I would almost certainly not have any way of detecting an Airsnarf trojan access point.

The only obvious cure for this exploit is to change the way hotspots work. Is that going to happen?

Uhm, if the ip of the site you think you're logging onto also happens to be the IP of the access point, that could be a tip off.

BTW, in one regard this is much more serious than a trojan ... know why ? No latent evidence. You start planting trojans, you're leaving footprints that could eventually be tracked back to you. Rogue AP ? You setup, you harvest, you leave with everything on your machine. Think you have to sit in a coffee shop to do it ? Think again. Think amplifier and extremely directional antenna, broadcasting your signal from the park into the Starbucks, still with a stronger signal than the Linksys in the back office.

Think you can only grab web details ? Think again. You can own all the machines if you'd like ... wha ? Yeah ! Remember, they're going to YOUR content ..... drive-by download anyone ? Script nasties ? Oh and don't forget that you could also do things like push bad certs down. I see it now ....

"The certificate the site is presenting : 'Starbucks' doesn't match the site your are browsing." Accept | Close .

Bottom line, once your MITM you can do all sorts of nasty shit, *including* trojans and beyond.

While Wi-Fi signals have been measured to travel 125 miles in non urban settings, they sure do travel a long way from building to building if the signals eminate from the upper floors of a building.

Also, it's important for anyone responsible for corporate or government Wi-Fi security projects to know that encryption, authentication and VPNs do NOT secure WLANs. In fact these protocols, along with WPA2 / 802.11i can be cracked, compromised, and circumvented.

Here is a webcast discussing the issues involved:
http://www.newburynetworks.com/events/whyencryption.php

Yeah. Frankly, if someone is that determined to harvest a bunch of random users, nothing can stop them.

Technically, sure; it is possible to set up an ultra-sensitive snooping system. In an urban environment, you might be lucky and get a range of a couple of hundred metres, but not often, and not in built-up areas with a lot of reinforced concrete. And sending your signal in is one thing; picking up a standard Centrino laptop from that distance may require considerable care and technical design.

And again, if you want things that badly, you probably don't want just a few drive-by coffee drinkers. You probably want a specific target - the CFO of a large corporation, maybe, or the systems admin chief.

To be honest, I think it would be easier to sound his fire alarm and steal his PC!

.

Coffee houses are great places to sniff and steal for credentials to various corporate networks.

Also, just sitting outside the home of the a C-level executive is a good place too - sniff away and spooof his account later.

But actually, there ARE ways to protect your wi-fi / 802.11 networks against stolen credentials and that block laptops what have been stolen and that may be used to try to access the corparate WLAN.

You do know that there is a growing black market trading and paying money for these stolen credentials? And where money is concerned, attackers get very sophisticated. And no, they won't tell you you've been hacked.

Learn more here: http://www.newburynetworks.com/events/whyencryption.php

- Why WPA2 / 802.11i encryption still leaves your wireless networks open to unauthorized access from hackers.

- How encryption standards like 802.11i or 802.11x are cracked, compromised, or circumvented.

- How to construct a hard WLAN security perimeter of any size & shape that you manage and control.

- How to distinguish between legitimate WLAN users and intruders inside or outside your department, floor, building, campus or base.

- How to administer policies to centrally integrate, manage and control network resources: for example defining content and resource availability based on an individual's "user-group" and their location on your WLAN

I suppose the problem is, people are just a lot more stupid than I realised.

Andy Spano's Westchester law proposals originally struck me as plain naive. But it seems computer users are even more naive...