Phishing at gate B22

Richard Farina booted up his computer on an American Airlines flight in October from New York to San Francisco. It was one of the first commercial flights to offer wireless Internet service. Within a couple minutes of reaching 10,000 feet, Farina was snooping the airwaves with the ability to see what his fellow passengers were doing without having to leave his cramped middle seat.
Farina isn't a bad guy. He was just doing his job as a so-called white-hat hacker for AirTight Networks, a manufacturer of wireless intrusion protection hardware and software that was invented in India and brought to market in the U.S.
AirTight's chief executive, David King, sends hackers out for unsolicited security assessments. Earlier this year he dispatched Farina and a few other of his 100-plus employees (most of whom work out of the company's offices in Pune, India) to collect wireless security data at 20 U.S. airports and eight in Asia.
They found rampant phony Wi-Fi hot spots created by phishers and, at several large airports, plenty of open or insecure networks run by critical operations such as baggage handling and ticketing. Almost all public networks allowed data such as user names and passwords to pass through the air unencrypted. Only 3 per cent of people used something more secure.
To be sure, King's missions are self-serving; he runs a business that sells the devices that plug security holes. But King says that U.S. airports have a genuine problem.
Very few, such as McCarran International in Las Vegas, monitor all wireless traffic for intruders. (The Vegas airport officials are quick to add that they don't censor for content.) Others, like San Francisco International, are laissez-faire. AirTight found that 47 wireless networks used for SFO's airport operations were wide open or poorly secured.
09/12/08 Taylor Buley/Forbes.com/CBC.ca, Canada

To Read the News in full at Source, Click the Headline

Categories: Foreign Dec 2008