BROADCASTS.com

b'At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the Shmoo Group. Two years later, "Evil Twin" access points have made it to Slashdot and news.google.com. Who would have thought TSG could get away with the easy rogue AP attacks for so long? Note to Shmoo: Next time, put the word "evil" in the title of your presentation for mass appeal and acceptance. Oh, rock on--it WORKED!\\n\\nWireless n00b? No problem0. This talk starts off with the basics. Wireless insecurity basics. Rogue AP basics. How your wireless users are basically screwed. Etc. If you read about "Evil Twin" access points earlier this year, you will actually see how easy it is to build your own. However, this talk quickly moves on to more advanced attacks and trickery with rogue APs, including: gathering intel beyond usernames / passwords, getting around WEP and WPA-PSK protected networks, integrating RADIUS with your rogue AP, abusing vulnerable EAPs, rogue AP backend bridging, and real-time abuse of two-factor authentication a la Bruce Schneier\'s Springtime scary story. Even wireless warriors will learn an entertaining trick or two. You want demonstrations? Okey dokey. You\'ll have them.\\n\\nOnce everyone has the willies, the "professional" and "responsible" portion of this talk, albeit minimal, will cover rogue AP defense. Basic wireless security architectures and to-dos for home users, hotspot users, and enterprise wireless network admins are covered, as well as client-side defensive tools, WIDS considerations, and roll-your-own options.\\n\\nBut wait! There\'s more! For the closet Microsoft fanboy in all of us, wireless weapons for Windows are covered--both offense and defense. Why launch a rogue AP attack when you can launch three? Rogue AP attacks for the masses! The release of "Rogue Squadron"! It\'s a bizarre look at how to be a social engineering badboy with 802.11b presented by Beetle of the Shmoo Group. If you want to know what the press will pick up on two years from now, you should probably check this out. Otherwise, move along. These are not the APs you are looking for.\\n\\nBeetle is a member of the Shmoo Group, holds a BS in Computer Science, and is a D.C.-area computer security engineer. He is a geek, and he is a licensed amateur racecar driver the perfect combination for successfully working and driving around the nation\'s capital. He presented on the topic of rogue access points at DefCon 11 and Black Hat Federal, demonstrating his rogue AP setup utility Airsnarf. Last year, he and the Shmoo Group pimped some of their new wireless gadgets, such as 802.11bounce and the Sniper Yagi, at DefCon 12, and\\nBeetle unleashed Wireless Weapons of Mass Destruction for Windows at ToorCon last fall. This year, Beetle swears he is taking a break of sorts, having recently organized an East coast hacker conference in D.C. called ShmooCon this past Winter, while reminding people that rogue APs and "Evil Twins" are NOT new, and presenting on wireless topics at several other conferences this past Spring.\\n\\nBruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, large-scale network architectures, smartcards and promotion of secure software engineering practices. Mr. Potter coauthored the books "802.11 Security", published in 2003 by O\'Reilly, "Mac OS X Security" by New Riders in 2003 and "Mastering FreeBSD and OpenBSD Security" by O\'Reilly published in April 2005. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.'