The message that wireless is unsafe has permeated the IT zeitgeist, however people still forget client devices. This talk by Dragorn and Renderman moves away from guarding the access points to guarding the clients. Considering the fun that is continually had by the authors at airports and public networks, this is a message that needs to get out.
Attacks targeting client devices are becoming more sophisticated. Kismet Newcore makes breaking WEP a passive action. Airpwn has received a facelift and is now capable of more unspeakable actions over open links (hotels, airports). Karma as well is flypaper for clients running wireless without any thought to protection. Recent vulnerabilities in browsers and other protocols that are often dismissed as “too hard to exploit to be useful” are suddenly very possible and dangerous when wireless is involved, and attacks crossing from layer 2 directly to layer 7 vulnerabilities will be shown.