[ISN] SXSW: 'Hot-spot honeypot' hacker's heaven

From: InfoSec News <alerts_at_private>
Date: Mon, 12 Mar 2012 03:09:19 -0500 (CDT)
http://news.cnet.com/8301-27080_3-57394887-245/sxsw-hot-spot-honeypot-hackers-heaven/

By Elinor Mills
InSecurity
CNET News
March 10, 2012

AUSTIN, Texas -- Some funny things were happening at the South by 
Southwest conference here today. My virtual private network connection 
kept getting disabled, and even stranger, on a friend's laptop a window 
popped up showing an animated cartoon cat flying through the air with a 
rainbow in its wake.

The image, known as Nyan Cat after a popular 2011 Internet meme, 
immediately alarmed me because it was used by the hacker group LulzSec 
on at least one occasion. I joked about being hacked, and my friend 
quickly turned off his laptop.

A few minutes later we found the culprit around the corner standing in a 
Starbucks line: Darren Kitchen, founder of the Hak5 show, who had just 
given a talk about security at the conference. In his session he 
demonstrated for the audience how easy it can be to intercept unsecured 
Wi-Fi connections with a special router and custom software he wrote 
that he calls the WiFi Pineapple. His talk was appropriately titled 
"Securing Your Information in a Target Rich Environment." During the 
demo, audience members who were surfing the Web were surprised when the 
silly music that plays during the Nyan Cat video blared out of their 
laptops.

Thousands of SXSW attendees with lots of social-media moxie but little 
to no security savvy were easy prey for a hacker like Kitchen. The 
interface he was using on his Galaxy Note smartphone showed a long list 
of BlackBerrys, iPhones, Androids, and laptops that thought they were 
connecting to the hotel or Starbucks Wi-Fi (which uses the name 
"attwifi"), but were actually being tricked by Kitchen's WiFi Pineapple. 
"Nobody has any sense of security here," he said, scrolling through the 
list of devices connected to his Wi-Fi router.

[...]


______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Mon Mar 12 2012 - 01:09:19 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 12 2012 - 01:26:53 PDT