[ISN] Backdoor LAN

From: InfoSec News (isnat_private)
Date: Thu Oct 17 2002 - 22:49:14 PDT

  • Next message: InfoSec News: "[ISN] Microsoft plugs privilege elevation flaw in SQL Server"

    Dan Jones
    Senior Editor
    LAS VEGAS -- Veterans of past Cellular Telecommunications & Internet
    Association (CTIA) shows tell us one major security problem they faced
    was having their analog phones cloned.
    Happened all the time apparently...
    These days we face a different threat, namely that the free wireless
    LAN network we're using to get online -- provided by T-Mobile U.S. in
    this instance -- is offering potential hackers a backdoor to get at
    data on your laptop.
    It works like this. T-Mobile has a proxy set up so that the user is
    directed to their Website and clicks to login before they get access
    to Internet connectivity. However, access to the wireless access point
    is not password protected, so the network itself is open. Basically,
    any shared areas on your hard drive are visible to other people on the
    Unstrung Website engineer Bill Burns noted the problem when using the
    service at his local Starbucks. However, we should stress that this is
    pretty common with public wireless LAN access systems, certainly not
    something that is exclusive to T-Mobile's HotSpot service.
    The T-Mobile technical guys we spoke to suggested running a personal
    firewall and a VPN when using a public service. We reckon you could
    also disable the sharing facility on your computer.
    Whatever you do, be careful out there. After all, you never know who's
    coming in through your backdoor.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 01:33:35 PDT