War stories

Warning: Many hotel access points are not secure

We've all heard war stories of Internet hot spots that are actually too hot (with bad guys capturing keystrokes). And yet, millions of web surfers use this convenient, free online access every day.

What should be the message from the security community? More important, what are you and your colleagues doing?

Government Computer News recently published an article on this topic entitled: Beware of hotel Internet connections.  The article discusses a recent study from the Cornell University School of Hotel Administration.  Here's an excerpt:

"One hundred forty-seven hotels responded to a written survey sent out by the researchers, asking about each hotel's network infrastructure. In addition, the researchers paid a visit to 46 hotels in person in order to surreptitiously scan their networks. The hotels surveyed ranged from family-oriented hotels to those serving more of a business clientele.

They had found that 20 percent of hotel networks use simple hub topologies, in which every packet from every user gets broadcast to every other user. This is an unsecured network, the researchers warned. "

Of course, hotels are not the only places to worry about when it comes to Internet security.  We can add in airports, restaurants, coffee shops and more.  Back in March, Sci-Tech Today published the article, "Your Data Can Be Stolen on Airport Wireless Networks."  The scary results from research conducted by AirTight Networks revealed:

"...With little effort the researchers were able to see what Web surfers were looking at, and even capture their cookies (small text files that allow Web sites to identify and track users). "There's a huge data-leakage exposure," Baglietto said. "We're able to track people's cookies in the air, and once you start getting a user's cookies, you could impersonate that user" to steal their banking credentials, for example."

The article goes on to describe insecure access points and viral connections. (That is: "A laptop with this infection broadcasts itself as a free mobile hot spot. Other laptops inadvertently connect to it since it has a strong signal that wireless cards search for. Once connected, a laptop becomes infected itself and convinces other computers to connect to it.")

 Bottom line, beware of virtually all hot spots. In a word, just beware. I know that this advice will be seen as overkill by many in (and out of) the technology world. I understand their viewpoint. I'm often tempted to use these wireless networks, especially if my air card, blackberry  or phone reception is weak inside a building.

Since I write this blog for CSO, I am essentially preaching to the choir. And yet, we need to get this message out to the rest of our company employees, friends, family and others.

Any ideas on how to get the word out without sounding like Chicken Little? 

Copyright © 2008 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)