Slashdot Mirror
Democratic Convention Computer Security Threat?
Hiawatha writes "Excuse me for tooting my own horn, but check out my story in today's Boston Globe about a possible security problem at the Democratic convention next week. If visitors plug insecure laptops with wireless connections into the convention's wired network, there could be trouble..."
Hm. Taking over the Jumbotron is probably the ultimate "Capture the Flag" contest.
---- join dshield.org Distributed Intrusion Detec
Democratic Convention = Security Threat
... the other threat is the Republican convention.
threat to your wallet, too.
In the spirit of bipartisanship
Be sure to register and vote ; even it's for the lesser of two evils.
Since the NSA is releasing security advisories for M$ Products can we expect WiFi to be next? The threat of insecure networks in large companies as well as government agencies should be pretty large. On my commute to work every day in the bay area, I come in contact with hundreds of "free" access points, which are left on because of computer illiteracy.
WiFi 802.11i should solve that though... Sure, it will.
Aj
GroupShares Inc. - A Free and Interactive Stock Trading Community
-------
artlu.net
Don't all democrats run linux?
Boxing Equipment Reviews
From what I have heard, they are not allowing wi-fi of any kind. Not because its a security risk but because it can interfer with the equipment they really care about. the mic's and cameras and radios used to make sure everything goes smoothely.
I don't think there will be too much trouble with this. Just another company spreading the FUD trying to make a buck.
ummmmmmm... is that your real name?
Your hybrid is not saving the environment. Its purpose is to make you feel good about buying something.
The internet is so conjested with other systems trying to get into my system right now, what makes this any different?
Well at least it would, but I wound up disabling all that so the CEO could get on E-Bay.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that...
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
the article doesn't contain any new info. Everyone know how unsecure network connections can be at conventions. everyone know they can cause havoc.
Even the SANS conference, with all the security gurus, had issues with providing network connectivity. That is why they longer provide network connectivity, WiFi or otherwise, in classrooms.
Consensus is good, but informed dictatorship is better
The Democratic convention will use a standard wired network rather than WiFi. But according to Maggio, this won't provide any extra security. That's because many visitors who'll plug into the network will have computers with built-in WiFi capability. The WiFi feature is automatically switched on when the computer is running. In effect, the laptop can connect to a wired and a wireless network at the same time.
So... let me get this straight... they are going to connect to my laptop's wireless NIC, and then piggyback onto the wired connection? Riiiiight... This would be tough to accomplish... even in Windows.
Maggio said that an attacker with a high-powered WiFi access point could set up shop outside the FleetCenter, and communicate with WiFi laptops on the inside. If these laptops haven't been protected with the latest security patches, a skilled intruder will be able to gain access to the laptop. He could then leapfrog onto the Democrats' network, allowing him to steal information or vandalize computers. ''By being on both networks at the same time," said Maggio, ''that can compromise the entire network security."
Odds are, these laptops have already been 0wn3d..
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Let the oxymoron jokes commence!
SteveM
It seems to me, even if you got into a laptop, the network should have enough security that, well, you could get to other laptops, but not to the main servers.
And I don't know about you guys but every time I've tried to work with connection sharing, it has required intervention on the machine that I was using to bridge the networks. It seems to me, if the servers are set up correctly this is more a case of chicken little.
=================
Unix is very user friendly, it's just picky about who its friends are.
QUOTE: "But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp." Yeah, I trust them.
How can they get hacked when it was AL Gore who invented the internet...
Easy solution. Change the wallpaper.
--
Are you a Chipotle Fan?
<snicker>
Why would they allow public access on the same network as sensitive info. I really can't believe that's true.
GETPKG - Package Management for Slackware
Maybe this is an issue that my little engineering brain can't understand (and if so, I would appreciate knowing why), but why can't they just have all laptop users disable their WiFi connections? Why would they have to block all computers with WiFi from participating at all?
Live free or die
Insecure laptops probably just need reassurance from their mother. Unsecure laptops, on the other hand....
http://networks.silicon.com/lans/0,39024663,391215 01,00.htm
--
Are you a Chipotle Fan?
