I've recently started using wireless on an (Arch) laptop.
My wireless manager (wicd) is set up to automatically associate with any networks with a certain ESSID and attempt to authenticate with them.
Is that a security risk? In particular, could an attacker set up a network with the same ESSID as the one I connect to, then wait for my wireless manager to try to connect, and receive my authentication details?
edit: The network I am connecting to uses WPA Enterprise authentication which requires an identity and password, not an encryption key.
Best Answer
Pre-shared-keys are never transmitted during the establishment of a wifi session - in other words the client never says "This is the key I have, can I come in?".
Simplifying what happens somewhat in a crappy WEP session, it goes like this:
A rogue access point is a security concern, but not one that will make harvesting keys any easier than simply watching the above interaction. The real concern is that people will connect to a rogue access point and transmit sensitive data over it thinking it is an authorised AP.