May 18, 2005
Evil Twins Of Your WiFi Connection
Yesterday's Wall Street Journal's Marketplace section had an insightful article about protecting ones self from fake WiFi networks called "evil twins". These networks masquerade as the networks of the WiFi provider you really want to access - like Mobile, Verizon or etc. Their "evil twin" web page looks like the web site logon page of the real network but with two very harmful differences.
1. When you type in your logon information - someone is harvesting it and can use it or sell it to someone else
2. The web site is often programmed to install malicious code (spyware, etc) on your PC
Unfortunately there is little you can do to protect yourself as these "evil twins" hack into your ISP and edit the directory your ISP uses to match the domain name, such as Mobile.com with the IP address 10.0.0.1 that relates to tmobile.com. So you type www.tmobile.com into your web browser and instead of serving you the web page that is associated with the IP address of tmobile you are instead served the web page assigned to the ip address of the "evil twin". When you type www.cnn.com or any web address into your web browser, your ISP must first to a domain name look up using a domain name server (DNS) to find what IP address is associated with that domain name to connect you to the proper web server and resulting web page. If someone has hacked into the DNS server, your web browsing experience is going to be compromised.
Imagine dialing 212-555-1212, your lawyer, and a hacker has edited the phone company so that 5's = 3's. When you dial, 212-555-1212, your phone is actually going to connect with 212-333-1212. Someone answers, you think its your lawyer and you start spilling your guts about the car you just wrecked. Well it's not your lawyer its your insurance company.
How to protect yourself. Check out the digital certificate of your WiFi providers web site and make sure that its legit. If there is NO digital certificate which means you are connecting to a secure page and that digital certificate does not match of to be that of the web site it should be - don't connect or type anything into the web site.
Always make sure that your anti-virus, spyware and other online security software are up to date and current.
Get Small Business Technology Report
Via Email Every Tuesday
What is Smallbiztechnology.com?
Smallbiztechnology.com helps small-medium sized businesses strategically use technology as a tool to grow their businesses and provides news, articles, discussion boards, resources, analysis & events for the owners of small to medium sized busineses.
Subscribe to the Smallbiztechnology feed.
Recent Posts
- Windows Home Server - For Home Based Businesses With Small Networks
- LinkedIn: It's Much More Powerful Than You Think
- Is Email Keeping You Down. An IBMer Skips Email for Social Tools
- Keep Your Laptop Bagged At the Airport: NEW TSA Rules
- As Gas Goe$ Up, Use Technology To Communicate
- Why Open Source Works, Tech Partners Are Essential and ERP Is a Must
- Data Ownership, Access and Location. It's A Mystery.
- Are Your Files and Emails Secure Enough?
- SaaS Spells Relief for Small Business
- Email Marketing: Why More Of You Don't Do It
The Third Annual Small Business Summit 2008 was a smashing success. Check out the Summit site for what you missed. See the 2008 Summit presentations, video and photos!
Post a comment