Anti-Bush fanatics are so cute when they're foaming at the mouth....
"But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp."
We all know how competent those Microsoft security experts are. So, how many unpatched holes are still in IE?
You teach a child to read and he or her will be able to pass a literacy test. - George W. Bush
Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Nothing to see here. Move along.
"with their freedom lost all virtue lose" - Milton
Why don't they just use a PDA equipped with wireless network-clogging ability to disable all wireless networks?
...A huge faraday cage...
Maybe somebody at the DNC has compromising pictures of George Bush getting wads of money stuffed up... oh wait, that wouldn't be news. (Same applies to Mr. Kerry) Just what sort of top secret information does anybody expect to snag? This is a planned media circus, not a cigar smoke-filled warroom meeting.
I don't see how the security vulnerabilities at the DNC are any different than any business, convention, or hotel on any day in any city.
He could then leapfrog onto the Democrats' network, allowing him to steal information or vandalize computers. unless proper precautions are taken, computer vandals will be able to tap into these laptops by using wireless transmitters located outside of the FleetCenter. The attackers could then use the compromised laptops to gain access to the computer network used to run the convention. Call me stupid, but the essence of this article is: "It is possible to get access by WAN to laptops that access the LAN. Thus an intruder can attackk the server that run the convention by magic tools that immediately destroy the servers.", no?
"All you have to do is be fragile and grateful. So stay the underdog." Chuck Palahniuk, Choke
Any decent IT manager knows that wireless networks pose a security threat, but precautions can be taken to eliminate these threats. Just some thoughts: 1) Anyone with a wireless laptop gets placed on a completely different subnet, 2) use WEP to keep out the idiot hackers 3) place a firewall and other security devices between the wireless portions of your network and anything important 4) etc. Point is, wireless is only a major issue for morons.
What is your penile percentile?
"I don't think it's selfish, to eat defenseless shellfish." -NOFX
...and of(I believe, hard to judge from the one photo I've seen of him) of African decent, so stop trolling.
Oh, and he has posted both stories and comments before on slashdot, and written articles for the globe on topics slashdot has brought attention to.
I think he dumbs down his articles too much for the Globe(or it would be nice to see some high-level articles, not just simple stuff), given that the Boston area is the technology center of the east coast- but otherwise, I like what he does.
I have zero respect for reporters who simply watch the wire and rewrite AP/Reuters articles, and I've seen some pretty bad(ie, barely qualifies as a "rewrite") articles from tech reporters.
Please help metamoderate.
The vandals could obtain sensitive information related to the campaign of presidential candidate John Kerry.
Because you can never know too much about what a presidential candidate ate for breakfast.
Or they could unleash an attack that would bring down the network and throw the convention into chaos.
I thought all these political conventions consisted of was pure chaos? The political machine draws on entropy, if these things provide further chaos and uncertianty to the issues then I'd assume the campaigners would be in favor of it.
-Adam
ignorance is bliss
That makes me wonder why John Kerry looks so sad...
So... let me get this straight... they are going to connect to my laptop's wireless NIC, and then piggyback onto the wired connection? Riiiiight... This would be tough to accomplish... even in Windows.
While it's not as simple as some script kiddie attack (yet), XP has the ability to bridge two network connections built in. And it works pretty well.
Using one of the numerous remote access flaws in XP (assuming the computer isn't fully patched, which is not a bad assumption to make), you inject a program which gives you access to the machine, and then you bridge the conenction from the wired to the wireless. Done and done, you have a wireless->wired bridge and you can sniff the whole wired network away, or at least the segment you happen to be connected to.
It's not implausible. Unlikely, perhaps, but it can be done without more than, say, a couple days work by somebody who's reasonably familiar with some windows flaws.
They're going to use "free speech" zones for anti-war protestors. So much for being any different that bush. For a party that supposedly is Liberal they do seem to have a very distorted notion what liberalism is. Here's a lively discussion on it. http://www.peopleforchange.net/forums/index.php?sh owtopic=14871
Activists United
You can find all of the compromising documents
at The White House.
