Notebook Users Under Attack at Security Conference

AirDefense sites numerous incidents of wireless vulnerabilities at RSA show.
Posted February 8, 2007

David Needle

You might think attendees at a security conference would take extra precautions to ensure their notebook's safety. Think again.

According to mobile security vendor AirDefense, some 56 percent of 623 wireless devices at the RSA conference in San Francisco were susceptible to attacks based on its study of wireless traffic at the show Tuesday.

But AirDefense puts the blames on users, not conference organizer RSA.

"RSA does a good job of providing a secure network as good as any standard corporate network," Richard Rushing, chief security officer at AirDefense, told internetnews.com.

The problem, Rushing said, is that among the thousands of attendees with notebook computers, PDAs and other wireless devices, most are vulnerable to attack because they use or maintain an open access wireless account separate from the conference network.

"People are using wireless, which is a good thing," said Rushing, "but they're connecting at hotels and hotspots in an insecure manner." Even if the user intends to use a secure network as a main point of access, these open accounts, if not deleted from a user's preferred list of network access points, can be exploited.

Specifically, Rushing said AirDefense identified 70 devices onsite at the conference participating in ad-hoc, peer-to-peer (define) networks using common SSID's (Service Set Identifiers) (define) such as "Free Public WiFi," "Free Internet Access" and "Linksys." Use of these networks typically means no firewall is present on the wireless interface, or it is an un-patched Windows system that can be readily exploited.

"It's low-hanging fruit for attackers," said Rushing.

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.