Backdoor LAN

[InfoSec News <isn () c4i org>]

http://www.unstrung.com/document.asp?doc_id=22807

Dan Jones
Senior Editor
Unstrung
10.17.02

LAS VEGAS -- Veterans of past Cellular Telecommunications & Internet
Association (CTIA) shows tell us one major security problem they faced
was having their analog phones cloned.

Happened all the time apparently...

These days we face a different threat, namely that the free wireless
LAN network we're using to get online -- provided by T-Mobile U.S. in
this instance -- is offering potential hackers a backdoor to get at
data on your laptop.

It works like this. T-Mobile has a proxy set up so that the user is
directed to their Website and clicks to login before they get access
to Internet connectivity. However, access to the wireless access point
is not password protected, so the network itself is open. Basically,
any shared areas on your hard drive are visible to other people on the
network.

Unstrung Website engineer Bill Burns noted the problem when using the
service at his local Starbucks. However, we should stress that this is
pretty common with public wireless LAN access systems, certainly not
something that is exclusive to T-Mobile's HotSpot service.

The T-Mobile technical guys we spoke to suggested running a personal
firewall and a VPN when using a public service. We reckon you could
also disable the sharing facility on your computer.

Whatever you do, be careful out there. After all, you never know who's
coming in through your backdoor.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.