Monday, 11 October 2010

My Recent Wardrive

Following my report on my Wardrives around Bristol, Cardiff, London, Birmingham and Manchester I came to an interesting – and frightening – conclusion. And there were two points to this conclusion: firstly people rely on WEP or its derivatives far too much, and secondly the great misconception that people have about hotspots being secure.

To my first point then...WEP encryption is not the security measure people think it is. Most do not know that cracking the encryption can be ridiculously easy; all you need is a gadget, some free software, wi-fi and a little patience. From there it’s just a matter of capturing users’ data – their username, password and details of the website they’re accessing.

And regarding the second point – with users’ assuming they’ll be secure when using a hotspot I’m afraid they could have a nasty surprise one day. A lot of hotspots have said encryption above and as well as cracking that encryption, there are other ways to ‘snoop’ on what people are doing – again enabling the criminal to capture their usernames and passwords.

Also, do you notice that I keep mentioning that in each case above it’s the hotspot user who is the one losing their identities? While the proliferation of free wi-fi, hotspots and criminals will not be letting up any time soon, there is one thing people can do to protect themselves – and the applications they access: and that is to have better password protection. For the user it could be a longer, stronger password and for businesses who want to protect their digital assets, it could be equipping your employees with two-factor authentication.


Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan