From: InfoSec News (alertsinfosecnews.org)
Date: Fri Oct 16 2009 - 01:26:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/2009/10/15/sector_network_monitoring_bruhaha/

By Dan Goodin in San Francisco
The Register
15th October 2009

Organizers of last week's SecTor security conference collected names,
passwords, and all other traffic passing over two Wi-Fi networks
provided to attendees, including one that was encrypted, the event's
director has confirmed.

Borrowing a page from the Wall of Sheep at the Defcon hacker conference
each year in Las Vegas, the exercise was designed to draw attention to
the perils of public networks, conference organizer Brian Bourne told
The Reg. Indeed, Bourne - who is the director of Black Arts Illuminated,
the company that puts on the event - found partly obscured credentials
for his on Twitter account on the SecTor Wall of Shame.

But what made the Wall of Shame different - at least to some attendees -
was the sniffing of a network that was represented as secure. The
wireless connection carried an SSID named "Sector2009Secured" and was
encrypted using the WPA, or Wi-Fi Protected Access, protocol. Before it
could be used, attendees had to stop by a booth sponsored by Canadian
security vendor eSentire to retrieve the network's pre-shared key.

"In 2009, we still have so many applications leaking credentials onto
the wire, and we have people still deploying and using insecure
protocols," Bourne said. "Our intention with the Wall of Shame was to
highlight that."

[...]

________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]