Delivered-To: [EMAIL PROTECTED] Date: Tue, 24 Feb 2004 22:23:02 -0800 From: "Burt,David" <[EMAIL PROTECTED]> Subject: New report shows privacy vulnerability of business travelers To: [EMAIL PROTECTED]
Dave,
Rodney Thayer and I had fun running around San Francisco testing Internet security. I was pretty shocked by what we found, and your Politech readers might enjoy it too. He wrote a report for Secure Computing, �Remote Insecurity: How Business Travelers Risk Exposing Their Companies When Remotely Accessing Company Networks.� available at <http://www.securecomputing.com/pdf/remoteinsecurity.pdf>http://www.securecomputing.com/pdf/remoteinsecurity.pdf
Posing as a business traveler, Thayer tested the possibility of password theft in multiple locations such as an Internet kiosk in an airport, an Internet caf�, as well as an in-room hotel broadband network, and wireless access at a coffee shop. Thayer found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information.
Wireless access points are especially vulnerable to �sniffing,� Thayer found. Tests conducted at an airport Internet caf� and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless �sniffer� software.
Even behind the closed doors of a national hotel chain, using a wired broadband Internet connection is risky business. Thayer documented how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have �file sharing� enabled on their PCs. Corporate data and passwords can easily be stolen.
Publicly available Internet kiosks and workstations, such as those found in Internet caf�s, hotel and airport �business centers� and trade show floors were also shown to have multiple vulnerabilities. Widely available �keyboard logging� software could be secretly downloaded and installed on public terminals that have not been properly secured, allowing a cyber-criminal to collect and steal passwords and other private information. Even a properly secured workstation can leave a business traveler vulnerable to password theft � by low tech �shoulder surfing.�
David Burt Public Relations Manager
Secure Computing� Securing connections between people, applications, and networks� <http://www.securecomputing.com/>www.securecomputing.com NASDAQ: SCUR
1-206-892-1130 (Direct Phone) 1-800-971-2622 (Main Phone) 1-206-683-9508 (Mobile Phone) 1-206-834-1788 (Fax) <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]
Secure Computing Corporation, Seattle Office 900 Fourth Avenue, Suite 3600 Seattle, WA 98164 USA
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