Seditiously yours,
Kilgore Trout
Don't bash on the democrats. This has been a problem ever since wireless networking has become ubiquitous in every convention, company, and private network. The democrats are no more or less susceptible than anyone else...
I am disrespectful to dirt! Can you see that I am serious?!
As long as Globe writers are reading Slashdot, perhaps someone could clarify this mystery:
- Yesterday's paper claimed that "11% of Boston businesses" believe they'll make more money as a result of the DNC, with 78% expecting the same or less>
- Today's paper featured the Causeway Street pizzeria owner who put up a pro-Bush banner and is closing his store for the week and going to Canada, expecting more trouble than business if he stays open.
Excuse me? If a guy who owns a freaking pizzeria across the freaking street from the Fleet Center doesn't think the convention is worth any money, who the hell are those 11% of business owners who think they'll benefit?What I'm listening to now on Pandora...
So some passer-by gets free internet. So what. If Kerry et al have their network set up so that just any delegate can tap into it and get sensetive information, then maybe we don't want him as president...
In a similar light, I was wondering what kind of mayhem will ensue at Quakecon. I'm sure there will be a ton of virus/worm spewing boxes plugged into the byoc lan.
"He's lost in a 'floyd hole"
Somewhere Karl Rove is twirling his mustache and recruiting neocon script kiddies.
If you think
Any wifi machine connected could allow access to sensative info about kerry. Yeah, it could be threat, but I consider your article ill-informed. Static machines are just as dangerous. Hell, the truth is the public is simply not safe from crackers should we become aggressive, no matter where you are , no matter what else is going on. fear mongering is not going to help.
I would be interested in all the security matters for a major convention like this one.
Looks like a book or TV show?
Red Hat Linux to be precise. You can apply as an admin if you want...
That way, sure someone can hijack a laptop, but all they get to do is piggy back on the Democrat's internet connection or target other machines on the untrusted network.
Sure it's possible they haven't thought of this, but it's such a basic precaution I find it hard to believe. If they're letting any untrusted computers on to their network they have to treat the physical network like the internet - untrusted jsut like the guest PCs.
Flamebait?!? What a maroon! Off-topic perhaps, or even funny, but the guy is correcting the other guy on proper usage of a term so it's not flamebait unless you're a sensitive soul who cannot take any criticism and stays inside all the time so that he can avoid any confrontation with any other human being. Guess that must have touched a nerve with the silly mod.
/., so entertaining, never informative.
Obviously the mod shares the same level of English proficiency as the submitter.
Oh,
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
I always rely on Microsoft for all my security needs!
"[W]e are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Well, I'm certainly glad they'll be enlisting the crack security experts at Microsoft.
$ whatis themeaningoflife
themeaningoflife: not found
Far cuter than Ronald Reagan drooling.
Leave computers at home. :)
Slashdotters agree?
This is my signature.
At least 802.11b 2.4GHz stuff anyway. Just take the door off a normal ~1000W microwave oven (which operates in the 2.4GHz spectrum becuase that's the resonant frequency of water). Jam all the safety switches closed and aim the thing in the general direction of the WiFi gear and power it up. Of course this is dangerous as hell and you will cook any living tissue in the signal path, but it'll certainly disrupt the WiFi devices operation.
PS: if you're stupid enough to actually try this, make sure you aim it at your own testicles the first time you fire it up, so you'll be prevented from polluting (or further polluting) of the human gene pool.
If it is such a threat couldn't they just flood 2.4 and 5.2ghz frequencies with packets and in effect cripple the whole thing?
don't they make devices to do this?
Or just use materials to block the signals.
convictushome.blogspot.com
I don't give a hoot about their wireless network. What I care about are the massive road closures. Virtually every major route in and out of Boston, and several arteries, will be either completely or effectively closed down, starting as early as 3pm.
