Democratic Convention Computer Security Threat? 337
Hiawatha writes "Excuse me for tooting my own horn, but check out my story in today's Boston Globe about a possible security problem at the Democratic convention next week. If visitors plug insecure laptops with wireless connections into the convention's wired network, there could be trouble..."
anybody setting up an AP? (Score:5, Funny)
Re:anybody setting up an AP? (Score:2, Funny)
Hey, if every Republican on Slashdot chipped in a buck, we could provide a $200 purse for the first person to put a pic of Monica Lewinski on the Jumbotron.
Re:anybody setting up an AP? (Score:2)
Re:anybody setting up an AP? (Score:5, Funny)
I mean, KERRY EATS BABIES!!!
Yeah, that's what I meant to say.
Re:anybody setting up an AP? (Score:2)
Oh yeah, no bias there.
Not a realy problem (Score:3, Interesting)
I don't think there will be too much trouble with this. Just another company spreading the FUD trying to make a buck.
Re:Not a realy problem (Score:4, Interesting)
Re:Not a realy problem (Score:2)
Uh, so they are going to ban laptop's?
Quite the opposite, probably, since they're giving press credentials to bloggers like Atrios and DailyKos. Presumably they're hoping that they'll blog right from the convention floor.
Um... "Hiawatha Bray"? (Score:4, Funny)
Re:Um... "Hiawatha Bray"? (Score:5, Informative)
ummmmmmm... is that your real name?
yes, that's his real name [monitortan.com]. He's been regurgitating FUD pieces in the Globe for years now...
Re:Um... "Hiawatha Bray"? (Score:2)
Sure enough, we've had a few visits [google.com] from him in the anti-spam newsgroup also, and it was blatantly clear he had no intention of being informed and/or educated... he was just fishing for sensation.
Yes, he's a technology writer for the Globe... (Score:2)
...and of(I believe, hard to judge from the one photo I've seen of him) of African decent, so stop trolling.
Oh, and he has posted both stories and comments before on slashdot, and written articles for the globe on topics slashdot has brought attention to.
I think he dumbs down his articles too much for the Globe(or it would be nice to see some high-level articles, not just simple stuff), given that the Boston area is the technology center of the east coast- but otherwise, I like what he does.
I have zer
Re:Yes, he's a technology writer for the Globe... (Score:2)
Ah, um, yes - so that explains why he's named after an American Indian from Longfellow's poem Hiawatha [virginia.edu]
Forgiveth me for being such a racist troll..
Re:Yes, he's a technology writer for the Globe... (Score:2)
Re:Um... "Hiawatha Bray"? (Score:2)
Re:Um... "Hiawatha Bray"? (Score:2)
What? (Score:4, Funny)
Well at least it would, but I wound up disabling all that so the CEO could get on E-Bay.
Re:What? (Score:2)
You mean they willingly talk to any old spoofed MAC address?
Re:What? (Score:2)
What? You mean those goofy numbers are actually important to the level 2 switching equipment...
For the record, cloning the MAC number from your desktop to a broadband router is rather straightforward. Your router is plugged into the same port on the same network, and is merely assuming the ID of your computer.
If you try to have
Re:What? (Score:2)
You can get MAC addresses by hearing broadcasts, so finding them is easy. As for overridding the switches MAC table, you can sometimes flood them with a ton of traffic (with a flood of bogus MAC addresses), which can allow the spoofed one to be right "right" port.
Don't think that just because you have a switched environment you're safe from spoofing.
But, but, but... (Score:5, Funny)
Re:But, but, but... (Score:2, Funny)
Re:But, but, but... (Score:2)
That's funny!
Reference [useless-knowledge.com]
Re:But, but, but... (Score:2)
I know, Democrats [boston.com] never [amazon.com] do anything wrong.
Those two links suck, but you get the idea. Politics is all a bunch of corrupt lawbreaking, no matter WHAT side you're on.
Re:But, but, but... (Score:2)
Those two links suck, but you get the idea. Politics is all a bunch of corrupt lawbreaking, no matter WHAT side you're on.
