Bleh WiFi security advice from Triangle IT security specialist

I happen to check E-NC every so often to run across an article out of the News Observer (RTP). To paraphrase, the article was telling someone that was connecting to a insecure hotspot (an unknowning neighbor who didn’t put up his/her wireless correctly) if there were security risks.


Mr. Jeff Crume, an IT security specialist (IBM Corporation), tells the person to not login to take advantage of insecure hotspots since hackers could be sniffing the networks.
This is a great idea. Not to mention, while it is not illegal to log into someone else’s insecure WiFi, it is unethical. The violation of the network service agreement is on the user that is paying for the service, not the “uninvited guest”, so it does not play a part from the guest’s point of view.
Then Mr. Crume says one of the most generalized things known in security field:

As for security issues, the bottom line is that you should not connect to any network that “you don’t personally control or can’t be sure is trustworthy unless you are willing to assume that everything you see at your end of the connection could be seen by others,” Crume advises.

Hello? Anyone home? Every network in the world is not controlled at the end-user. If you want to use the Internet, there is the chance that your cable company is sniffing your modem, a hacker is sitting at the node-router sniffing the network, and so on, so forth. Even applied to WiFi, his argument lies invalid since even if you own the WiFi hotspot, there is nothing that says a hacker can’t still sniff the network. Wireless feeds mean that the laptop generates a signal and broadcasts to whatever range its little antenna can handle. Then hopefully, some antenna from the user-owned hotspot picks it up and decrypts the messages and sends it off to the wild blue yonder of the Internet. There is nothing stopping anyone from sniffing the airwaves (unless you think WEP/WPA actually does something). There is a reason behind Netstumbler, Kismet, and other wireless sniffing tools. The pairing of Kismet and Ethereal allows any hacker to read wireless packets if they are not encrypted.
Truthfully, I could probably bet that most insecure hotspots are usually from non-technical people trying to join the world of wireless without reading the manuals rather than hackers setting up evil twin-nodes. Twin-nodes rarely exist in residential areas since they are very low traffic.
All the respect for you and your work, Mr. Crume. I have always loved your work. But next time, note wireless protocols (WEP/WPA + Radius) instead of generalized network security protocols (VPN, SSL). Perhaps touch on what a person with an insecure hotspot can do to secure the site.
With all the precautionary measures, at the end of the day, there really is no wireless signal that is safe.