WiFi Connection Is Leaking All Kinds of Information

Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer--and about you.

Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security.

"You're leaking all kinds of information that an attacker can use," David Maynor, chief technology officer at Errata Security, said Thursday in a presentation at the Black Hat DC event here. "If the government was taking this information from you, people would be up in arms. Yet you're leaking this voluntarily using your laptop at the airport."

There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for e-mail accounts and instant message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a "wall of sheep" always lists captured log-in credentials.

Errata has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant message clients as well as DHCP, SNMP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more.

"You don't realize how much you're making public, so I wrote a tool that tells you," said Robert Graham, Errata's chief executive. The tool will soon be released publicly on the Black Hat Web site. Anyone with a wireless card will be able to run it, Graham said. Errata also plans to release the source code on its Web site.

The Errata sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it a "network sniffer on steroids."

Snoops can use the sniffer tools to see all kinds of data from wireless-equipped computers, regardless of the operating system.

For example, as a Windows computer starts up, it will emit the list of wireless networks the PC has connected to in the past, unless the user manually removed those entries from the preferred networks list in Windows. "The list can be used to determine where the laptop has been used," Graham said.

Apple Mac OS X computers will share information such as the version of the operating system through the Bonjour feature, Graham said. Bonjour is designed to let users create networks of nearby computers and devices.

Additionally, computers shortly after start-up typically broadcast the previous Internet Protocol address and details on networked drives or devices such as printers that it tries to connect to, Graham said.

"These are all bits of otherwise friendly information," Graham said. But in the hands of the wrong person, they could help attack the computer owner or network. Furthermore, the information could be useful for intelligence organizations, he said.

And that's just what the data snoops can sniff out of the air when a laptop is starting up. If the computer is then connected to a wireless network, particularly the unsecured type at hotels, airports and coffee shops, much more can be gleaned. Hackers have also cracked basic Wi-Fi security, so secured networks can't provide a security guarantee.

In general, experts advise against using wireless networks to connect to sensitive Web sites such as online banking. However, it is risky to use any online service that requires a password. The Errata team sniffed one reporter's e-mail username and password at Black Hat and displayed it during a presentation.

People who have the option of using a Virtual Private Network when connected to a wireless network should use it to establish a more secure connection, experts suggest. Also, on home routers WPA, or Wi-Fi Protected Access, offers improved security over the cracked WEP, or Wired Equivalent Privacy.

"The best solution is to be aware of the danger," Graham said. "Everyone doesn't need to work from a coffee shop."

------
Via ZDNet India

US yawns at Wi-Fi enabled phones

Market watcher Ovum reckons that only one US mobile phone subscriber in 50 will have a Wi-Fi enabled phone by 2010. Dual-mode phones that support both WLAN and cellular are already a familiar sight in the Europe and Asia markets. Most of Nokia's E series, and its N80 consumer smart phone, feature both standards.

But in the US, carriers have hampered the adoption of WLAN-capable handsets. Ovum says the industry needs a "reality check" and predicts that less than 5.5 million subscribers will have onboard WLAN.

As for convergence: You won't get there from here, advises Ovum.

"Everyone in the telecoms industry is still too focused on dual-mode phones, even though the people working in the trenches are beginning to voice real skepticism that dual-mode services will ever take off," concludes Ovum's Jan Dawson.

"Overall, it's time for a reality check and for carriers to move on to the forms of fixed-mobile convergence which have real potential for commercial launch. Recent merger and acquisition activity has left us with three major players with a significant opportunity to combine wireline and wireless offerings, but we've yet to see any real moves in this direction. Now is the time to act."

Or, er... what? We wonder. Well, fixed-mobile convergence might not happen - which would happen to suit the three big US incumbents quite nicely.

------
Via TheRegister

Wi-Fi on the Trains Is a Great Success

The York-based train company's Wi-Fi initiative, which created the world's biggest fleet of Wi-Fi-equipped train carriages, won the information technology excellence award, at the HSBC Rail Awards.

The East Coast Main Line operator was also short-listed in the rail safety and security excellence categories - a night of success that could be seen as sadly ironic since the company was forced to give up its franchise.

More than 1,000 of the rail industry's senior executives were joined at the event in London by the Rail Minister Tom Harris MP and the Shadow Transport Secretary, Chris Grayling MP.

GNER's chief executive, Jonathan Metcalfe, said: "Wireless internet is attracting many new passengers to GNER, and this award is recognition of the vision and hard work of many people.

