Thursday, October 8, 2009

The HitchHiker's Guide to Security Con's Networks

JJ over at Security Uncorked wrote a thoughtful piece on SecTor 2009's Wall of Shame. JJ's explanation of the whole issue and the technical details is well worth the read, but to summarize it's a common feature at security conferences with the purpose of demonstrating that password and other sensitive information transmitted in plaintext (not encrypted) can be easily intercepted.

The point of the Wall of Shame is that it's never safe to transmit sensitive information in the clear and really if you're a security professional you should know better.

I'll say that again, if you're a security professional you should know better.

So here are some suggested rules if you're at a security conference:

  1. Don't use the wireless network
  2. Always assume someone is intercepting traffic and displaying it on a big screen somewhere
  3. Always assume that someone with less than noble intent is intercepting traffic
  4. Always assume that some wannabe is sniffing traffic for some reason
  5. Use a VPN, SSL or properly encrypted cellular network

To be fair though, if you've configured your software to transmit over an encrypted channel or assume that the traffic is encrypted, you might be in for a surprise as one of the conference organizers was when they learnt that there software did not work as expected.

No comments:

Post a Comment