[guids]

[ QUOTE ]
[ QUOTE ]
This caveat is, even though your bank, gmail, etc passwords are sent over ssl (encryption), it is fairly easy to get those passwords. What an attcker does is set up a fake website on his laptop, and impersonates the AP (what your laptops connects to), then he looks at all the information in unencrypted form, because his fake website doesnt use encryption, takes that info, sends it to its real destination over the internet, and transmits any response back to your computer. Hence the name man in the midddle


(your box)--------(his laptop)---------internet

[/ QUOTE ]

Good point - I never really thought of faking an access point to do this sort of attack. Would the attacker have to disable the real AP first somehow (DOS attack?) so that Howard's computer doesn't find the real one first? Or can it just beat it to the punch when the laptop searches for a DHCP server?

[/ QUOTE ]

99% of wireless clients put the strongest signal at the top of the list of networks to connect to, so you just make sure you have a good antenna, etc and have a stronger signal than the AP.