Wifi Security

• Previous message (by thread): Wifi Security
• Next message (by thread): Wifi Security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:

> So my question is pretty simple. You have all these major companies  
> such
> as google/earthlink/sprint/etc. building wifi networks. Lets say I  
> want
> to collect peoples information so I setup an AP with the same ssid as
> google's ap so people connect to it and I log all of their traffic.  
> Most
> people won't check beyond the ssid to look at the mac address but even
> that could be spoofed. Is there anyway to verify a certain ap beyond
> mac/ssid, will there be in the future? How do these companies plan to
> mitigate this threat or are they just going to hope consumers are  
> smart
> enough to figure it out?

Why would you even need to set up an AP?  Why not just sit and sniff  
traffic?  Gets you the _exact_ same information.

And why worry about Google, etc., when Starbucks and airports have  
been doing this for _years_?

Lastly, most consumers are smart enough to know to use encryption  
(the little pad-lock in their browser).  Some aren't.  Changing the  
WiFi architecture is not going to save those who aren't.

-- 
TTFN,
patrick

• Previous message (by thread): Wifi Security
• Next message (by thread): Wifi Security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]