True enough, but Republicans have raised criminal behavior to an art form.
Re:But, but, but... (Score:2)
Re:But, but, but... (Score:2)
True enough, but what if some of them Liberals get the idea that they should crack their own net and blame it on the Republicans?
Did ya think of that?
Or what if some "rough" Republican crack the convention network and blames it on a Democrat, saying they are trying to discredit the Republicans?
Or what if some . . .
umm, never
yeah, really (Score:2)
so what's new? (Score:5, Insightful)
Even the SANS conference, with all the security gurus, had issues with providing network connectivity. That is why they longer provide network connectivity, WiFi or otherwise, in classrooms.
Re:so what's new? (Score:2)
Re:so what's new? (Score:2)
Stupid fears.... (Score:3, Insightful)
So... let me get this straight... they are going to connect to my laptop's wireless NIC, and then piggyback onto the wired connection? Riiiiight... This would be tough to accomplish... even in Windows.
Maggio said that an attacker with a high-powered WiFi access point could set up shop outside the FleetCenter, and communicate with WiFi laptops on the inside. If these laptops haven't been protected with the latest security patches, a skilled intruder will be able to gain access to the laptop. He could then leapfrog onto the Democrats' network, allowing him to steal information or vandalize computers. ''By being on both networks at the same time," said Maggio, ''that can compromise the entire network security."
Odds are, these laptops have already been 0wn3d..
Re:Stupid fears.... (Score:3, Interesting)
Re:Stupid fears.... (Score:3, Informative)
Yes, because clicking on bridge connection is SO difficult *cough*.
Re:Stupid fears.... (Score:2)
Easy to accomplish (Score:2)
I'm sure a virus or 2 is out there to do this for you automatically..
Only takes one malicious ( or clueless ) person..
Obligatory MS Bashing ... (Score:3, Funny)
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Let the oxymoron jokes commence!
SteveM
Re:Obligatory MS Bashing ... (Score:2)
Re:Obligatory MS Bashing ... (Score:2)
1.) security specialists from Cisco Systems Inc, and
2.) Microsoft Corp.
Surely nobody could possibly confuse the two.
Democrats have techies on their side... (Score:5, Funny)
ObCounterMeme (Score:4, Informative)
Har. Har.
It was Republicans who invented that claim. What Gore actually said was "I took the initiative in creating the Internet". Robert Kahn and Vinton Cerf -- two of the people who did "invent the internet" have publicly stated that "Al Gore was the first political leader to recognize the importance of the Internet and to promote and support its development." Repub spinmasters pushed the reworded version hard as part of their successful effort to exaggerate Gore's supposed exaggerations.
(The Repub spin this time around is that Kerry always "flip-flops". That's the script, and they're pushing it hard. I guess this is to distinguish him from Bush, who sometimes flip-flops and sometimes sticks to his opinions ... regardless of the facts.)
Re:ObCounterMeme (Score:4, Informative)
Nope, not exactly. ARPAnet was in place, but that and the modern internet (even that and the 1980's Gopher/WAIS type internet) are very different beasts.
To use your analogy, it's more like people saying that Gottlieb Daimler didn't really invent the modern automobile because internal combustion engines already existed. They existsed in a different form, limited in use and ability, and he turned it into something usable in a car, but he didn't invent the engine.
Likewise, Gore didn't invent ARPAnet, but he was one of the primary people pushing open, non-military use of it.
-T
Re:Democrats have techies on their side... (Score:2)
Don't worry, the big daddies are in control (Score:2)
Nothing to see here. Move along.
really secret stuff (Score:5, Insightful)
I don't see how the security vulnerabilities at the DNC are any different than any business, convention, or hotel on any day in any city.
The should confiscate the following... (Score:2)
Re:The should confiscate the following... (Score:2)
Not the biggest news about the DNC (Score:2)
Re: (Score:2)
Re:Not the biggest news about the DNC (Score:2)
Hmmm not really democratic specific... (Score:4, Insightful)
Re:Hmmm not really democratic specific... (Score:2)
Re:Hmmm not really democratic specific... (Score:2)
Not sure how you can say that. It is specifically about wifi access that the Democratic National Convetion. I don't see any bashing going on in the article.
