Bloggers howl after conference snoops on 'secure' network

Bloggers howl after conference snoops on 'secure' network
Bloggers howl after conference snoops on 'secure' network 

By Dan Goodin in San Francisco
The Register
15th October 2009

Organizers of last week's SecTor security conference collected names, 
passwords, and all other traffic passing over two Wi-Fi networks 
provided to attendees, including one that was encrypted, the event's 
director has confirmed.

Borrowing a page from the Wall of Sheep at the Defcon hacker conference 
each year in Las Vegas, the exercise was designed to draw attention to 
the perils of public networks, conference organizer Brian Bourne told 
The Reg. Indeed, Bourne - who is the director of Black Arts Illuminated, 
the company that puts on the event - found partly obscured credentials 
for his on Twitter account on the SecTor Wall of Shame.

But what made the Wall of Shame different - at least to some attendees - 
was the sniffing of a network that was represented as secure. The 
wireless connection carried an SSID named "Sector2009Secured" and was 
encrypted using the WPA, or Wi-Fi Protected Access, protocol. Before it 
could be used, attendees had to stop by a booth sponsored by Canadian 
security vendor eSentire to retrieve the network's pre-shared key.

"In 2009, we still have so many applications leaking credentials onto 
the wire, and we have people still deploying and using insecure 
protocols," Bourne said. "Our intention with the Wall of Shame was to 
highlight that."


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods