By Humphrey Cheung
Security - TGDaily.com
August 11, 2008
Las Vegas (NV) - Smartphones are great for texting and surfing the web,
but many of those applications have absolutely no security according to
security researchers at the recently completed Defcon computer security
conference. Volunteers at the Wall of Sheep told TG Daily that mobile
application developers are emphasizing usability over security. They
add that many secure desktop applications become unsecure when ported
over to the smartphone environment.
The Wall of Sheep team has 10 core people and approximately two to three
times as many "floaters", curious people who drop in to help out.
Using open source tools like ettercap, Wireshark and the BackTrack
distribution, the team sniffs network traffic and posts login
information (partially obscured) on a projector for all to see. Team
members told us that many new volunteers often start laughing and
"cracking up" when they capture their first passwords. "They think
we're running complicated tools, but it's really easy," team member
"Cedox" told us.
Perhaps the most embarrassing "ownage" was Mr. Joseph Simon who had his
credit card and other personal identifying information captured by the
team. The posting of login information isn't done with malicious intent
and is meant to improve security awareness amongst the attendees and the
team will remove login names upon request. At least ten people took
advantage of that "service" at Defcon. In fact, so many people asked to
be de-listed that team members fashioned up a crude table-top sign
advertising the fact.
Visit Defcon Pics - Defcon Memory Repository