Security Now with Steve Gibson and Leo Laporte

Oct 20th 2005

Security Now 10

Wireless Access Points

In this episode we discuss security concerns with wireless access points.
Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
Category: Help & How To

In this episode we discuss security concerns with wireless access points.

First, we revisit last week's podcast on rootkits. After doing the show we tested RootkitRevealer on a number of machines and discovered numerous false positives. For example, Norton's Protected Trashcan uses rootkit technology to hide files from other programs. Kaspersky Anti-Virus also shows up as a rootkit. Neither are security risks.

Now on to wireless access points. Leo used NetStumber to look at unprotected systems in his small town. Two-thirds were open, whether intentionally or not. If you're a home user turn on WPA encryption to protect yourself from snoops and block attempts to hack your system.

If you're using an open access point at a coffee shop, hotel, airport, and so on, you are at risk. If you're using SSL for email, or logging into a secure server (like your bank or Amazon.com's store) you're data, including the form, is protected. Otherwise, your data is visible. Anyone using a packet sniffer like Ethereal can see your data. Protect yourself by using your corporate VPN to encrypt your session, or subscribe to a VPN service like Anonymizer, HotspotVPN.com, or PublicVPN.com. An SSL-based service will pose fewer configuration and firewall issues than a VPN using IPSEC or PPTP.