Wi-Fi can 'sell out' laptop users

A laptop with Wi-Fi capability is really handy at work, but the downside of this convenience is that the security is still too many weaknesses to discuss.

As soon as the laptop is powered on, it immediately searches for wireless networks and network services around the location of the device. Even if wireless hardware devices are turned off, user behavioral monitoring software can still grab sensitive information. The data leaks even more if users access the network at public places, especially those with no high security.

' People are losing all kinds of information that hackers can take advantage of. If the government assumes that this type of information is collected, users will react strongly, but they are voluntarily 'surrendering' them when they are innocent of using laptops with Wi-Fi at the airport . That's a comment of David Maynor, chief technology officer of security firm Errata Security in a recent Back Hat DC conference.

There are many tools that are capable of abetting to steal information over Wi-Fi wireless networks. These tools often steal information such as usernames, passwords of email accounts, accounts in chat software or stealing data from unsecured websites.

Errata has developed a network monitoring tool (sniffer) capable of using 25 protocols, including popular protocols for online chat programs such as DHCP, SNMP, DNS and HTTP. According to Robert Graham, Errata's chief executive, the tool will soon be publicly available on the website http://www.blackhat.com. Anyone with a Wi-Fi wireless card can use this tool, Errata plans to include its source code on its website (http://www.erratasec.com).

With this sniffer tool, users have the ability to 'dip their nose' into a variety of data on computers with wireless connectivity, regardless of what operating system it uses.

Specifically, every time Windows starts, it will automatically list a series of wireless networks that the computer has previously connected to. This can only be prevented if the user manually removes the network names in the Windows list. Mr. Graham said: ' This list is often used to determine where people have used laptops '.

For Apple Macs, Bonjour will display information like the operating system version, according to Graham. This feature was originally designed to help users set up networks for computers or nearby devices.

And yet, usually after starting the computer will notify the IP addresses have been browsed, detailed information about the drives as well as devices connected to the computer. Mr. Graham commented: ' These are only very ordinary information, but if they fall into the wrong hands, they will probably be used to attack the user's network or computer. Not to mention, such information is very useful for intelligence agencies . '

Of course, that's just what hackers can exploit over the Internet when the computer is turned on. In case the machine is connected to the wireless network, especially in places where there is no high security level such as hotels, airports or coffee shops, the amount of data leaked cannot be estimated. Hackers can 'break' the basic Wi-Fi security key, so even protected networks do not dare to guarantee safety.

In general, experts recommend that users should not use wireless networks to access sensitive websites like online banking. In addition, the use of online services is equally risky while requiring users to have access passwords. It was during the introductory report at the Black Hat conference that Errata tried to steal the username and password of a journalist.

Better yet, if a user can use Virtual Private Network while connecting to a wireless network, it should be used to establish a more secure connection. It can also be due to WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent Privacy). However, ' the best solution is that users are always aware of security risks. They should not work in Wi-Fi-covered cafes , 'Mr. Graham concluded.

Do Duong