[ISN] Security experts beaten at their own game

From: InfoSec News (alerts@private)
Date: Thu Feb 08 2007 - 22:08:51 PST


http://www.vnunet.com/vnunet/news/2174409/security-experts-beaten-own

Tom Sanders at RSA Conference 
in San Francisco
vnunet.com 
08 Feb 2007

More than half of the computers used by security experts attending the 
RSA Conference in San Francisco this week lack the proper protection and 
may have been compromised, according to wireless security firm 
AirDefense.

The company scanned all wireless traffic on the first day of the 
conference and found a total of 623 Wi-Fi enabled notebooks and mobile 
phones.

Some 56 per cent of these devices were configured automatically to 
log-on to networks with common names such as 'Linksys' or 'T-Mobile', a 
feature known as an open access wireless account.

Attackers could exploit the feature through a so-called 
man-in-the-middle attack in which a rogue access point is set up with a 
Service Set Identifier that is identical to the common service.

The attack could gather confidential information, or exploit unpatched 
vulnerabilities in Windows to take control of the victim's system.

The RSA Conference provided attendees with a safe wireless network, but 
it was so difficult to apply the security settings required to attach to 
the network that a long queue formed at the helpdesk.

Delegates at security conferences are known to show off their hacking 
skills. AirDefense found two rogue access points masquerading as the 
official conference network, one of which included a forged security 
certificate.

Five other rogue networks mimicked common hotspot names from local 
hotels or service providers.


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Thu Feb 08 2007 - 22:31:51 PST