WATPA: FW: Security experts beaten at their own game

From: Norm Jacknis <norm@jacknis.com>
Date: Thu Feb 15 2007 - 23:10:41 EST

I'm not sure if this is supposed to make the average person feel better or
worse ;-)

-----Original Message-----
Security experts beaten at their own game


Tom Sanders at RSA Conference in San Francisco
08 Feb 2007

More than half of the computers used by security experts attending the RSA
Conference in San Francisco this week lack the proper protection and may
have been compromised, according to wireless security firm AirDefense.

The company scanned all wireless traffic on the first day of the conference
and found a total of 623 Wi-Fi enabled notebooks and mobile phones.

Some 56 per cent of these devices were configured automatically to log-on to
networks with common names such as 'Linksys' or 'T-Mobile', a feature known
as an open access wireless account.

Attackers could exploit the feature through a so-called man-in-the-middle
attack in which a rogue access point is set up with a Service Set Identifier
that is identical to the common service.

The attack could gather confidential information, or exploit unpatched
vulnerabilities in Windows to take control of the victim's system.

The RSA Conference provided attendees with a safe wireless network, but it
was so difficult to apply the security settings required to attach to the
network that a long queue formed at the helpdesk.

Delegates at security conferences are known to show off their hacking
skills. AirDefense found two rogue access points masquerading as the
official conference network, one of which included a forged security

Five other rogue networks mimicked common hotspot names from local hotels or
service providers.
Received on Thu Feb 15 23:10:58 2007

This archive was generated by hypermail 2.1.8 : Tue Mar 13 2007 - 18:55:02 EDT