Security Now

Oct 20th 2005

Security Now 10

Wireless Access Points

I've posted Security Now! Episode 10.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
In this episode we discuss security concerns with wireless access points.

First, we revisit last week's podcast on rootkits. After doing the show we tested RootkitRevealer on a number of machines and discovered numerous false positives. For example, Norton's Protected Trashcan uses rootkit technology to hide files from other programs. Kaspersky Anti-Virus also shows up as a rootkit. Neither are security risks.

Now on to wireless access points. Leo used NetStumber to look at unprotected systems in his small town. Two-thirds were open, whether intentionally or not. If you're a home user turn on WPA encryption to protect yourself from snoops and block attempts to hack your system.

If you're using an open access point at a coffee shop, hotel, airport, and so on, you are at risk. If you're using SSL for email, or logging into a secure server (like your bank or's store) you're data, including the form, is protected. Otherwise, your data is visible. Anyone using a packet sniffer like Ethereal can see your data. Protect yourself by using your corporate VPN to encrypt your session, or subscribe to a VPN service like Anonymizer,, or An SSL-based service will pose fewer configuration and firewall issues than a VPN using IPSEC or PPTP.