Lab Notes

As somebody who makes his living patching the security holes in Wi-Fi, I'm totally aware of what can go wrong with a Wi-Fi deployment. This Boston Herald article gets it mostly wrong. Basically, a woman in Virginia claims her bank account was cleaned out by someone who cracked her home Wi-Fi network (the article also calls it a phishing attack, which is something completely different).

Even the most insecure Wi-Fi network will not be vulnerable to this kind of attack: no bank that I've ever seen allows a user to access their accounts without an SSL connection, which encrypts data at the transport layer (see this Webopedia article for a discussion of the 7 network layers). Wi-Fi encryption (i.e., WEP, TKIP, AES) happens at the data link layer, so even if there is weak or no encryption at all on the Wi-Fi network, the banking information is still protected. What's more, even if this woman's loss was a result of a phishing attack, that's something to which Wi-Fi networks are no more vulnerable than wired networks.

In its defense, the article does eventually reach these same conclusions, but the the title more than enough hyperbole.