Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment And here's how a Windows 0-day works over Wi-Fi (Score 2, Informative) 386

Beating the rogue access point (AP) dead horse a bit here, and spelling it out for those who don't "get it".

Badguy creates hostile "website" with Windows exploit. Badguy goes to local airport terminal or Starbucks and pretends to be a legitimate wireless hotspot using Airsnarf or similar rogue AP utility. Badguy FORCES any user who joins wireless network to browse the hostile website that has the Windows exploit. User gets owned. Lather, rinse, repeat.

You can do this to your neighbor, too, if they have an open access point. FYI.

The point is that it does NOT require coincidental surfing of hostile websites to gather and exploit targets with a Windows 0-day these days. The rich and elite road warriors carrying all their financial and corporate data with them are prime targets. Attackers with rogue AP setups can make easy money from hotspot users by FORCING them to browse a hostile "website" with a rogue AP "splash page".

Particularly vulnerable, are hotspot users that have the Windows operating system installed and use IE as their default browser.



Slashdot Top Deals

CCI Power 6/40: one board, a megabyte of cache, and an attitude...