ARLINGTON, Va.--Simply booting up a Wi-Fi-enabled laptop can tell
people sniffing wireless network traffic a lot about your computer--and
about you.
Soon after a computer powers up, it starts looking for wireless
networks and network services. Even if the wireless hardware is then
shut-off, a snoop may already have caught interesting data. Much more
information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security. "You're leaking all kinds of information that an attacker can use,"
David Maynor, chief technology officer at Errata Security, said
Thursday in a presentation at the Black Hat DC event here. "If the
government was taking this information from you, people would be up in
arms. Yet you're leaking this voluntarily using your laptop at the
airport."
There are many tools that let anyone listen in on wireless network traffic.
These tools can capture information such as usernames and passwords for
e-mail accounts and instant message tools as well as data entered into
unsecured Web sites. At the annual Defcon hacker gathering, a "wall of
sheep" always lists captured log-in credentials.
Errata has developed another network sniffer that looks for
traffic using 25 protocols, including those for the popular instant
message clients as well as DHCP, SNMP, DNS and HTTP. This means the
sniffer will capture requests for network addresses, network management
tools, Web sites queries, Web traffic and more.
10:20:57 PM 
|
