Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] WiPhishing hack risk warning

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] WiPhishing hack risk warning
Date: Thu, 21 Apr 2005 00:36:21 -0500 (CDT) 
http://www.theregister.co.uk/2005/04/20/wiphishing/

[Since changing the default SSID from Linksys to (202) 323-3205, it
seems the number of malicious wardrivers and hotspot hackers prowling
around has gone down significantly in my part of town.  =)   - WK]


By John Leyden
20th April 2005

You've heard of war driving and phishing but now there's yet another
reason to wear a tin-foil hat every time you surf the net.  
"WiPhishing" (pronounced why phishing) involves covertly setting up a
wireless enabled laptop or access point in order to get
wireless-enabled laptops to associate with it as a prelude to hacking
attacks.

An estimated one in five access points use default SSIDs (such as
linksys). By guessing the name of a network that target machines are
normally configured to connect to a hacker could (at least in theory)  
gain access to data on a laptop or introduce malicious code.

The scenario is plausible. But like the 'evil twins' risk of earlier
this year this is probably a well understood risk given a catchy
moniker, backed by an energetic marketing campaign.

Nicholas Miller, chief exec of Cirond Corporation, and the man who
coined the term WiPhishing, was unable to cite incidents of any actual
WiPhishing attacks. Nonetheless he maintained WiPhishing posed a
greater threat then war driving. Instead of hackers with laptops
trying to break into wireless networks with WiPhishing you have
hackers with networks trying to break into wireless networks.

He said that even companies with wired networks were at risk from the
attack if the wireless access functions of corporate laptops happened
to be left on. By hijacking the legitimate connection to a traditional
wired computer network, hackers might be able to exploit the soft
underbelly of corporate networks and launch even more invasive
attacks.

Cirond held a press conference at the wireless LAN event in London
today in order to discuss WiPhishing and discuss its enterprise tools
to control how and when wireless technology is used by employees
(AirSafe Enterprise) and its wireless intrusion detection appliance
(AirPatrol Enterprise).



_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] WiPhishing hack risk warning, InfoSec News <=
Previous by Date:  [ISN] Researchers Propose Early Warning System for Worms, InfoSec News
Next by Date:  [ISN] Ameritrade warns clients about potential data breach, InfoSec News
Previous by Thread:  [ISN] Researchers Propose Early Warning System for Worms, InfoSec News
Next by Thread:  [ISN] Ameritrade warns clients about potential data breach, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]