of mine showed up that day, an IT guy, and BTW a client of that company, and we looked in amazement at the IE browser, connected “live” to their server, actively servicing clients, as he discussed migration to their new system; NO ENCRYPTION! )
Anyway, back to the story. What do you think my friend and I found at the end of the hall? A company selling software ( $3000+ US ) to sniff “ your” wireless network for rouge connections and APs. ( Really nice software, appeared to combine a lot of open source stuff into a neat, easy package. But it was a little too pricey for me )
What do you think we saw during a personal demonstration? All those wireless connections in the hall ( even from the Apple booth ) all captured for review, almost all unencrypted! ( the software in question can also determine what type of encryption is used, if any. No I don't recall off-hand the name of the company. )
And here's the kicker. Me being me casually talked to numerous people who came out of the cafes and they all felt that it didn't matter, they knew about security problems, but they had nothing anyone would want anyway. And besides, this a a professional gathering, they trust each other.
Dare I say what these people were doing on line? EVERYTHING!
