How Wi-Fi attackers are poisoning Web browsers

Black Hat presenter describes latest public Wi-Fi security threat
By Ellen Messmer, Network World
February 03, 2010 04:00 PM ET

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.

"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the and talking directly to the client," the user's Wi-Fi-enabled device.

<SNIP>http://www.networkworld.com/news/2010/020310-black-hat-wi-fi-attackers.html?source=NWWNLE_nlt_daily_am_2010-02-04

Yes, I guess they could get in to your cache but that's a side point from the real problem, that someone started a man in the middle attack on you. That means anything you send out over a non encrypted connection can be read and stored for later. Even data on a secure connection can be seen if the user ignores the warnings their browser puts up about invalid certificates.

And that presents a problem of getting infected with a virus as they can now direct you to infected web pages that try to exploit one of the many vulnerabilities in such programs as Adobe reader or Adobe Flash. But that has very little to do with your internet cache.

Sorry, I don't mean to be anal, but a lot of times these articles completely miss the point for some reason.

how to clear their browser cache, to do it before and after every public wi-fi visit, and to not attend one's banking or sensitive personal browsing while at such places.

These articles are extremely misleading.

the article, it is a suggestion that should alleviate any worries about the article or your input, given most of us aren't able to verify the likelihood of either opinion unless and until it would potentially be too late.

It implies that if you browse using a privacy mode on your browser you dont have to worry about it since cache isn't saved. Or that if you clear your cache you will be okay. It's simply not true. Once a man in the middle attack has been launched your cache is the least of your worries.

The browsers I use both have settings to delete the cache every time you close the browser. If someone is worried about this go to Tools/Options and look for a way to set the cache to delete automatically. If you think you are being hacked just close the browser and the cache will clear.

Everyone should check to see what it is set for and alter accordingly. Or leave it alone as a "setting" and just learn how to do an on the fly cache clear.

Some public places with multiple access points (like the park near my house) appear to be a MITM attack, but I'm ok with that.

Edited to correct inexcusable stupidity on my part.

it might inform you of it but all your information will continue to be intercepted. I dont think zone alarm has the capability to know which is the correct mac address and somehow shape the traffic based on that.

D'oh.
I'm even a BT4 pre-final early adopter.

If you know the mac address of the real modem you can configure a static arp table.