I-93 is being completely shut down through Boston, despite being a major interstate. The secret service is to blame for inventing imaginary truck bombs and placing the possible risks to security of the privileged few over the livelihoods of hundreds of thousands, if not millions, of people- workers in Boston were essentially told to fuck off and take a vacation during the convention. Menino and the DNC are to blame for ignoring obvious potential "security considerations" inherent in the Fleet Center; the new convention center would have done nicely, except it wouldn't have gotten the delegates their precious stadium seating, nor would it have given the press their precious skyboxes. Oh, and it would have meant a longer cab drive to the hotel. Boo hoo, poor rich politicians.
I can't see Kerry doing very well at all in working-class neighborhoods in eastern MA. In fact, I'd be willing to bet he'll loose them in a landslide. Virtually everyone I've met who has to commute into boston is unbelievably -PISSED- at the convention.
Oh, and then there are the random package searches on the MBTA, the closing of North Station (which is IN the Fleet Center), the mandatory searches on the Orange Line...what else? Oh, the Boston Patrollman's Association is going to be picketing ALL the DNC parties, which has hurt the few local businesses which were lucky enough to get some DNC business; losses were estimated at $80M statewide, but will most likely be higher thanks to BPA.
Let's see, what else? Ah, yes. The "internment camp", oops, I mean, "free speech zone", which is a fenced-in pen topped with barbed wire. Yeah, great idea- let's put right-wing nutjobs(Christian Coalition) in with extreme left fruitcakes into a TINY little box, with ONE entrance and ONE exit. Nah, they won't fight with each other!
Please help metamoderate.
just surround the convention center with microwave ovens. They do a great job of jamming my wireless networking.
A similar situation was expected last year, but was prevented admirably by the admins (this was back when the Windwos RPC exploit was big). Keep in mind we're talking real *nix hackers managing the whole thing, not some noobs. The head net admin at QCon is a graduate of the University of Twente, and is active contributor to Linux networking security reports and solutions. Him and the rest of the admins are not idiots.
Granite Island Group has already one-upped this story. Fuck wireless security, we're talking about actual bona fide security problems here.
[o]_O
isn't it about time the slashdot hate-wagon grewup and started to be helpful instead of acting like a bunch of 12 year old zeelots??
The fact the slashdot founder is the worst troller when it comes to MS isn't helping (ya you Cmdrtaco)
Those wily hackers will find out who Kerry's running mate is going to be! Or even worse, they'll find out the key planks in the Democrats platforms! What, exactly, does Hiawatha think the hackers are going to steal, anyway? Are there any secrets of interest at this convention?
Have you read my blog lately?
If I could toot my own horn, I'd never leave the house!
This story bugs me. Its the kind of thing that sounds like something important, but there is no real meat to it. It's a non-story. The only hook is the political angle, which turns out to have almost nothing to do with the real issue.
First, any large collection of people with laptops will have the same problem. It could happen at a comic book convention. There is no mention of security problems like this at the GOP convention, though that is more likely because it is not coming up so soon. The point is: large numbers of laptops + WiFi = trouble. Why? Because of the wide target selection.
Second, if the laptops were secure themselves, there would be no problem. Why are they worried about insecure laptops? Because they are probably all running some version of Windows. The subtext is that Windows is so insecure that you really need to pay attention to it when you are in a crowd. I wish the writer was more direct about this point.
Anyway, no real story except to say that large numbers of insecure mobile computers are, gasp!, not secure when they are all in the same convention hall.
The news has all kinds of stories like this, designed to make you afraid for a couple of minutes, until the next scary "story" comes along, and you can forget all about this one.
On the local news here (Portland, OR) the other night, there were a couple of drownings in the river. A tragedy, I know. But one of the followups was about the dangers of water. Frankly, the biggest danger is trying to breathe it in, but the news never gets to the nub of the issue like that.
The news sucks. I hate TV news more than print news, but this one makes me start to hate the print news as well.
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
Ahh... Ok.
BTW:Interesting Article.
"If you have done 6 impossible things this morning, why not round it off with breakfast at Milliways" -- hhgg
Hmmm... but if someone writes "pwn3d!" or "all your base are belong to us" on them, won't the Democrats naturally blame GWB, given the grammatical ability and IQ displayed by those comments?
