"Ablang" <ron916@gmail.com> hath wroth:

>First, let's take a look at how the attack works. You go to an airport
>or other hot spot and fire up your PC, hoping to find a free hot spot.
>You see one that calls itself "Free Wi-Fi" or a similar name. You
>connect. Bingo -- you've been had!

Chuckle. Why do I have problems visualizing some hacker, sitting in
an airport lobby, waiting for unsuspecting wireless users to login or
whatever? That's about the most non-productive waste of time and
effort I could imagine. Perhaps if he were to occupy his time
stealing the laptop, it might be worth the effort.

>The problem is that it's not really a hot spot. Instead, it's an ad
>hoc, peer-to-peer network, possibly set up as a trap by someone with a
>laptop nearby.

It's not a man in the middle attack. It's a lame Microsoft bug (which
still hasn't been fixed). See:
<http://blogs.chron.com/techblog/archives/2006/09/free_public_wif.html>
<http://www.nmrc.org/pub/advise/20060114.txt>
I've seen the "free public WiFi" SSID appear dozens of times at Fry's
and Circuit City, as their demo machines seems to be rather common
victims. It had me confused for a while until I read the explanation.

I really enjoy conspiracy theories, but this one needs work.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558