How secure is your Wireless Lan?

There's an interesting piece written by George Ou over on ZDNet about the security issues associated with digital certificates and the wireless base station/router's SSID.

The problem seems to stem from the fact that there is no secure way of matching the data between the two, meaning that a rogue user could hijack the wireless connection by spoofing all or part of the data.

This, says ZDNet, is because most commercial client software from the likes of Apple, Microsoft and others, automatically checks and logs the user into the relevant wireless access point.

In theory, a hacker could copy the broadcast SSID data and clone it onto his own portable system and then attract wireless logins using a stronger signal.

If the data element of the calls were then routed on to the legitimate access point, the hacker could stage a man-in-the-middle type hacking attack.

What's interesting about this type of attack is that an SSL session wouldn't normally be vulnerable as the Web browser will match the domain in the URL address to the subject field in the digital certificates.

Of course, if the hacker were to spoof the digital certificate - which is technically feasible, given sufficient time and analysis - then the SSL session could be compromised, although it's worth noting that the certificate's authenticity could also be verified online.

Assuming, of course, you have the validate server certificate option enabled on your software...