Of course, most of them probably think he's not smart enough to hack into anything. Something about a script monkey with too much monkey and not enough script...
I am sure there is a likely threat, however, since we all know that Al Gore will be there (The inventor of the Internet) we are assured that this technologically savvy group of people will over-come any security obstacle.
In any case, doing something about it now would result in the creation of a formal commitee, multiple meetings, a voting of some sort, or some introduction of a new bill. There is no doubt that this new security commitee would require additional funding, so I am sure that they would vote to increase some tax (more than likely petroleum, or tobacco) and as a rider to the bill, all members would receive additional pay increases.
you know, the usual...
Har. Har.
It was Republicans who invented that claim. What Gore actually said was "I took the initiative in creating the Internet". Robert Kahn and Vinton Cerf -- two of the people who did "invent the internet" have publicly stated that "Al Gore was the first political leader to recognize the importance of the Internet and to promote and support its development." Repub spinmasters pushed the reworded version hard as part of their successful effort to exaggerate Gore's supposed exaggerations.
(The Repub spin this time around is that Kerry always "flip-flops". That's the script, and they're pushing it hard. I guess this is to distinguish him from Bush, who sometimes flip-flops and sometimes sticks to his opinions ... regardless of the facts.)
The DNC might want to invest in several of these little goodies. Power them up and problem solved.
Wanted: witty unique signature. Must be willing to relocate.
[I'm mostly joking, but it is somewhat interesting that the two major parties don't even agree on web platforms.]
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
Uhmmm. I'd be a bit worried if one of my partners that I trusted with security was Microsoft. Just how many times has Windows Update used the word "critical" to describe a patch recently?
Maybe it's just me...
When it seems technology moves too slow, consider that 4 years is a very long time in the computer world.
1981 - start of Reagan 1st term. IBM PC barely exists.
1985 - Reagan 2nd term. Amiga still months from introduction.
1989 - Bush Sr. 1st term. Gopher looks like it's going to be a real winner.
1993 - Bill Clinton 1st term. Most people are stil l having trouble accessing more than 1 Megabyte of memory. Microsoft offers users "himem.sys" as a solution. Linux begins to change all that.
1997 - Bill clinton 2nd term. Everybody's reading about who poked who in the Oval Office - on a computer network that spans the globe
2001 - GWBush 1st term. Cheap computers perform at a more than a billion FLOPS. Hard drive prices crash through the floor. Wireless networking barely alive.
2005 - Wireless networking causes massive chaos in the government, allowing robotic overlords to storm the Democratic Convention. Scene is repeated three weeks later at the Republican Convention. Robots declare martial law, and institute an omnipotent supercomputer and the emperor of the world. Declares Sunday to be free ice cream day. Jaded citizens eat it up.
When you look at the state of the art at 4 year intervals, it seems like a lifetime. When GW Bush was first elected, a nice computer would have been 1 GHZ or less, with 64 megs of RAM. And before that, it would have been a little Celeron 300A, or maybe a Pentium MMX.
Can anyone predict the state of the art in 2009?
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
"Who in their right mind would want to hack into the democratic convention? The only ones I can think of are Republicans, and we all know they never do anything illegal like that..."
They only need to say that it's part of a terrorism investigation, and then the carrier is required to let them snoop the wired network, and the carrier is prohibited from revealing the snooping -- EVER, even long after the fact -- and, oh yeah, I forgot to mention, no judge or warrant required.
They don't have to do it illegally, just invisibly.
From the article:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp. ''People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, ''and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure." [emphasis mine]
And this, my friends, is why Kerry won't be moving into 1600 Pennsylvania Ave next year....
Security and stability have never been Microsoft's defining features. The familiar joke about Democrats being stupid but passionate and Republicans being cold but smart seems to fit this situation rather well, unfortunately.
These guys would have been better off to call IBM or Red Hat, who believe that security is more than just a marketing buzzword.