"Many passengers who are switching to the train instead of the car or the plane are telling us that being able to keep in touch throughout the journey using Wi-Fi is a key reason for their choice.

"Feedback from passengers has been very positive and usage levels are rising."

The short-listed bidders for the East Coast franchise - Arriva, First Rail, National Express, and a partnership of Virgin and Stagecoach - have been jostling to win the Government contract to operate the potentially lucrative line between Edinburgh and King's Cross.

But GNER management, generally recognised as one of the most efficient in the rail industry, has been approached by more than one of the "shortlisters" to team up with them should they succeed.

------
Via YorkPress

European Lawmakers are gonna Get Out of the Way of WiFi Usage

The growth of “wireless fidelity,” or Wifi, systems in everything from televisions to computer games to mobile phones has caught the eye of the European Parliament too, where lawmakers are looking at proposals that would expand the concept.

Wifi connections even reach to the Internet and the remote locks on cars and make use of radio spectrum. Despite widespread use, the benefits to industry are not being exploited with all 27 EU states having different management systems. In mid-February, members of the European Parliament (MEPs) adopted a report on radio spectrum calling for common rules and more market-driven policies.

The use of radio spectrum is crucial in any appliance that uses wireless communication, including playing a role in guidance systems for planes, ships, satellites and in the defence industry.

The parliament’s news service reported that, at present, the system for assigning spectrum to interested parties differs from one European Union country to another. This causes delays, extra costs and stifles competition in the market. This is particularly felt by firms who have to compete with US ones - where a single rule for managing radio spectrum exists, the service said.

Last year, the European Commission unveiled proposals that would improve innovation and competitiveness through common rules and a market based approach.

The Parliament’s rapporteur for this issue, Fiona Hall of the United Kingdom, has broadly backed the Commission’s proposals. Her report, adopted by MEPs on February 14, advocates a four step solution:

-Promote competition and innovation that will benefit consumers

-Establish common rules on managing the sector across the EU

-Assign radio spectrum access based on market demand

-Ensure radio transmissions are not restricted by national boundaries

Speaking exclusively to the parliament’s website, Hall spoke of the benefits to consumers: “Despite hard lobbying by certain broadcasters, MEPs supported the idea that all parts of the spectrum could potentially be opened up. This could mean new uses for the spectrum...(especially) services such as wireless broadband for poor and hard-to-reach rural areas,” she noted.

The term “Wifi,” was promulgated by the Wifi Alliance, an organisation made up of leading wireless equipment and software providers with the missions of certifying all 802.11-based products for interoperability and promoting the term Wi-Fi as the global brand name across all markets for any 802.11-based wireless Local Area Networks (LAN) products.

Increasing access to radio spectrum is expected to benefit to consumers through cheaper and more accessible appliances such as mobile phones (especially 3G third generation ones) and other wireless related services.

Opening the EU’s internal market in this sector could also create jobs. As she noted, “The pace of innovation in wireless technology is very fast, but manufacturers can only put their new suitable ideas on the market if they are suitable radio frequencies available. Freeing up radio spectrum ....will allow European manufacturers to fulfill their potential as global leaders in wireless technology, which in turn will create European jobs and growth.”

Wifi has quickly become the next big leap in technology, including on computer games which have become enormously popular amongst young people because they offer more realistic adaptions of human behaviour when playing them.

------
Via neurope

One-third of U.S. Internet Users use Wireless Networks to Connect to Online Services

A new survey has revealed that over 33 percent of internet users in United States use wireless networks to connect to online services such as send e-mails, check the latest news or read other things.
The survey, conducted by Pew Internet Project, said that over 20 percent of the internet users have wireless networks connected to their homes, compared to around 10 percent in a similar survey carried out in January 2005. It added that over 72 percent of users who use wireless networks check their e-mails regularly compared to 63 percent of broadband users.
John Horrigan, associate research director at the Pew Internet Project, said that sending e-mails by using wireless networks is easier than using broadband networks.
"We know that 'always on' broadband connections really deepen people's relationship to the Internet; adding 'on the go' to the mix takes this a step further," he observed. "The convenience of wireless access gives people the chance to fire off a quick e-mail to someone while waiting in a doctor's office or check the news headlines on the way to work."
Overall 798 Internet users were surveyed among whom a total of 34 percent said they had logged on to the Internet using laptops, cellphones or hand-held personal digital assistants.
The details of the study are available online at www.pewinternet.org.