[IP] New report shows privacy vulnerability of business travelers

To: ip@xxxxxxxxxxxxxx
Subject: [IP] New report shows privacy vulnerability of business travelers
From: Dave Farber <dave@xxxxxxxxxx>
Date: Wed, 25 Feb 2004 06:27:24 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx


Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Tue, 24 Feb 2004 22:23:02 -0800
From: "Burt,David" <david_burt@xxxxxxxxxxxxxxxxxxx>
Subject: New report shows privacy vulnerability of business travelers
To: dave@xxxxxxxxxx

Dave,

Rodney Thayer and I had fun running around San Francisco testing Internetsecurity. I was pretty shocked by what we found, and your Politech readersmight enjoy it too. He wrote a report for Secure Computing, ?RemoteInsecurity: How Business Travelers Risk Exposing Their Companies WhenRemotely Accessing Company Networks.? available at<http://www.securecomputing.com/pdf/remoteinsecurity.pdf>http://www.securecomputing.com/pdf/remoteinsecurity.pdf

Posing as a business traveler, Thayer tested the possibility of passwordtheft in multiple locations such as an Internet kiosk in an airport, anInternet café, as well as an in-room hotel broadband network, and wirelessaccess at a coffee shop. Thayer found multiple methods available tocyber-criminals that could be used to steal passwords and corporateinformation.

Wireless access points are especially vulnerable to ?sniffing,? Thayerfound. Tests conducted at an airport Internet café and at a popular chainof coffee shops showed that unencrypted streams of data from the laptops ofpatrons could easily be seen in many instances by another patron sittingnearby with wireless ?sniffer? software.

Even behind the closed doors of a national hotel chain, using a wiredbroadband Internet connection is risky business. Thayer documented how ahotel guest can use widely available snooping software with a laptop loggedonto the hotel network. The guest can successfully snoop on the harddrives of fellow guests who have ?file sharing? enabled on their PCs.Corporate data and passwords can easily be stolen.

Publicly available Internet kiosks and workstations, such as those found inInternet cafés, hotel and airport ?business centers? and trade show floorswere also shown to have multiple vulnerabilities. Widely available?keyboard logging? software could be secretly downloaded and installed onpublic terminals that have not been properly secured, allowing acyber-criminal to collect and steal passwords and other privateinformation. Even a properly secured workstation can leave a businesstraveler vulnerable to password theft ? by low tech ?shoulder surfing.?





David Burt
Public Relations Manager

Secure Computing®
Securing connections between people, applications, and networks?
<http://www.securecomputing.com/>www.securecomputing.com
NASDAQ: SCUR

1-206-892-1130 (Direct Phone)
1-800-971-2622 (Main Phone)
1-206-683-9508 (Mobile Phone)
1-206-834-1788 (Fax)
<mailto:David_Burt@xxxxxxxxxxxxxxxxxxx>David_Burt@xxxxxxxxxxxxxxxxxxx

Secure Computing Corporation, Seattle Office
900 Fourth Avenue, Suite 3600
Seattle, WA 98164
USA



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Microsoft Caller-ID (AKA son of SPF)
Next by Date: [IP] using cell phones to cheat in classes...
Previous by thread: [IP] Microsoft Caller-ID (AKA son of SPF)
Next by thread: [IP] using cell phones to cheat in classes...
Index(es):
- Date
- Thread