What they found was that users checking their e-mail through unencrypted POP connections vastly outnumbered those using a VPN or another encrypted tunnel. Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day. (The company says it counted all VPN or tunneled traffic as e-mail).
That means the other 88% could easily be intercepted by eavesdroppers using commonly-available tools, compromising both the e-mail and the user's passwords.
Additionally, 84 out of the 523 users monitored were configured to allow ad hoc networking, and 74 were configured to automatically connect to the access point with the strongest signal strength -- a default mode that could leave a laptop prey to a rogue access point.
This is very worrying. People need to understand the risks they run when they don't encryptusing wireless networks, esepcially if it takes off. We have had some instances of malicous use of wireless networks for bandwidth theft (i.e. leaching off of someone else's broadband connection) and I expect it is relatively easy to access their PCs etc as most access points are configured for networking rather than simply connection sharing.
I hope the new wireless encruption protocols are secure and perhaps more importnaly easy to use for unexperienced consumers than the current batch.
It is certainly a concern for any services I am involved in developing.
Posted by Paul Goodison at July 4, 2003 11:19 AM | TrackBack