Latest software headlines from Network World:
Zoho launches e-mail app with offline, mobile access
Opera promises faster surfing with new browser
Newsstand and News Now for iPhone
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
One scenario
Great article, but the fear is larger than simply clear text passwords and sniffing. I linked to your article and sent this out to some friends and co-workers: I haven't heard of this one yet, but the simplicty of this is brilliant.
So you have a wireless AP that your laptop is now fully dependant on for IP services. What would a cracker do next? Well he/she has several options, not limited to straight sniffing of 'clear-text' packets as the article explains. This could be much more severe...
Here is a scenario that I just thought up:
Cracker visits local banking sites, and downloads all of their login webpages, caching them locally on his laptop. Cracker then updates a locally hosted DNS server to map major banking sites to his login page. You enter your banking information. Cracker grabs your pin and bank card number, then forwards you to a "service unavailable" page..
You assume banking is down, the cracker assumes your banking identity.
Could be applied to any frequent site, but banking is one of the more damaging.