TELECOM Digest OnLine - Sorted: 'Ethical Hacker' Reveals Trade Secrets


'Ethical Hacker' Reveals Trade Secrets


Daniel Sieberg (cnn@telecom-digest.org)
Sat, 1 Oct 2005 12:52:04 -0500

By Daniel Sieberg

ATLANTA, Georgia (CNN) -- What comes to mind when you think of
wireless Web surfing? It may not be security, or lack of it. There are
nearly 30,000 public wireless "hot spots" in the United States at
places such as parks and cafes, but there's more to consider than just
where to log on. The convenience comes with a caveat.

"Understand that the information you're sending is very similar to
standing up here in the park and shouting out all the information --
would I normally do that?" said Richard Rushing, a wireless expert
with security firm Air Defense who visited an Atlanta park to show
security vunerabilities.

Rushing is considered an "ethical hacker" and works with companies to
strengthen their wireless networks. He said many people don't realize
they could have all their personal data stolen while checking out
their checking account.

"It's great to be able to sit somewhere and work without having any
wires attached, no nothing attached, but you have that risk that it
comes back to," Rushing said.

At the park, Rushing was able to log onto an unsecured hotel wireless
signal in a matter of seconds. To illustrate how vulnerable such
networks can be, Rushing then sent an e-mail and intercepted the
entire contents of the message. He could've done the same thing to any
of the dozens of people sitting nearby in the park.

"At any point in time, I can reach out and touch everyone's laptop at
the hot spot, and there's usually not any way of preventing that --
from me touching and looking at other people's stuff at the hot spot
itself," Rushing said.

He also demonstrated a growing concern called "evil twins" -- fake
wireless hot spots that look like the real thing.

For example, he said, a hacker could be sitting around the corner
sending out a wireless signal. It may look like a legitimate one, even
offering people a chance to sign up for service. But if you log on,
the hacker then would have complete access to your machine.

He said anybody with some tech know-how and the right tools can break
into the basic level of wireless security that's commonly used. There
are even how-to video instructions online.

Rushing said people need to imagine that nothing is truly private at a
wireless hot spot.

"A lot of the time you really want to stay away from doing certain
things at the hot spot that you would normally not do if you knew
somebody would be watching," he said.

Nevertheless, Rushing doesn't discourage using wireless. He tells
people to be aware of what they're sending and the potential for
theft. In other words, it's a good chance to read the baseball scores,
but even if you're sitting by yourself, it doesn't mean you are all
alone.

There may be no wires attached, but the convenience still comes with
strings.

Copyright 2005 Cable News Network LP, LLLP.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, Cable News Network LP, LLLP.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Daniel Sieberg: "Hackers Shift to Financial Gain"
Go to Previous message: TELECOM Digest Editor: "State of the Internet, 2005"
TELECOM Digest: Home Page