Today's most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.
Stealth attack No. 1: Fake wireless access pointsNo hack is easier to accomplish than a fake WAP (wireless access point). Anyone using a bit of software and a wireless network card can advertise their computer as an available WAP that is then connected to the real, legitimate WAP in a public location.
Think of all the times you -- or your users -- have gone to the local coffee shop, airport, or public gathering place and connected to the "free wireless" network. Hackers at Starbucks who call their fake WAP "Starbucks Wireless Network" or at the Atlanta airport call it "Atlanta Airport Free Wireless" have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and their intended remote hosts. You'd be surprised how much data, even passwords, are still sent in clear text.
Find out what's happening in Mission Viejofor free with the latest updates from Patch.
The more nefarious hackers will ask their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere. The WAP hacker can then try using the same log-on credentials on popular websites -- Facebook, Twitter, Amazon, iTunes, and so on -- and the victims will never know how it happened.
Lesson: You can't trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don't recycle passwords between public and private sites.
