January 25, 2005, 2:23 PM — The recent demonstration in London of the "Evil Twin" wireless connection scam (wherein users at WiFi hotspots are duped into logging onto a malicious server that can capture their personal information off of their laptops) apparently has Londoners in a complete tizzy. The hype has one U.K. journalist proclaiming that it's much ado about nothing. He notes that if criminals want to steal your credit card information, they have better ways of going about it.
"Internet-based exploits are safe, anonymous, quick, and harvest not just one or two card details, but thousands," he writes. "Organised criminals sitting undetectably in unstable countries half way around the globe do this routinely, and nobody can find who they are, or where they are. So, if this is possible, why would I pin-point myself for the network?"
He goes on to explain that anyone setting up an "Evil Twin" WiFi connection would be fairly easy to track down, and that it would be a lot of work for little payoff. "The information you're going to transmit at the hotspot is of no interest to anybody in the world except your Granny, to whom you're sending those photographs," he concludes.
Of course, perhaps in Europe, a coffee break is really a coffee break. That is, when Londoners sit down in a WiFi hotspot for a spot of tea in the afternoon, maybe they are more likely to consider it personal time. Maybe they are more likely to be transmitting holiday photos and less likely to be connecting to an insecure SMB network or even a corporate VPN that isn't properly protected.
Among the work-obsessed Americans sitting around their local Starbucks, the information that an "Evil Twin" operator could obtain could theoretically be a lot more valuable than Granny's photos. Better safe than sorry, writes columnist Wayne Rash, who offers tips on how to protect yourself and your company when working in public.