Hopefully, the Cisco folks will be able to minimize the damage that the Microsoft does.
The society for a thought-free internet welcomes you.
Any information found out about Kerry will flip-flop several more times before election day.
I had thought of the time complications, but (and maybe I missed this in the article) it didn't seem to me that it would take any longer to disable the WiFi than to scan each computer for viruses and WiFi and then block only those computers from the network.
Live free or die
Is this guy dead on or what? All major news sources are almost worthless. After dumbing down the information for the masses and then throwing in the spin and bias of writers and editors, modern news sources spew a lot of nothingness. As this post's parent correctly points out, this is not news. We all know WiFi is a security threat to computer networks (but we also know that can be mitigated).
I want a truly intelligent and intellectual news network/newspaper that sincerely presents news and is not a propaganda machine. I want news that is thoughtful, informative, and really hits the "nub of the issue." However, any media source is out to do one thing.. make money. Consequently, they try to appeal to the largest number of people possible and thus must result to dumbing down their content for laymen. It is truly unfortunate that people are not smarter.
What is your penile percentile?
Judging by how reliably my laptop drops its connection everytime I approach it with my 2.4GHz cordless phone, it sounds like a pretty easy approach would be to install some fairly high powered interference generators spreading noise on that frequency in and around the FleetCenter. OH wait, that is probably against some FCC rule. Nevermind. We're doomed.
So, after RTFA,we can secure our network by checking for viruses and making sure wireless chips are off? Are they forcing everyone to install special software to check these things? Would all the conventionners really want to deal with that hassle? And who make sures the software provider is really trusted and hasn't been compromised themselves?
Shouldn't the main thrust of the security efforts to protect computers from each other be off of those computers? There are plenty of other ways to compromise computers them without a virus or WiFi, same as always, and they won't necessarily show up on a virus scan. Isolating each machine from the others will do a ton more than running a program on what you think is the actual machine. Cisco can surely do a good job at making sure they can only reach the outside world and not their "LAN" neighbors. This is not to say that the conventionners will all be running VMWare or Virtual PC, but if their machine was already compromised, do you really trust the results of a program running on their machine? It's not like this a big geek-fest with a LAN party every night.
I'm still running Celeron 300A's on 3 of my computers at home!
"People can rest assured that we are aware of the need for a strong security system for our technology infrastructure," said Garcia, reading from a prepared statement, "and we are working with our partners, Cisco and Microsoft, to ensure that our systems remain secure."
So WiFi security is not something the Convention IT staff can control, with or without WEP
Nearly a 100% of all notebook computers brought to the convention will have WiFi built-in to them. A few sensible folks will have their notebooks configured to only latch onto "known" access points using wep. The rest will have their WiFi settings set to allow both ad-hoc and infrastructure mode and to connect automatically. These people, while probably smart and successful in other ways, are likely to be morons who are network-retarded.
As a result they are unlikely to realise that while they are busy and connected to the wired network, their computers have also connected automatically to the blackHatAP that has been setup in the closed-for-the weekend in the Pizzeria across the street. A convenient and cheap SEP field will prevent them from seeing small message dialogs that inform them of these events.
Some of these notebooks, as a result of belonging to irresponible morons, will already be 0wn3d. They are twice as likely to not be updated using windos update..
In short these computers will behave pretty much the same as the drunk chick flahing her tits at Dayton Beach on spring break (altho why we only see photos of them on the internet and never meet any of these tipsy goddesses IRL is beyond me. Oh wait, that probably cuz I'm here instead of there.!)
I would lay a wager of 10 bucks at odds of 5-1 that at least 5% of the notebooks on-site will automatically latch onto the first available AP AND be unpatched enough to allow arbitrary code execution using a buffer overflow vulnerability on some port OR have a trojan installed which can be leveraged to execute said code
What is the hapless IT support guy to do? Here are a few ideas -
1. Ban all notebooks since you cant physically inspect the WiFi settings for the visitors. This idea will probably get you fired though. The morons are rich and powerful and will get their way in penetrating your network with their toys. Being a BOFH is only going to get you shafted.
