[ISN] Working in a network war zone

From: InfoSec News (isnat_private)
Date: Tue May 07 2002 - 01:51:20 PDT

  • Next message: InfoSec News: "[ISN] Aging Worms Still Crawl, Threaten Net"

    By Robert Lemos 
    Staff Writer, CNET News.com
    May 6, 2002, 4:00 PM PT
    reporter's notebook - VANCOUVER, British Columbia -- Even before the
    CanSecWest security conference started on Wednesday, unknown hackers
    had given the hotel's high-speed network a case of the hiccups. By
    Wednesday evening, the system was laid out flat.
    The pros were peeved, and a call for an electronic posse went out.
    "We're forming a hunting party," Dragos Ruiu, independent security
    consultant and conference organizer, told the room of nearly 150
    hackers and security experts late Thursday afternoon. "If anyone wants
    to help us find out who's...poisoning the hotel network, talk to me."
    But that evening, the vandal stayed offline and the hotel network was,
    for a little while, glitch free.
    Networks don't come much more hostile than those at the CanSecWest
    security conference. The three-day conference brought together
    hackers, security consultants, and government officials to talk tech
    about the latest tools and trends in the online arena.
    Yet, the hackers evidently found it hard to stay away from wandering
    about the network. Overt attacks against computers seemed to be rare.  
    More attacks were of the same type that afflicted the hotel's free
    Ethernet network, which in this case had so-called ARP poisoning.
    The Address Resolution Protocol, or ARP, is the means by which
    routers--the network device that directs information from the sender
    to the destination--keep track of what hardware is where. An attacker
    who successfully "poisons" a router's ARP tables can have a copy of
    data sent to them and can pretend to be another device on the network,
    such as the hotel's gateway.
    By spoofing the hotel's gateway, for instance, an attacker's computer
    could grab data, allowing the hacker to read unencrypted passwords,
    e-mail or Web pages. Along with giving the hotel network a case of
    confusion, unknown hackers set up eavesdropping programs and devices
    to capture data on the wireless network used by conference attendees.
    To protect against eavesdropping and because most of today's e-mail
    servers don't allow encrypted logins, many attendees encrypted their
    mail using any of the several available programs.
    Again, impersonation is the danger. By spoofing an encryption server,
    especially when the victim doesn't know the telltale signs of the
    hack--a warning that the server's encryption key has changed--the
    attacker can grab all the user's keystrokes.
    No wonder the government personnel left their laptops at home.  
    Standard procedure requires them to blank their systems before leaving
    for such a conference and reinstall the operating system when they
    return. Too much trouble, it seems, as none of them brought a laptop.
    Other security experts decided to go PC-free as well, rather than deal
    with defending their laptops against all comers on the network.
    Those that connected either have total faith in their security, plan
    to reinstall the operating system or don't mind wondering whether
    their PC caught something up north at CanSecWest.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue May 07 2002 - 04:54:32 PDT