Amazing bogus WiFi "security" study: Z/Yen set up two wireless access points and monitored activity on them. They report that 25% of the connections were "deliberate" (which, I assume, means made through selecting the SSID instead of inadvertently associating with the network because your card was set to connect to the strongest available signal) and that 71% of the connected users sent email.

Fair enough -- that sounds like the right kind of numbers for me. I know that my net-stumbling workflow consists of finding a network, fetching my mail, moving on, answering my mail, finding another network, downloading new mail and sending the reply email.

But the amazing thing is what Z/Yen and its client, RSA conclude: that the 25% of the people who deliberately associated with the network were "malicious," and that the 71% who sent email were sending spam. This is such a transparently, deliberately (heh) stupid conclusion, it boggles the mind: how can "deliberate" equate to "malicious?" How can "sending email" equate to "sending spam?"

We keep seeing this kind of WiFUD, and a lot of it comes from self-serving "security experts."

These experts' motivation is rather transparent: if you are in the business of selling security, you require customers who feel insecure. WiFi, by dint of its novelty and popularity, is a predictable target for shrill security warnings and a healthy source of potential revenue. We can only hope that no one takes these dishonest conclusions at face value. Link Discuss (via /.)