It seems to me that part of the problem should be kicked back to the wi-fi providers. An analogy, part of the reason for a logon warning banner is to identify your systems legal restrictions and rules of access. It has been successfully argued in court that if the system provider did not put up a warning banner, they had no legal recourse. Especially if, as many default banners used to be, the banner as "WELCOME". Arguably, an unsecured AP is a "WELCOME". Especially with the advent of XP laptops that can automajically scan for available AP?s and connect. For the individual grabbing his e-mail, access was laid on his doorstep.

If wi-fi providers want to limit access to their customers only, they should be required to take steps to do that. It?s a due diligence issue. Which, BTW, has also been successfully argued in court. Some would say that wi-fi is un-securable. This may be true for those who are technically proficient enough to break the current schemes. However, you don?t need technical proficiency if no security mechanisms are in place. I know of at least one wi-fi provider that installs AP?s in apartment complexes with no security mechanisms enabled. This puts all of the users at risk and could potentially cause their network to be an initiation point for many different types of nefarious activities.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9606/28682#28682