More than half of the computers used by security experts attending the RSA Conference in San Francisco this week lack the proper protection and may have been compromised, according to wireless security firm AirDefense.
The company scanned all wireless traffic on the first day of the conference and found a total of 623 Wi-Fi enabled notebooks and mobile phones.
Some 56 percent of these devices were configured automatically to log-on to networks with common names such as 'Linksys' or 'T-Mobile', a feature known as an open access wireless account.
Attackers could exploit the feature through a so-called man-in-the-middle attack in which a rogue access point is set up with a Service Set Identifier that is identical to the common service.
The attack could gather confidential information, or exploit unpatched vulnerabilities in Windows to take control of the victim's system.
The RSA Conference provided attendees with a safe wireless network, but it was so difficult to apply the security settings required to attach to the network that a long queue formed at the helpdesk.
Delegates at security conferences are known to show off their hacking skills. AirDefense found two rogue access points masquerading as the official conference network, one of which included a forged security certificate.
Five other rogue networks mimicked common hotspot names from local hotels or service providers.
Security experts beaten at their own game
By Tom Sanders on Feb 9, 2007 12:22PM