[JEB]

I just posted this question to my user's group relating to a Computerworld article (bottom). Wondering . . . anyone up for some discussion for the 'board . . . ?
Macworld, is this a topic that's been covered, about "free network" wi-fi scams?
TIA; I'm trying to learn a little more about this . . .
& Cheers,
--JEB
========
Interesting . . . not much discussion about OSX vulnerability in the comment pages (a basic "we all should be careful" was of notable mention). The question is, what would it take for someone to have access to my iBook -- I typically have filesharing, websharing turned off etc . . . but, would joining a network via a false wifi network that is based on a PC (like the situation below) = possible for them to decode any stuff of mine (from a Mac)?
By the way, the term "MAC" and "mac" from the article, don't mean "Mac" as in, Apple Macintosh.
I did find a pretty interesting comment (from pg. 9); someone toying with some hackers:
Charlotte, NC Airport
Submitted by Geek Traveller on January 26, 2007 - 14:31.
Just a couple of weeeks ago, I was travelling thru Charlotte's airport. The legit wifi network was seemingly unavailable (the service counter folks said their IT staff had reset it a dozen times that day, to no avail, and was waiting on the vendor), so I fired up ye olde network detector and saw an Ad Hoc named "FreeWiFi".
After a few minutes of setting up ethereal to snag all the traffic and hand-rolling a few packets, I started sending out simple network probes to names laong the lines of 'whywouldsomeonebedumbenoughtouse.freewifi' and various versions of this. By snagging the MAC addy of the Ad Hoc host and a quick nmap, it was pretty easy to dtermine it was a Dell Laptop running XP w/ a software firewall running and some custom apps. Suddenly, off the network it goes, no more freewifi SSID.

Change out my mac and change the behavior of my firewall rules to abfuscate my signature, scan again, and hey look, another SSID, this time 'AIRPORT WIFI'. Same MAC, same signature. This time the probes were a little more demanding, namely: 'yourdellhacktopisoncamera.airportwifi'.
Blammo, this time it folds up shop in seconds. Went to the airport service counter, advised them that I expected their WiFi would be working again if they'd reset it. Sure enough, about 5 minutes later everyone in the terminal where I was at was happily surfing again, making me think the airport WAPs had just been the victim of a simple disabling attack so people would tend to search for new networks, and use the Ad Hoc. Sad, sad state of affairs, and I wonder how many people tried to POP their email or some other unprotected form of communication during that period...




On Feb 1, 2007, at 10:34 AM, Lisa Henderson wrote:
Hi, All!
I haven't seen mention of this problem elsewhere, and thought it wise to be cautious. Any experience with this, anyone? I don't want to scare folks, but I know that knowledge is power! Thanks for all the great solutions to problems I've read here. I have learned so much!
Lisa
DON'T FALL VICTIM TO THE 'FREE WI-FI' SCAM
By Preston Gralla
Computerworld
January 19, 2007
http://www.computerw...ticleBasic&arti
cleId=9008399&source=NLTNET&nlid=27
[Visit the link above to see the graphics referred to in this article. --Lisa]
The next time you're at an airport looking for a wireless hot spot, and you
see one called "Free Wi-Fi" or a similar name, beware -- you may end up
being victimized by the latest hot-spot scam hitting airports across the
country.
You could end up being the target of a "man in the middle" attack, in which
a hacker is able to steal the information you send over the Internet,
including usernames and passwords. And you could also have your files and
identity stolen, end up with a spyware-infested PC and have your PC turned
into a spam-spewing zombie. The attack could even leave your laptop open to
hackers every time you turn it on, by allowing anyone to connect to it
without your knowledge.
If you're a Windows Vista user, you're especially susceptible to this attack
because of the difficulty in identifying it when using Vista. In this
article, you'll learn how the attack works and how to keep yourself safe
from it if you use Windows XP or Vista.
How the attack works
First, let's take a look at how the attack works. You go to an airport or
other hot spot and fire up your PC, hoping to find a free hot spot. You see
one that calls itself "Free Wi-Fi" or a similar name. You connect. Bingo --
you've been had!
The problem is that it's not really a hot spot. Instead, it's an ad hoc,
peer-to-peer network, possibly set up as a trap by someone with a laptop
nearby. You can use the Internet, because the attacker has set up his PC to
let you browse the Internet via his connection. But because you're using his
connection, all your traffic goes through his PC, so he can see everything
you do online, including all the usernames and passwords you enter for
financial and other Web sites.
In addition, because you've directly connected to the attack PC on a
peer-to-peer basis, if you've set up your PC to allow file sharing, the
attacker can have complete run of your PC, stealing files and data and
planting malware on it.
You can't actually see any of this happening, so you'd be none the wiser.
The hacker steals what he wants to or plants malware, such as zombie
software, then leaves, and you have no way of tracking him down.
All that is bad enough, but it might not be the end of the attack. Depending
on how you've connected to that ad hoc network, the next time you turn on
your PC, it may automatically broadcast the new "Free Wi-Fi" network ID to
the world, and anyone nearby can connect to it in ad hoc peer-to-peer mode
without your knowledge -- and can do damage if you've allowed file sharing.
While some of these ad hoc networks advertising themselves as available for
connection may be attributable to Windows behavior that the PC's user is
unaware of, wireless ad hoc attacks may be more common that you think.
Security company Authentium Inc. has found dozens of ad hoc networks in
Atlanta's airport, New York's LaGuardia, the West Palm Beach, Fla., airport
and Chicago's O'Hare. Internet users have reported finding them at LAX
airport in Los Angeles.
Authentium did an in-depth survey of the ad hoc networks found at O'Hare,
visiting on three different occasions. It found more than 20 ad hoc networks
each time, with 80% of them advertising free Wi-Fi access. The company also
found that many of the networks were displaying fake or misleading MAC
addresses, a clear sign that they were bent on mischief.
"You connect to one of these networks at your own peril," says Corey
O'Donnell, vice president of marketing at Authentium. "And you would have no
way of tracking down how you were attacked, because you would have thought
you were at an ordinary hot spot connection. Enterprises are also at risk,
because if someone uses a corporate laptop to connect to one of these
networks and gets infected, when he plugs back in to the enterprise network,
the whole network is put at risk."
How to protect yourself in Windows XP
Protecting yourself against these kinds of attacks is quite easy: Never
connect to an ad hoc network unless someone you know has set one up and
specifically asks you to connect. So no matter where you are, if you see an
ad hoc network, don't connect, no matter the name of the network.
Be aware that someone can name an ad hoc network anything they want, so they
can even duplicate the name of a legitimate network. For example, if you're
at an airport, and the name of the airport's free hot spot is AirNet,
someone can set up an ad hoc network with that exact same name. You'd see
two networks called AirNet, one being the legitimate one and the other being
the scam ad hoc network.
In Windows XP, it's easy to differentiate between an ad hoc network and a
normal Wi-Fi network (Microsoft calls connecting to a hot spot or access
point being in "infrastructure mode"). In Windows XP, in order to connect to
a wireless network, you click the wireless network icon in the system tray,
and the "Choose a wireless network" connection screen appears. You'll see a
list of all nearby wireless networks.
As you can see in the nearby figure, each network includes a name and a
description. Look at the description. If it's an ad hoc network, it will be
called a "computer-to-computer" network; normal wireless networks are simply
called wireless networks. In the figure, the "Free Airport WiFi" network is
an ad hoc network. You should stay away from it.
Windows XP displays the details of every nearby wireless network, including
whether it's an ad hoc network. In this screen, the Free Airport WiFi
network is an ad hoc network.
There are other steps you can take to make sure you don't accidentally
connect to an ad hoc network created by a scamster. For example, you can
make sure that XP never connects to an ad hoc network. To do it:
1. Click the wireless icon in the System Tray.
2. Click "Change advanced settings."
3. Select the Wireless Networks tab.
4. Click "Advanced."
5. On the screen that appears (pictured in the nearby figure), select
"Access point (infrastructure) networks only."
6. Click Close, and keep clicking OK until the dialog boxes disappear.
Note: If a wireless icon isn't displayed in your System Tray, you can get to
your wireless connection by clicking on Start, going to Settings, then
Control Panel and then Network Connections. Then double-click on the
wireless connection icon to bring up the panel that displays the "Change
advanced settings" link. An alternate path on some systems might be Start
--> Control Panel --> Network and Internet Connections --> Network
Connections, then double-click on the wireless network connection icon.
