RSA Conference Wireless

Over at vnunet, Tom Sanders writes about the RSA conference.

More than half of the computers used by security experts attending the RSA Conference in San Francisco this week lack the proper protection and may have been compromised, according to wireless security firm AirDefense.
The company scanned all wireless traffic on the first day of the conference and found a total of 623 Wi-Fi enabled notebooks and mobile phones.
Some 56 percent of these devices were configured automatically to log-on to networks with common names such as ‘Linksys’ or ‘T-Mobile’, a feature known as an open access wireless account.

So the first first paragraph is an improper summary of the statistics. “More than half of the computers used by security experts” weren’t misconfigured. It was half of the computers with wireless enabled.
So the vendor has interesting statistics and I liked the article as a whole but for me it almost got overshadowed by a misleading opening paragraph.
It is extremely important to not connect to unencrypted wifi and then leave those profiles enabled when you go anywhere else. Further, Evil twin access points do occur. Your computer leaks all sorts of passwords. Its not just when you’re browsing. The second your network connection comes on line, your mail client, IM clent and RSS reader may be logging into things in clear text. Its a danger you need to be aware of, and keep your clients from launching and sending passwords, until you have established a secure encrypted tunnel, whether is an ‘always tunnel’ vpn back to work, or a ssh tunnel back to your home.