Hey... (Score:4, Interesting)
As long as Globe writers are reading Slashdot, perhaps someone could clarify this mystery:
- Yesterday's paper claimed that "11% of Boston businesses" believe they'll make more money as a result of the DNC, with 78% expecting the same or less>
- Today's paper featured the Causeway Street pizzeria owner who put up a pro-Bush banner and is closing his store for the week and going to Canada, expecting more trouble than business if he stays open.
Excuse me? If a guy who owns a freaking pizzeria across the freaking street from the Fleet Center doesn't think the convention is worth any money, who the hell are those 11% of business owners who think they'll benefit?Re:Hey... (Score:2)
Re:Hey... (Score:2)
Heh. Shows what lengths some people will go to to avoid exposure to opposing opinions. If it's the place I'm thinking of, they've got a TV in there that's usually tuned to Faux News ("We Distort, You Comply").
To be fair, I'm not entirely sure I blame him, though I like to think I'd stick it out if I was in a similar positi
Re:Hey... (Score:2)
Other business are being crippled, other reports have talked about smaller stores that may not survive a week of no one being able to get to them.
If Menino (the Mayor of Boston) wasn't so high on himself, he would've put thet convention at the super modern brand new convention center where it wouldn't have impacted anything, but no... he wanted to show off the city and as a result totally screwed up
Re:Hey... (Score:2, Funny)
Quakecon? (Score:2, Insightful)
Somewhere.... (Score:2, Funny)
Basic precaution (Score:5, Insightful)
That way, sure someone can hijack a laptop, but all they get to do is piggy back on the Democrat's internet connection or target other machines on the untrusted network.
Sure it's possible they haven't thought of this, but it's such a basic precaution I find it hard to believe. If they're letting any untrusted computers on to their network they have to treat the physical network like the internet - untrusted jsut like the guest PCs.
Re:Basic precaution (Score:2)
Page 107 of the O'Rielly Building Internet Firewalls
Re:Basic precaution (Score:2)
This is my principle problem with the article in question. The actual people running the convention only get a brief paragraph in the end saying this:
Lina Garcia, press secretary for the Democratic convention, refused to say whether such a system is in place in the FleetCenter. Indeed, she refused to offer any details about computer security plans, to keep potential intruders in the dark.
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security spec
I care about closures, rights, financial losses (Score:3, Informative)
I don't give a hoot about their wireless network. What I care about are the massive road closures. Virtually every major route in and out of Boston, and several arteries, will be either completely or effectively closed down, starting as early as 3pm.
I-93 is being completely shut down through Boston, despite being a major interstate. The secret service is to blame for inventing imaginary truck bombs and placing the possible risks to security of the privileged few over the livelihoods of hundreds of thousands, if not millions, of people- workers in Boston were essentially told to fuck off and take a vacation during the convention. Menino and the DNC are to blame for ignoring obvious potential "security considerations" inherent in the Fleet Center; the new convention center would have done nicely, except it wouldn't have gotten the delegates their precious stadium seating, nor would it have given the press their precious skyboxes. Oh, and it would have meant a longer cab drive to the hotel. Boo hoo, poor rich politicians.
I can't see Kerry doing very well at all in working-class neighborhoods in eastern MA. In fact, I'd be willing to bet he'll loose them in a landslide. Virtually everyone I've met who has to commute into boston is unbelievably -PISSED- at the convention.
Oh, and then there are the random package searches on the MBTA, the closing of North Station (which is IN the Fleet Center), the mandatory searches on the Orange Line...what else? Oh, the Boston Patrollman's Association is going to be picketing ALL the DNC parties, which has hurt the few local businesses which were lucky enough to get some DNC business; losses were estimated at $80M statewide, but will most likely be higher thanks to BPA.
Let's see, what else? Ah, yes. The "internment camp", oops, I mean, "free speech zone", which is a fenced-in pen topped with barbed wire. Yeah, great idea- let's put right-wing nutjobs(Christian Coalition) in with extreme left fruitcakes into a TINY little box, with ONE entrance and ONE exit. Nah, they won't fight with each other!
