In this episode we discuss security concerns with wireless access points.
First, we revisit last week's podcast on rootkits. After doing the show we tested RootkitRevealer on a number of machines and discovered numerous false positives. For example, Norton's Protected Trashcan uses rootkit technology to hide files from other programs. Kaspersky Anti-Virus also shows up as a rootkit. Neither are security risks.
Now on to wireless access points. Leo used NetStumber to look at unprotected systems in his small town. Two-thirds were open, whether intentionally or not. If you're a home user turn on WPA encryption to protect yourself from snoops and block attempts to hack your system.
If you're using an open access point at a coffee shop, hotel, airport, and so on, you are at risk. If you're using SSL for email, or logging into a secure server (like your bank or Amazon.com's store) you're data, including the form, is protected. Otherwise, your data is visible. Anyone using a packet sniffer like Ethereal can see your data. Protect yourself by using your corporate VPN to encrypt your session, or subscribe to a VPN service like Anonymizer, HotspotVPN.com, or PublicVPN.com. An SSL-based service will pose fewer configuration and firewall issues than a VPN using IPSEC or PPTP.