Airport insecure

Posted by: iraszl

Airport insecure - 11/09/02 12:53 AM

Quoting from Macworld:<br>"Say you're in a coffee shop with Airport wireless access to the Internet. You use a Powerbook to check your email, upload a few files to a web server, read some web pages, and then put the machine to sleep. That's when you notice someone looking at your laptop with a suspicious gleam in his eye, so decide to leave.<br><br>Next time you use a laptop, there's a text file you didn't create on the OSX desktop: it's a friendly note from that guy in the coffee shop - and it contains your email and ftp user names and passwords, along with a list of the URLs you surfed while sipping.<br><br><br><br>Airport commonly known as outside the mac community as WiFi (or more technically IEEE 802.11b), sends data back and forth without securing the connection between a wireless client and an Airport base station or similar hub.<br><br>User names and passwords for email accouts, FTP servers, and insecure Web sites are transmitted as plain text, so any other user on the same wireless network detect this information, along with the plain text of any email message you send or receive, and any file you transmit or download.<br><br>Airport's built-in encryption system doesn't protect Macs from other users on the same network, and the encryption itself has major flaws. When you use public wireless networks such as Wayport, Surf and Sip, or T-Mobile in airports, hotels and coffee shops (mainly in the US, currently), the built-in encryption doesn't even come into play: your data is always unencoded."<br><br>http://raszl.net
Posted by: MacGizmo

Re: Airport insecure - 11/09/02 08:43 AM

This is nothing new... these issues were known immediately upon Airport's release.<br><br>However, these "security issues" are hardly an issue for most people. First off, a hacker is probably not going to hang out at airports in the hopes of intercepting *anything* of any value beyond the password to your favorite new site! Not to mention, even if they could figure out what your airport password was, they would also have to get your file sharing username and password (of course you would also have to have filesharing turned on)... <br><br>My point is... the security risk is there, however the hackers usually aren't.<br><br>[color:red] Kiss My Banana!</font color=red><br>Visit me here!
Posted by: hayesk

Re: Airport insecure - 11/09/02 12:25 PM

That's right. Besides, File Sharing passwords are encrypted themselves. However, if you are checking your email in a coffee shop and you aren't using SSL, there is a chance that someone could snoop your passwords.<br><br>Anyway, yeah, the hackers are sitting outside of corporate offices trying to access their networks - there's much more valuable information there.<br><br>