I'm delighted that Robi Sen has volunteered the article below. Robi's polymathical understanding of technology and its application is pretty startling and I hope he'll contribute other articles in the future.

One aspect of basic operational security that is often overlooked centers around our personal data and communication devices, be they cell phones, laptops, PDAs, or other portable devices like everyone’s favorite iPod touch personal media device. Most people are not aware of how truly simple it is to exploit personal electronics. This is not just something you have to worry about terrorists doing, but also a broad range of criminals or simply individuals with their own agendas. In the next few months, I hope to begin to raise awareness about some of the threats posed by our digital lifestyle, as well as provide some simple tips on reducing your exposure to these threats.

One common danger that all security professionals, or anyone dealing with sensitive information, should be aware of is that of individuals monitoring traffic over the RF spectrum we use every day, from Wi-Fi (802.11) to GSM, CDMA, or even Bluetooth. Using simple open source or commercial tools, anyone can monitor traffic going over a wireless network. Even Wi-Fi Access Points (APs) secured using WEP and WAP security can be broken by open source tools. Many packet-sniffing tools will also happily identify logins and passwords and attempt to crack them even if they are encrypted. These same tools will also allow our intrepid digital spy to log all traffic over the wireless network, including encrypted SSL sessions for latter decryption.

While many believe that using a virtual private network or VPN over Wi-Fi protects them from these sorts of threats, it is possible for a hacker to perform a man-in-the-middle attack and monitor your communications. For this reason, it is is best not to trust any wireless access point for secure communications.

Following up on Roger Davies comments regarding hotels as terrorist targets, they are also an excellent place for people to take advantage of your personal devices. Hardly anyone would notice an individual in a hotel lobby with a laptop or PDA, seemingly working away. Yet that same person could easily be exploiting the hotel’s AP to record information going over the air or target your laptop, PDA, and cell phone. While public areas like cafés and hotels are probably the easiest places to exploit wireless systems, few businesses or organizations make a serious effort to secure their Wi-Fi APs. Moreover, anyone with anything from normal commercial Wi-Fi antenna to a six dollar directed antenna can can monitor hotel Wi-Fi communications, even from a rather sizable distance.

While most organizations do not see their RF transmission from Wi-Fi access points as much of a security threat, recently a criminal network was able to steal approximately 40 million credit card numbers from the wireless networks of companies like J.J. Maxx, Office Max, and Barnes and Noble.From a security standpoint, any information going over a Wi-Fi access point is potentially accessible and it is worth keeping this in mind.

One of the more recent examples of terrorists exploiting local Wi-Fi infrastructure was the Mumbai bombings, where emails used to help coordinate the attacks were, in part, sent over unsecured Wi -Fi access points. This has led Mumbai police to proactively find local unsecured Wi-FI points and have their providers secure them . While this is an questionable mitigation technique, since it is so easy to crack a standard Wi-Fi access point, it does demonstrate that terrorist groups are willing to exploit APs for their own purposes and that businesses and organizations seriously need to consider looking at their Wi-Fi access points as part over their overall security assessments.