new security threat for wifi hotspot users

[Chilihost]

I just read an article about a new threat that everyone should be aware of. Its called 'evil twins' and its aimed at wifi hotspot users.

What happens is hackers set up bogus hotspots that masquerade as the real thing. They set it up using a known network name or something like "free access", "club wi-fi", etc. These bogus hotspots are extremely easy and cheap to setup, with just a bit of know-how and about $200 in equipment. It can be run out of a briefcase or a nearby parking lot. They don't need internet access either, just copies of popular websites stored on their hard disks.

So far people have reported these issues in Dulles, LAX and LaGuardia.

The best way to avoid this whole situation is to ensure you use "mutual authentication" for any hotspots you login to, or to use a VPN for unsecure hotspots, or to only login to sites using https protocols, or just avoid using hotspots for any critical info (banks, cc numbers, etc). The article also mentioned this product: http://www.airdefense.net/products/adpersonal/
But I have not used it yet so I don't know much about it.

cheers,
Luke

[Joey@AEBN]

Thanks for the info, as I use hotspots regularly in airports and such.