[ISN] Tech Ed net locked down tight as a coffin

From: InfoSec News (isn@private)
Date: Mon May 24 2004 - 23:14:52 PDT

  • Next message: InfoSec News: "[ISN] Theft of Cisco Source Code Stirs Fears of Security Threat"

    http://www.theinquirer.net/?article=16099
    
    [I have it under good authority from "The Unknown Hacker" that ports 
    80, 110, and 143 are open, and the Inquirer writer needs to lay off 
    the Vodka RedBull's being expensed. :)  - WK]
     
    
    By INQUIRER staff
    24 May 2004
    
    TECHED 2004, San Diego -- From the belly of the Vole.
    
    I ARRIVED this morning at the TechEd 2004 conference in San Diego. 
    Within five minutes of registering I made my way to the Sail Pavilion, 
    an impressive auditorium with about 600 computers, tables with ample 
    amps and wep-less, wire-less web. So far, so good. I sat down, hooked 
    up my trusty Compaq Battery Extender, and got to work. Or tried to.
    
    It turns out that my first "breakout session" (the one where I try to 
    break out to the external network and check my email) ended in 
    frustration when I learned that the local network engineers have 
    nearly everything except port 80 walled off. Apparently, even most 
    normal email ports are off limits to conference attendees.
    
    Anyone who runs any kind of webmail system can still check their mail, 
    but I wonder how many in the crowd of developers and conference 
    attendees shared in my initial frustration and will have to go without 
    this week. In a brief discussion with one of the network technicians, 
    I inadvertantly learned of a dark conspiracy. What any red blooded 
    'Merican would describe as an evil, headless terr'ist group of l337 
    h4x0r infidels has *allegedly* offered a bounty to anyone who can 
    break into the conference network and run amok. I can't verify 
    anything, but I'd be willing to bet Microsoft's got snipers perched 
    strategically around the conference center to pick off local 
    warwalkers.
    
    I have been unable to substantiate this rumour, but it makes sense. We 
    live among bloodless heathens, and they must be dealt with.
    
    I've since learned that my hotel room offers inexpensive high-speed 
    internet connection, so I can still make my CVS commits and check my 
    email normally. In this regard, I've managed to duck out of the Vole 
    versus h4x0r dance (a good thing, since my feet are already sore from 
    hoofing it around San Diego).
    
    But, while considering the dance from waaaaaay up in my ivory tower 
    hotel room, with my comfy high speed connection, a couple of 
    unfortunate and ironic conditions crossed my mind. First of all, 
    whether or not the hackers succeed in their mission, hundreds of folks 
    here might have to live without email access for a week. That's just 
    plain frustrating, and I can't imagine it will do much to improve the 
    public image of the hacker as a benevolent, overly curious explorer of 
    the digital frontier.
    
    A second consideration is that Microsoft's solution might be a little 
    extreme. Crippling the network for anyone who doesn't have webmail 
    might be a bit like cutting off the toe to clip the nail. Or throwing 
    the baby out with the bathwater. Or putting the fire ants in 
    the--anyway, you get the drift. It might cause more trouble than it 
    solves. Something tells me there'd be enough coffee and more than 
    enough eager network admin types here willing to have a patch-a-thon 
    if things got wiggly.
    
    If I were an innocent bystander caught without email in the middle of 
    this mess, I'd start looking for nearby wireless cafes. I'll let you 
    know if I kick any up.
    
    More interesting tidbits as they develop.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Tue May 25 2004 - 01:50:39 PDT