Re:I care about closures, rights, financial losses (Score:3)
The Democrats are *so* lucky they're pulling this fiasco in a state that's completely out of play. If this were Florida or Michigan, Kerry could kiss the election goodbye right now.>
Let's see, what else? Ah, yes. The "internment camp", oops, I mean, "fr
Re:I care about closures, rights, financial losses (Score:2)
Personally, I think this is where the WiFi laptops belong. With webcams. And live pay-per-view feeds. And a betting pool. Oh yeah :)
"Two men enter! One man leaves! Who run Freedomtown? Master Blaster run Freedomtown!"
Re:I care about closures, rights, financial losses (Score:2)
And this'll make you head explode (Score:2)
Have a nice day.
zerg (Score:4, Informative)
Ohmigod!!!!! (Score:2)
Re:Ohmigod!!!!! (Score:2)
There is always the possible that someone could PUT something incremenating onto a system.
Here's what they need... (Score:3, Interesting)
The DNC might want to invest in several of these little goodies [globalgadgetuk.com]. Power them up and problem solved.
Interesting (Score:2)
[I'm mostly joking, but it is somewhat interesting that the two major parties don't even agree on web platforms.]
Technology by President (Score:2, Interesting)
1981 - start of Reagan 1st term. IBM PC barely exists.
1985 - Reagan 2nd term. Amiga still months from introduction.
1989 - Bush Sr. 1st term. Gopher looks like it's going to be a real winner.
1993 - Bill Clinton 1st term. Most people are stil l having trouble accessing more than 1 Megabyte of memory. Microsoft offers users "himem.sys" as a solution. Linux begins to change all that.
1997 - Bill clinton
not illegal -- for Republicans (Score:2, Interesting)
They only need to say that it's part of a terrorism investigation, and then the carrier is required to let them snoop the wired network, and the carrier is prohibited from revealing the snooping -- EVER, even long after the fact -- and, oh yeah, I forgot to mention, no judge or warrant required.
They don't have to do it illegal
A real comedian: (Score:2)
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure." [emphasis mine]
And this, my friends, is why Ke
Aside (Score:2)
So which Party is smart and passionate and which Party gets to be cold and stupid? ;-)
Re:Aside (Score:2, Offtopic)
Well, what I heard went something like this:
Practical security (Score:3, Interesting)
So WiFi security is not something the Convention IT staff can control, with or without WEP
Nearly a 100% of all notebook computers brought to the convention will have WiFi built-in to them. A few sensible folks will have their notebooks configured to only latch onto "known" access points using wep. The rest will have their WiFi settings set to allow both ad-hoc and infrastructure mode and to connect automatically. These people, while probably smart and successful in other ways, are likely to be morons who are network-retarded.
As a result they are unlikely to realise that while they are busy and connected to the wired network, their computers have also connected automatically to the blackHatAP that has been setup in the closed-for-the weekend in the Pizzeria across the street. A convenient and cheap SEP field will prevent them from seeing small message dialogs that inform them of these events.
Some of these notebooks, as a result of belonging to irresponible morons, will already be 0wn3d. They are twice as likely to not be updated using windos update..
In short these computers will behave pretty much the same as the drunk chick flahing her tits at Dayton Beach on spring break (altho why we only see photos of them on the internet and never meet any of these tipsy goddesses IRL is beyond me. Oh wait, that probably cuz I'm here instead of there.!)
I would lay a wager of 10 bucks at odds of 5-1 that at least 5% of the notebooks on-site will automatically latch onto the first available AP AND be unpatched enough to allow arbitrary code execution using a buffer overflow vulnerability on some port OR have a trojan installed which can be leveraged to execute said code
What is the hapless IT support guy to do? Here are a few ideas -
1. Ban all notebooks since you cant physically inspect the WiFi settings for the visitors. This idea will probably get you fired though. The morons are rich and powerful and will get their way in penetrating your network with their toys. Being a BOFH is only going to get you shafted.
2. Set up your own AP with repeaters all over the place and hope the ho-ing notebooks latch on to your WiFi network first. I am sure this is not foolproof, but will probably bring down your risk by 70%. The boundary cases here are truly that - the notebooks on the wifi edge might see a better signal from blackHatAP and kiss up to it.
3. This may not be legal in your Locale/state/country. Adherence to local laws is your responsibility. Disclaimer made, heres the option - Install a jammer for WiFi frequencies. Better yet, if you have the Secret servce on hand, get them to do it. Simple and efficient. Unintended Interference is a bizatch though.
I thought about the option of setting up a WiFi farm that would create its own /. effect on the BlackHatAP but that wouldn't scale well if the BlackHat set up more than one AP....
free advertising (Score:2)
I hope Hiawatha and the Globe paid for the primo advertising spot.
This is even a self-admitted attempt to get more traffic to his own article, which is an article he wrote for pay for a news organization that wants more page traffic. Never mind that he gets paid depending on how many people have heard of him.
So, how much does it cost to buy a slashdot story? Is there a discount for frequent buyers?
Wireless Virus? (Score:3, Interesting)
The trick is being able to turn a normal laptop into an access point, then spreading the virus to other machines as they "automagically" try to connect to whatever AP they can find. Then those infected computers turn into APs, etc.
This has happened before - IETF (Score:2, Interesting)
Better check those pants! (Score:2)
Indeed.
Fortunately, Democrats have been listening to their base, and while network security may be a problem at the convetion, Some Democrats have been moving secret information the old-fashioned way:
In [tnr.com] their [belgraviadispatch.com] pants. [washingtonpost.com]
Happily, they still have time to make sure that those who disagree with them will have to sit at the back of the bus:
Cement barriers, 8-foot-tall chain-link fencing, and heavy black netting have been installed around the protest zone outside the FleetCenter, angering pr [instapundit.com]
This has already happened in the past. (Score:3, Insightful)
Pull the plug on them. (Score:3, Interesting)
Maybe they should hire Nigerian guards.
Signs would be posted all over -- "TURN OFF YOUR WIFI OR YOUR NETWORK CONNECTION WILL BE TURNED OFF. If you do not know how to do this, please call 1-900-xxx-xxxx ($3.95/minute) for assistance." Using the number of a phone sex line would not be funny. (OK, yes it would, but it's still not a very good idea.)
Mal-2
Re:At Least It Isn't MS (Score:3, Insightful)
Re:Insecure laptops with wireless connections? (Score:2, Funny)
[checks percentage of laptop users who run Linux]
If so, prepare for a landslide Republican victory the likes of which has never been seen...
Re: Yes (Score:2, Interesting)
Re:Insecure laptops with wireless connections? (Score:2, Interesting)
Re:Insecure laptops with wireless connections? (Score:2)
Re:Insecure laptops with wireless connections? (Score:2, Insightful)
Re:Troll ... (Score:2, Interesting)
Repeat after me: "I am not a party. I am a person. I will cast my vote for the person who is most likely to represent me even though it may NOT be the choice of my employer, my friends, nor my family's historical voting record, nor anyone else's interest. I will vote for myse
Re:Troll ... (Score:2)
Re:Troll ... (Score:3, Insightful)
A friend of mine said the same thing. He of course wants Kerry to win. I then reminded him that in California, there is no chance at all that Bush will take the electoral votes. Since I normally vote Republican or Libertarian, I would actually be taking away a vote for the Elephants by voting Libertarian.
If you live in California, you too can vote your conscience, whatever it may be, and not worry about Kerry not
Re:Troll ... (Score:2)
You mean, unlike the electoral college system of electing presidents?
Re:Troll ... (Score:2)
Re:to stop wifi... (Score:2, Informative)
Re:same network? (Score:2, Informative)
Re:Prevent Wireless (Score:2)
Re:That Certainly Puts My Mind at Ease (Score:2)
Well the fact is that Microsoft supplied most of the attendees OSs. I would have to say that microsoft knows how to secure their software more then anyone else.
Perhaps they should have gotten Linus to help them secure the XP machines. Would that make more sense?