Monday, March 28, 2005
More on WiFi's "Evil Twin"...
How difficult is it to find out the SSID of an AP? Well, most of the SSID's are by default setup in a broadcast mode. Anyone with a WiFi laptop can easily pick the SSID of an AP. For the more adventureous, there are programs like AirSnort that can sniff out the SSID of an AP, even if it is not set to broadcast mode.
Take the case of an airport. Airport cannot use WEP. Otherwise, they would have to go around telling everyone who wants to connect to their wireless network, what their WEP key is. This defeats the purpose of having a WEP key in the first place. Its equivalent of telling everyone your password. They normally setup a default page, that lets you either sign-in into your account, or lets you create one (with a credit card ofcourse). Now imagine, if someone sets up a fake sign-in/sign-up page and asks users for either their login/password or their credit cards.
Can you think about a remedy to this problem? Well, let me know through the comments of this entry.
Copyright Anand Jain 2004, 2005. All rights