This screen lets you tell your PC never to connect to ad hoc networks.
When you're at the "Advanced" screen, you should also make sure the box next
to "Automatically connect to non-preferred networks" is not checked. If that
box is checked, your PC will connect to any nearby wireless network, without
alerting you, which is a serious security risk.
It's also a good idea when you're on the Wireless Networks tab to look at
all the wireless networks listed in the Preferred networks area (shown in
the nearby figure). These are networks that at one time or another you've
connected to. Highlight any that you are not absolutely sure are secure,
then click Remove. That way, your PC won't attempt to connect to them.
Remove any unfamiliar networks from the Preferred networks list
There's more you should do as well. You should also configure your remaining
preferred networks so that you don't connect to them automatically. Why do
that? Let's say your home network uses the default name it shipped with ---
for example, Linksys for a Linksys network. A scamster can create an ad hoc
network called Linksys, and then anyone nearby who has Linksys listed as a
preferred network will automatically connect to that ad hoc network.
So in the Preferred networks area, highlight each network, select
Properties, then click the connection tab, shown in the nearby figure.
Uncheck the box next to "Connect when this network is within range" and keep
clicking OK until the dialog boxes close.
Make sure to tell your PC not to make any automatic connections to wireless
networks.
Keeping safe in Windows Vista
Microsoft spent a considerable amount of effort making Windows Vista more
secure than Windows XP, but when it comes to wireless networking, you're
more at risk in Windows Vista from an ad hoc attack than you were in Windows
XP. That's because in Windows Vista, it's not as easy to distinguish an ad
hoc network from a normal Wi-Fi network as it is in Windows XP. However,
once you know the trick, it's easy to do.
In Windows Vista, you connect to a wireless network by first clicking the
network icon in the System Tray, then selecting "Connect or disconnect." The
"Connect to a Network" screen shows up, with a list of nearby wireless
networks. You see the name of each and whether the network is encrypted or
not; to get more details about any, hover your mouse over it, as shown in
the nearby figure. But those details don't include whether the network is a
true hot spot or an ad hoc network.
Before you connect to a new wireless network, the only way to tell the
difference between an ad hoc network and one in infrastructure mode is to
look at the network icon next to it on the "Connect to a Network" screen. As
you can see in the nearby figure, the icon for a normal Wi-Fi network is one
computer, while the icon for an ad hoc network instead is several computers.
That's it; there's no other way to distinguish between the two.
The only way to distinguish between ad hoc and normal wireless hot spots is
to look at the network icon on this screen. An ad hoc network's icon is made
up of several PCs; a normal network is made up of one PC.
Here's another oddity: If you right-click the list of available networks, on
the menu that appears, some of them have a Properties menu item and others
don't. Only those networks that you've previously visited and saved to your
network list will have the Properties menu item. If you choose Properties,
select the Connection tab and look next to Network Type, you'll see whether
it's an ad hoc network or an access point (a normal hot spot).
But if you haven't yet connected to the network (or if you have connected
previously but haven't saved it), it won't have the Properties menu item. So
you can't use that method of distinguishing between ad hoc and normal Wi-Fi
networks when you're looking for a hot spot on the road.
Other steps you can take
There are other steps you can take to keep yourself safe, including turning
off file sharing and running your company's VPN when at a hot spot. You can
also pay to use a VPN such as HotSpotVPN. For details and many other tips
for keeping yourself safe, see "How to protect yourself at wireless hot
spots".
In addition, Authentium is working with financial institutions to create a
product called VirtualATM, which will help protect you when you connect to a
financial institution. It's expected to be released later this year.
..............
Preston Gralla is a contributing editor for Computerworld.com, and the
author of more than 35 books, including How the Internet Works.
------------

Support Our List Sponsors!
Davis Mac Works - Macintosh Support and Service
<http://dcn238-155.dcn.davis.ca.us/~medic/>
Davis Community Network - Internet Service Provider and More!
<http://www.dcn.davis.ca.us>
/forums/ubbthreads/images/graemlins/cool.gif /forums/ubbthreads/images/graemlins/cool.gif /forums/ubbthreads/images/graemlins/cool.gif