http://www.techworld.com/security/news/index.cfm?newsID=8721 

By John E. Dunn
Techworld
01 May 2007

After years of stark warnings, many Wi-Fi networks located in Londons 
City financial district still lack basic levels of security, a security 
vendor claims to have found.

According to security testing company NTA Monitor, which recently 
assessed security using passive monitoring, internal resources such as 
printer queues could be found quite easily, while other networks used 
only weak WEP security to keep network traffic from prying eyes. 
Astonishingly, others used no encryption at all.

If a stranger walks into an office and connects to your network, its 
quite likely that theyd be challenged by someone working there. But by 
sitting in a caf with a laptop theyre pretty inconspicuous and probably 
out of sight of the office whose network theyre connecting to, said NTAs 
technical director Roy Hills.

For a malicious user wishing to connect to a corporate network, the City 
seems to be an ideal location," he said.

A further problem the company noticed was that access points could be 
named in ways that might make users susceptible to hacking. For 
instance, where more than one Wi-Fi node was in use by one enterprise, 
names could often be very similar, as well as generic. Using distinctive 
names, and keeping access points separate in the minds of users would 
make it harder for hackers to impersonate access points using 
similar-sounding evil twins.

The company gave no details of which size of companies were found to 
have problems, nor any percentages on specific security problems.

The issue is timely. At last weeks Infosecurity Europe Show, the issue 
of evil twin access points reared its head once again. According to ISS, 
these are still one of the commonest ways to mine credit card and other 
password data from the general public, despite having been a 
high-profile problem for several years.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org