Dave Farber
2018-12-04 04:51:34 UTC
Subject: RE: [IP] Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
Date: December 4, 2018 13:05:08 JST
I checked the date on that article. 2018? Today arenât people using https now for anything that matters? What bank uses unencrypted credentials?
If airports are a problem â what about lightbulbs which can also sniff packets and send them to cloud services? Or your refrigerator or toy?
The real problem with these scare tactics is that they lead to barriers to connectivity that work against secure relationships between end points. You see this when you use WiFi in a plane and find there is a security certificate in the middle. You see this when you try to connect your app and find out that it doesnât work until you manually open your browser and then have to login to the access point and that login is the real security problem. Why should you trust it?
I call anything that requires you to manually login WebFi, not WiFi. Good for the web of yesteryear but not for todayâs connected devices such as a wrist device monitoring your heart. Preventing medical devices from working seems more of a threat than the one remaining bank that doesnât use encryption â itâs vaults are probably already empty.
Bob Frankston
http://Frankston.com <http://frankston.com/>
Sent: Monday, December 3, 2018 17:55
Subject: [IP] Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
-------------------------------------------Date: December 4, 2018 13:05:08 JST
I checked the date on that article. 2018? Today arenât people using https now for anything that matters? What bank uses unencrypted credentials?
If airports are a problem â what about lightbulbs which can also sniff packets and send them to cloud services? Or your refrigerator or toy?
The real problem with these scare tactics is that they lead to barriers to connectivity that work against secure relationships between end points. You see this when you use WiFi in a plane and find there is a security certificate in the middle. You see this when you try to connect your app and find out that it doesnât work until you manually open your browser and then have to login to the access point and that login is the real security problem. Why should you trust it?
I call anything that requires you to manually login WebFi, not WiFi. Good for the web of yesteryear but not for todayâs connected devices such as a wrist device monitoring your heart. Preventing medical devices from working seems more of a threat than the one remaining bank that doesnât use encryption â itâs vaults are probably already empty.
Bob Frankston
http://Frankston.com <http://frankston.com/>
Sent: Monday, December 3, 2018 17:55
Subject: [IP] Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
Date: December 4, 2018 at 7:51:34 AM GMT+9
Subject: IS: Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html <https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html>
--
living as The Truth is True
http://geoff.livejournal.com <http://geoff.livejournal.com/>
Archives <https://www.listbox.com/member/archive/247/=now> | Modify <https://www.listbox.com/member/?> Your Subscription | Unsubscribe Now <https://www.listbox.com/unsubscribe/?&&post_id=20181203175446:6C3A7540-F74E-11E8-8A79-EED03C76CEE4>Subject: IS: Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html <https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html>
You may find an evil twin out there â not your own but one that still can do great harm. That nasty double often awaits you at your airport, ready to attack when you least expect it.
Thatâs just one of the findings in a report that assesses the vulnerability of airport Wi-Fi, done not to bust the airportsâ chops,but to make airports and travelers aware of the problems they could encounter.
Of the 45 airports reviewed, the report by Coronet said, two we might use could pose a special risk: San Diego and Orange Countyâs John Wayne, which rated No. 1 and No. 2, respectively, on the âTop 10 Most Vulnerable Airports.â
Airports, said Dror Liwer, chief security officer for Coronet, a cyber-security firm, are a fertile field because thereâs a concentration of âhigh-value assets,â which include business travelers who may unwittingly open themselves up to an attack, he said.
Thatâs where the evil twin comes in. Letâs say youâre sitting in an airport lounge or maybe right outside the lounge. You see a Wi-Fi network that says, âFreeAirportWiFi.â Great, you think. Most airports do have free Wi-Fi. They may make you watch a couple of commercials (or you may pay a bit to skip those), but otherwise, the connectivity is there for you.
âI always say that in the balance between convenience and security, convenience always wins,â Liwer said.
And you lose. Because if you take the bait and log in, that evil twin posing as the airport Wi-Fi then has access to your closely held secrets.
In some cases, Liwer said, the person creating this trap may be sitting next to you, which means the signal is strong and attractive. It takes only some inexpensive equipment and know-how for a thief to succeed, and presto, youâre in the cyber-security soup.
âMost attackers ⊠are trying to get your credentials, and if they have those, they have the keys to the kingdom,â Liwer said. âIf I know your password, I own your life.â
Chilling.
It is as sinister as it sounds. Liwer said. For theives, âitâs a business,â he said. âWhat they are looking for is something that will make them money.â
What makes it worse: Youâre getting on a plane and wonât be checking your bank balance any time soon.
The sites that will do you harm are hard to detect with the naked, inexperienced eye. How do you protect yourself?
[...]Thatâs just one of the findings in a report that assesses the vulnerability of airport Wi-Fi, done not to bust the airportsâ chops,but to make airports and travelers aware of the problems they could encounter.
Of the 45 airports reviewed, the report by Coronet said, two we might use could pose a special risk: San Diego and Orange Countyâs John Wayne, which rated No. 1 and No. 2, respectively, on the âTop 10 Most Vulnerable Airports.â
Airports, said Dror Liwer, chief security officer for Coronet, a cyber-security firm, are a fertile field because thereâs a concentration of âhigh-value assets,â which include business travelers who may unwittingly open themselves up to an attack, he said.
Thatâs where the evil twin comes in. Letâs say youâre sitting in an airport lounge or maybe right outside the lounge. You see a Wi-Fi network that says, âFreeAirportWiFi.â Great, you think. Most airports do have free Wi-Fi. They may make you watch a couple of commercials (or you may pay a bit to skip those), but otherwise, the connectivity is there for you.
âI always say that in the balance between convenience and security, convenience always wins,â Liwer said.
And you lose. Because if you take the bait and log in, that evil twin posing as the airport Wi-Fi then has access to your closely held secrets.
In some cases, Liwer said, the person creating this trap may be sitting next to you, which means the signal is strong and attractive. It takes only some inexpensive equipment and know-how for a thief to succeed, and presto, youâre in the cyber-security soup.
âMost attackers ⊠are trying to get your credentials, and if they have those, they have the keys to the kingdom,â Liwer said. âIf I know your password, I own your life.â
Chilling.
It is as sinister as it sounds. Liwer said. For theives, âitâs a business,â he said. âWhat they are looking for is something that will make them money.â
What makes it worse: Youâre getting on a plane and wonât be checking your bank balance any time soon.
The sites that will do you harm are hard to detect with the naked, inexperienced eye. How do you protect yourself?
--
living as The Truth is True
http://geoff.livejournal.com <http://geoff.livejournal.com/>
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20181203235144:4A8F2ADA-F780-11E8-B27A-F7CACFE62C67
Powered by Listbox: https://www.listbox.com