Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

New report shows privacy vulnerability of business travelers

From: Dave Farber <dave () farber net>
Date: Wed, 25 Feb 2004 06:27:24 -0500

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Tue, 24 Feb 2004 22:23:02 -0800
From: "Burt,David" <david_burt () securecomputing com>
Subject: New report shows privacy vulnerability of business travelers
To: dave () farber net

Dave,
Rodney Thayer and I had fun running around San Francisco testing Internet security. I was pretty shocked by what we found, and your Politech readers might enjoy it too. He wrote a report for Secure Computing, “Remote Insecurity: How Business Travelers Risk Exposing Their Companies When Remotely Accessing Company Networks.” available at <http://www.securecomputing.com/pdf/remoteinsecurity.pdf>http://www.securecomputing.com/pdf/remoteinsecurity.pdf
Posing as a business traveler, Thayer tested the possibility of password theft in multiple locations such as an Internet kiosk in an airport, an Internet café, as well as an in-room hotel broadband network, and wireless access at a coffee shop. Thayer found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information.
Wireless access points are especially vulnerable to “sniffing,” Thayer found. Tests conducted at an airport Internet café and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless “sniffer” software.
Even behind the closed doors of a national hotel chain, using a wired broadband Internet connection is risky business. Thayer documented how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have “file sharing” enabled on their PCs. Corporate data and passwords can easily be stolen.
Publicly available Internet kiosks and workstations, such as those found in Internet cafés, hotel and airport “business centers” and trade show floors were also shown to have multiple vulnerabilities. Widely available “keyboard logging” software could be secretly downloaded and installed on public terminals that have not been properly secured, allowing a cyber-criminal to collect and steal passwords and other private information. Even a properly secured workstation can leave a business traveler vulnerable to password theft – by low tech “shoulder surfing.” 




David Burt
Public Relations Manager

Secure Computing®
Securing connections between people, applications, and networks™
<http://www.securecomputing.com/>www.securecomputing.com
NASDAQ: SCUR

1-206-892-1130 (Direct Phone)
1-800-971-2622 (Main Phone)
1-206-683-9508 (Mobile Phone)
1-206-834-1788 (Fax)
<mailto:David_Burt () Securecomputing com>David_Burt () Securecomputing com

Secure Computing Corporation, Seattle Office
900 Fourth Avenue, Suite 3600
Seattle, WA 98164
USA



-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: