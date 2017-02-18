RSA Conference Attendees Get Hacked (esecurityplanet.com) 33
The RSA Conference "is perhaps the world's largest security event, but that doesn't mean that it's necessarily a secure event," reports eSecurityPlanet. Scanning the conference floor revealed rogue access points posing as known and trusted networks, according to security testing vendor Pwnie Express. storagedude writes: What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...
At least two people stayed connected to a rogue network for more than a day, according to the article, and Pownie Express is reminding these security pros that connecting to a rogue network means "the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim's communication."
So a few people ran WEP encryption on their networks, and a few others used rogue access points.
You want to talk about getting "hacked" let's talk about what was found. Did anyone give up credentials or sensitive details? Did anyone have something important revealed in a MITM attack? Did someone find something on those WEP networks? Just because we connect to something doesn't mean we trust it or aren't taking precautions. If you're rogue and providing me internet access, and all I'm doing is routing through your access via VPN that doesn't mean I got hacked.
The devil is in the details, at least it would be if we had any.
If you're interested, most people would agree that when you connect to a defcon wifi network you should probably be... cautious. Let's face it, Defcon is to RSA from an info-risk pov as walking in downtown NY at 1am is to walking around the North/South Korean DMZ at 1am. Both are hazardous, but one of them is just plain insane.
Now watch this: https://www.youtube.com/watch?... [youtube.com]
That's the 'so what'.
And keep in mind that most ppl are still using the same passwords on multiple sites.
Oops.
Seriously? Hacked is hardly what happened here. There's quite a large gap between hacked and *possible* eavesdropping. Did they get into their computer? Compromise their bank account? Did they get anything at all? Where exactly is the news in this again?
Why would a "rogue" access point that actually delivers your packets be bad? A non-moron already treats all networks more exposed than your cluster's interconnects as untrusted, this goes for granted for any public network you connect to -- especially at a security conference where there will be some attacks (even if not malicious).
Why would a "rogue" access point that actually delivers your packets be bad?
Because unfortunately not everything is hardened against MitM attacks yet. Everything should be, but not everything is.
VPN protects against MitM. Are we assuming everyone was using that for some reason?
There are a number of common vulnerabilities in corporate VPNs. The newest major ones, which came out in the last few months, are Sweet32 and a certificate validation bug. Aggressive mode IKE is also still quite common, though it's long been known to be less secure than desired. Just thinking about my recent experience testing corporate VPNs, without actually querying my database for exact numbers, I'd say around 50% of corporate VPNs are insecure to varying degrees.
BEAST, CRIME, BREACH, Sweet32 etc (Score:2)
A large number of vulnerabilities require MITM as prerequisite. These are also the vulnerabilities most likely to go unpatched, as people think the requirement for mitm makes the attack much less likely.
In the last few years, just against https alone, and only considering high-profile, named vulnerabilities, we have BEAST, CRIME, and BREACH off the top of my head. There are twice as many that don't have cool names, they're known as CVE-2016-xxxx.
And how many of those people who connected to these access points were doing the same type of monitoring, in reverse. Such as testing to see how exploitable these fake APs are!?
Cellular is usually expensive, slow, capped, and uses a lot of power compared to wifi. I don't do private stuff on unknown wifis.
Cellular is usually expensive, slow, capped, and uses a lot of power compared to wifi.
Yeah, no.
Get a better service provider/plan/device. I have unlimited 4g/LTE -which has better throughput than a shared wi-fi resource, and I have not had battery issues on my mobile devices in the past year or so. That used to be the case, but it really is not a valid excuse anymore. Welcome to the modern age!
Ah. I would use all that easily for personal usage.
As of this week, all of the four major carriers are offering unlimited data that is not "deprioritized"* until you go over 22GB - 28GB.
When we were living in an apartment where wifi interference was horrible. We typically just turned off wifi and used cellular from our phones. (We also had 100 foot cords running to all three bedrooms from the router but that's a different story....)
I pay $200 on T-Mobile for 5 lines unlimited data with 14GB of tethering on each line.
Depriorotized -- your data is slowed down temporarily in congested areas to allow others to go at full speed when you go over the cap.
Throttled -- your speed is slowed down permanently to 2G speeds for the rest of the billing cycle when you go over the cap.
that's why VPN or equivalent is needed in public (Score:3)
I use a homebrew equivalent of VPN whenever I'm in public. Started when I realized a hotel was messing with my HTTP traffic! Crucial of course is reliable access to DNS - if that's broken then even connecting HTTPS can get you in trouble if someone has gotten hold of a signing certificate and does man in the middle.
This stuff is just to hard for the average user.
