funsec mailing list archives

Security 'Experts' Aren't So Secure At RSA Conference

From: "Fergie" <fergdawg () netzero net>
Date: Wed, 7 Feb 2007 18:47:06 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...and keeping in the spirit of how the RSA Conference is really
nothing more than "Security Theater" for the security industry:

Via InformationWeek.

[snip]

 For a group of people who should know better, attendees at the RSA
Conference -- one of the biggest security conferences in the world -- are
not following the advice they give their customers, co-workers, and
friends. As a result, many are not as secure as they think they are.

Analysts at AirDefense Inc., a wireless monitoring company based in
Atlanta, ran a scan on wireless devices at the conference Tuesday at the
Moscone Center in San Francisco. Of the 347 laptops, smart phones, and
hand-held devices they monitored between 9:30 a.m. and 5 p.m., 56% of them
were insecure.

Those devices had been set up to link to insecure wireless access points,
like those found at hotels and Starbucks cafes. The problem, says Richard
Rushing, CSO of AirDefense, is that when they are done using the
connection, they don't change the device's policy settings that let it
connect to insecure access points. That means when their Blackberry or
laptop is on at the conference center, it could easily hook up to a rogue
access point set up by a hacker.

Last year at the RSA conference, AirDefense found that 35% of wireless
devices were insecure. But not as many people had wireless devices at the
show with them. This year, says Rushing, there are more computers at the
show with wireless capabilities and more of them are at risk.

[snip]

More:
http://www.informationweek.com/story/showArticle.jhtml?articleID=197004112

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFFyh6nq1pz9mNUZTMRAqA7AJ4mBq0Q2OkjzIICVbFxBsWxu76mowCfS42h
2ns2qV6S7oCF+yKX864TwpQ=
=VpCE
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Security 'Experts' Aren't So Secure At RSA Conference Fergie (Feb 07)
- Re: Security 'Experts' Aren't So Secure At RSA Conference Blue Boar (Feb 07)
  - Re: Security 'Experts' Aren't So Secure At RSA Conference Valdis . Kletnieks (Feb 07)
    - Re: Security 'Experts' Aren't So Secure At RSA Conference Brian Loe (Feb 07)
- <Possible follow-ups>
- Re: Security 'Experts' Aren't So Secure At RSA Conference Fergie (Feb 07)