« Frauds and Scams Among Internet's Biggest Moneymakers | Main | Cameron Barrett Finds Reason for His Weightloss Problems »

Lincoln Stein Calls for More Internet Encryption Due to Increased Wireless Use

Lincoln Stein wrote an article in New Architect Magazine that discusses the information he was able to intercept while connected to a WiFi network at LaGuardia Airport in New York. He discussed this to illustrate the fact that wireless networks are often easy to tap into and yield a wealth of unencrypted information to anyone:

...I decided to do a little security research. I popped up my favorite network sniffing tool, the tcpdump application that's found on all Unix systems. A few seconds later, I was listening in on all of the wireless traffic in the Admiral's Club network....One {user} was actively reading his email using POP. I intercepted his incoming and outgoing messages, and because POP sends passwords in the clear, I also captured his login username and password. The second user wasn't using the Web actively, but his laptop was checking his office every five minutes for new mail. I soon had his login information as well.

The third user was browsing the Web. I could see the address and content of each of the Web pages he accessed, along with all of his cookies and the contents of the online forms he submitted. Occasionally, he connected to a secure site using SSL, and then all I saw was encrypted gibberish. Well, at least someone was doing their job.

It's hard to imagine a better illustration of why more encrypted internet services need to be deployed. If the people who were accessing their email in this situation happen to work at companies where single sign on security systems exist, their unencrypted passwords might be the gateway to dozens and dozens of web-accessible applications. This is just what people involved in corporate espionage are looking for.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


CTDATA Venutures (CTDATA) develops Internet and Intranet applications for corporations and non profit organizations. Our services include:

  • Consulting services for Movable Type and TypePad-based publishing systems (visit our Weblog Improvement website for more information),
  • Financial services business process consulting,
  • Content management system and knowledge management system consulting,
  • Apache web server engineering and hosting,
  • MySQL, Sybase, and Microsoft SQL Server architecture and development,
  • SOAP, REST, and XML-RPC system architecture and programming, including Amazon Web Services and
  • Weblog publishing.
For more information, contact Dave Aiello by email at dave [at] daveaiello.com or call him at +1-267-352-4420.
Copyright © 1995-2010, CTDATA Ventures. All Rights Reserved.
Powered by
Movable Type 4.25