Lincoln Stein Calls for More Internet Encryption Due to Increased Wireless Use
Lincoln Stein wrote an article in New Architect Magazine that discusses the information he was able to intercept while connected to a WiFi network at LaGuardia Airport in New York. He discussed this to illustrate the fact that wireless networks are often easy to tap into and yield a wealth of unencrypted information to anyone:
...I decided to do a little security research. I popped up my favorite network sniffing tool, the tcpdump application that's found on all Unix systems. A few seconds later, I was listening in on all of the wireless traffic in the Admiral's Club network....One {user} was actively reading his email using POP. I intercepted his incoming and outgoing messages, and because POP sends passwords in the clear, I also captured his login username and password. The second user wasn't using the Web actively, but his laptop was checking his office every five minutes for new mail. I soon had his login information as well.The third user was browsing the Web. I could see the address and content of each of the Web pages he accessed, along with all of his cookies and the contents of the online forms he submitted. Occasionally, he connected to a secure site using SSL, and then all I saw was encrypted gibberish. Well, at least someone was doing their job.
It's hard to imagine a better illustration of why more encrypted internet services need to be deployed. If the people who were accessing their email in this situation happen to work at companies where single sign on security systems exist, their unencrypted passwords might be the gateway to dozens and dozens of web-accessible applications. This is just what people involved in corporate espionage are looking for.