Going Public With Sensitive Data
Forget phishing for your passwords via dodgy emails. Just use Wi-Fi.
Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.” The full report is available (in PDF format) here.
Posing as a business traveler, the author “found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information”. Wireless access points are especially vulnerable: “Tests conducted at an airport Internet cafe and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless ‘sniffer’ software.”
Even hotel broadband is risky. Canola/Jones shows “how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have file sharing” enabled on their PCs. Corporate data and passwords can easily be stolen.” Gulp. Other holes: keyboard logging software secretly installed on public terminals, and the hardy perennial, shoulder surfing, where a ne’er-do-well passes your terminal just as you happen to be entering a banking password.
Needless to say, this is all pretty scary. And Secure Computing would like to offer you a solution: their “two-factor authentication SafeWord line of tokens” which generate one-time-only passcodes for each user session. But there are other ways of foiling most of these exploits: Firewalls on your computer, common sense (don’t go to important websites like Internet banking on a public computer), and only using public Wi-Fi when you a) know it’s encrypted and b) you’re not dealing in sensitive data. Have I forgotten anything?
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
26. February 2004 by jeremy
Categories: Security | Tags: airport Internet cafe, author, broadband, Computer security, Cryptography, Even hotel, File sharing, Hospitality/Recreation, hotel network, Identity management systems, Internet banking, Internet Investigations, keyboard logging software, Password, Password strength, PDF, phishing, Secure Computing Corporation, Two-factor authentication, Wi-Fi, wireless access, Wireless access point, Wireless access points, Wireless LAN security, Wireless networking | Comments Off on Going Public With Sensitive Data