Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time.

That’s according to a security researcher, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference. He said it is simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

"Once you’ve left Starbucks, you’re owned. I own your cache-control header,” he said. “You’re still loading the cache JavaScript when you go back to work.”

Open networks have no client protection,” said the researcher, who also uses the handle Dragorn. “Nothing stops us from spoofing the [wireless access point] and talking directly to the client,” the user’s Wi-Fi-enabled device. Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache. “Once the cache is poisoned, it’s going to stay there,” the researcher said.

This means that an attacker can intercede to “poison the URL” of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a “shim” that could “ship your internal pages off to a remote server once you’re in a VPN.”

More..............http://www.pcworld.com/article/188614/how_wifi_attackers_poison_browsers.html