Above and beyond the deliberate use of unsecured wireless access, another can of worms is unintentional use and abuse.

An example scenario is a Windows XP notebook with wireless access card in the default configuration. This will automatically associate to any unsecured wireless network available. If that notebook is infected with a worm such as Blaster or Sasser which scans for vulnerable hosts the inadvertent user for all intents and purposes has become an attacker.

The scenario is not terribly far fetched as the first time I used a notebook during the commute to work I associated with several wireless access points, two of which were clearly identifiable as otherwise reputable firms.

This kind of a scenario strongly illustrates the need for wifi users and providers to be educated, and also the need for vendors to be more responsible with "default" configurations.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/237/26078#26078