by RSS Darren Turnbull  |  Mar 12, 2009  |  Filed in: Security Research

I am sure if you have kids you will recognize this issue. Their friends come round, clutching laptops; we live in a modern age. Of course these friends just absolutely need to get online. That WPA2/TKIP solution and MAC filtering you just had to have is causing problems so "click, click, click" it's now WEP128 and you put the SSID and key on the fridge. Now everyone can be online, and they can leave you alone. Sometimes this security stuff can just get in the way of watching a good movie.

Let's fast forward: you're an important guy, you're sat at an airport and your flight has been called, but you just have to get that last email sent, maybe download a few to read through on the flight. You look for an access point for free wifi. You think, "Well maybe 'airport access' that must be the one." You quickly enter all your credit card details. Speed -- that is what is important. You haven't the time for security you need to meet that deadline. It's met, phew, you relax.

You just gave your credit card details, home address and inside leg measurement to a $30 access point at an airport in clear text. Still relaxed?

You made a VPN connection to send that email right and it all worked. Relax.

But your personal email client was open, just a POP3, not so important, until you remember you successfully managed to get all your passwords synchronized only last week. Still relaxed?

But that was the airport wifi network. You trust those guys, they'll be too busy to want to look for some stray email passwords and credit card details, why would they? That was the airport wifi wasn't it? Why would someone go to the trouble of building their own wifi access network at an airport? It's hard enough when you have the SSID on the fridge. Why indeed.

And to think "Capricorn One" was only a film.

by RSS Darren Turnbull  |  Mar 12, 2009  |  Filed in: Security Research