Attacks/Breaches
8/29/2006
09:30 AM
50%
50%

Authentium Warns

Authentium issued a warning against trusting free wireless access points located in airports and other public places

WEST PALM BEACH, Fla. -- Authentium, the leading developer of security software-as-a-service technologies, today issued a warning against trusting free wireless access points located in airports and other public places. The company said that public wireless networks are ripe for exploitation by hackers who may set up fake “free” WiFi hotspots in public places that could potentially be used to steal sensitive data, such as online banking passwords or personal information.

In a recent test at Chicago’s O’Hare airport, the most-trafficked airport in the US, Authentium engineers discovered that more than 90% of the wireless networks available within the passenger terminals were actually ad-hoc (i.e. computer to computer) connections – and more than 80% of these devices were advertising “free” WiFi access. On the day of testing, only one in ten of the advertised “free” wireless access points connected with O’Hare’s official wireless access hub. Many of the suspect devices registered as access points also displayed fake or misleading MAC addresses.

”Windows XP automatically prompts the user to accept or decline connections to available wireless networks. Naturally, most users will choose to connect to the “FREE WiFi” access point, which may in fact be a quick path to fraud.” said Ray Dickenson, Authentium’s Senior Vice-President of Products. “To make matters worse, the SSID’s (network names) of wireless networks you’ve joined before are saved on your system; your PC will automatically log on to any network with a saved name. It’s clear that Wifi environments in public places are increasingly vulnerable to exploitation by criminals and their malicious software tools; this vulnerability extends even to users who are not connecting to the networks but are simply using their laptops in the area,” he added.

Authentium Inc.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0656
Published: 2015-03-03
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.