Interesting People mailing list archives
New report shows privacy vulnerability of business travelers
From: Dave Farber <dave () farber net>
Date: Wed, 25 Feb 2004 06:27:24 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Tue, 24 Feb 2004 22:23:02 -0800 From: "Burt,David" <david_burt () securecomputing com> Subject: New report shows privacy vulnerability of business travelers To: dave () farber net Dave,Rodney Thayer and I had fun running around San Francisco testing Internet security. I was pretty shocked by what we found, and your Politech readers might enjoy it too. He wrote a report for Secure Computing, Remote Insecurity: How Business Travelers Risk Exposing Their Companies When Remotely Accessing Company Networks. available at <http://www.securecomputing.com/pdf/remoteinsecurity.pdf>http://www.securecomputing.com/pdf/remoteinsecurity.pdf
Posing as a business traveler, Thayer tested the possibility of password theft in multiple locations such as an Internet kiosk in an airport, an Internet café, as well as an in-room hotel broadband network, and wireless access at a coffee shop. Thayer found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information.
Wireless access points are especially vulnerable to sniffing, Thayer found. Tests conducted at an airport Internet café and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless sniffer software.
Even behind the closed doors of a national hotel chain, using a wired broadband Internet connection is risky business. Thayer documented how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have file sharing enabled on their PCs. Corporate data and passwords can easily be stolen.
Publicly available Internet kiosks and workstations, such as those found in Internet cafés, hotel and airport business centers and trade show floors were also shown to have multiple vulnerabilities. Widely available keyboard logging software could be secretly downloaded and installed on public terminals that have not been properly secured, allowing a cyber-criminal to collect and steal passwords and other private information. Even a properly secured workstation can leave a business traveler vulnerable to password theft by low tech shoulder surfing.
David Burt Public Relations Manager Secure Computing® Securing connections between people, applications, and networks <http://www.securecomputing.com/>www.securecomputing.com NASDAQ: SCUR 1-206-892-1130 (Direct Phone) 1-800-971-2622 (Main Phone) 1-206-683-9508 (Mobile Phone) 1-206-834-1788 (Fax) <mailto:David_Burt () Securecomputing com>David_Burt () Securecomputing com Secure Computing Corporation, Seattle Office 900 Fourth Avenue, Suite 3600 Seattle, WA 98164 USA ------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- New report shows privacy vulnerability of business travelers Dave Farber (Feb 25)