Tom Sanders at RSA Conference
in San Francisco
08 Feb 2007
More than half of the computers used by security experts attending the
RSA Conference in San Francisco this week lack the proper protection and
may have been compromised, according to wireless security firm
The company scanned all wireless traffic on the first day of the
conference and found a total of 623 Wi-Fi enabled notebooks and mobile
Some 56 per cent of these devices were configured automatically to
log-on to networks with common names such as 'Linksys' or 'T-Mobile', a
feature known as an open access wireless account.
Attackers could exploit the feature through a so-called
man-in-the-middle attack in which a rogue access point is set up with a
Service Set Identifier that is identical to the common service.
The attack could gather confidential information, or exploit unpatched
vulnerabilities in Windows to take control of the victim's system.
The RSA Conference provided attendees with a safe wireless network, but
it was so difficult to apply the security settings required to attach to
the network that a long queue formed at the helpdesk.
Delegates at security conferences are known to show off their hacking
skills. AirDefense found two rogue access points masquerading as the
official conference network, one of which included a forged security
Five other rogue networks mimicked common hotspot names from local
hotels or service providers.
Subscribe to the InfoSec News RSS Feed