My latest article for TheFeature.com is about a new security protocol that seeks to expose the evil twins and dodgy middlemen lurking in the shadows of wireless access points:
Phishers use technical spoofing and social engineering to trick potential victims into thinking that they're interacting with a legitimate Web site. For example, you've probably received at least a few e-mails purporting to be from PayPal and asking you to change your password because your account may have been the victim of a cyberattack. Of course, the reality is that the e-mail is itself an attack. Following the link takes you to a page that looks just like PayPal, but in reality is a phisher's net.
"Phishing exists in both wireless and wired settings," says cryptographer Markus Jakobsson, a professor at the Indiana University School of Informatics. "But it's a bit more difficult to protect against when you're using a public wireless access point and you can't be entirely sure of its identity."
According to his bio, Jakobsson "teaches cryptography, security, protocol design, and likes to cheat." The combination of his professional practice and, well, appreciation for a good con helps him stay one step ahead of the phishers.