2. Set up your own AP with repeaters all over the place and hope the ho-ing notebooks latch on to your WiFi network first. I am sure this is not foolproof, but will probably bring down your risk by 70%. The boundary cases here are truly that - the notebooks on the wifi edge might see a better signal from blackHatAP and kiss up to it.
3. This may not be legal in your Locale/state/country. Adherence to local laws is your responsibility. Disclaimer made, heres the option - Install a jammer for WiFi frequencies. Better yet, if you have the Secret servce on hand, get them to do it. Simple and efficient. Unintended Interference is a bizatch though.
I thought about the option of setting up a WiFi farm that would create its own /. effect on the BlackHatAP but that wouldn't scale well if the BlackHat set up more than one AP....
See that long UID - that's what you get for lurking too long
Whats a little intranet security?
All they have to do is turn on 'internet sharing' for the wifi port ... instant gateway ....
I'm sure a virus or 2 is out there to do this for you automatically..
Only takes one malicious ( or clueless ) person..
---- Booth was a patriot ----
Not as cute as the it-was-the-other-guys-fault crowd.
I hope Hiawatha and the Globe paid for the primo advertising spot.
This is even a self-admitted attempt to get more traffic to his own article, which is an article he wrote for pay for a news organization that wants more page traffic. Never mind that he gets paid depending on how many people have heard of him.
So, how much does it cost to buy a slashdot story? Is there a discount for frequent buyers?
Your tax dollars are paying for it all. Yep, you get to pay to get screwed.
:)
Have a nice day.
Or they could unleash an attack that would bring down the network and throw the convention into chaos.
Uh, yeah. I'm sure the entire convention will fall to shambles because the bloggers with press credentials will have to use an outside connection to post stories.
What a non-story! You know, a while ago, they had conventions without any internet connection at all and somehow they managed. And at events *every day*, *all around the country* you have open access points, much worst than the open wired networks at the convention.
However, I do commend you for not using the word "cyberterrorism" on the first page (I didn't bother reading the second page though).
The only solution, if this bothers folks, is to not allow computing equipment at all or at least for them to not have some kind of shared network.
They could setup a network that did not allow connection apart from their own equipment and then allow people to check out equipment, but most people will want access to their data, and you really couldn't allow that and be secure.
Trucks monitoring wireless aren't the answer and would not keep out the experienced hacker.
Newbury is clearly trying to make a dishonest buck. If they're smart, they'd hire em and then sue the pants off them for being stupid.
The quarantine and certifying of laptop idea is totally bogus. These folks are clearly security amateurs.
I only wish I was stating the obvious.
And Ms. Garcia (or whoever is in charge of DNS security), who apparently feels that the DNC's best bet is security by obscurity... well... I suppose there's always a job for you in Redmond. It's no surprise that they chose Cisco and M$ for their "security"... trust me... there will NO SECURITY at the DNC for anyone with even rudimentary hacking skills if they allow folks to use their own equipment (laptops, PDAs, etc.).
If they allow outside devices of any kind and are planning on a "secure" network, they don't understand security and deserve the end result.
Of course, we're talking about politicians... so arguably, there's nothing on the network of any real value anyway.
At a technical conference earlier this year, I noticed something going between a few machines that looked a lot like a wireless virus, but was unable to capture it properly (they weren't my machines, I was just trying to shut down rouge APs).
The trick is being able to turn a normal laptop into an access point, then spreading the virus to other machines as they "automagically" try to connect to whatever AP they can find. Then those infected computers turn into APs, etc.
So which Party is smart and passionate and which Party gets to be cold and stupid? ;-)
--- Ban humanity.
This type of thing has happened before, but in this case we did have a 802.11A/B/G network running as well as wired. There is no solution to prevent it from happening (short of forcing people not to bridge their connections), but there are ways to detect and contain it. The netadmins just need to setup something that will also talk to these bridged 802.11A/B/G cards. Once they detect a bridge, find out what hardwired port they are coming through, find the Mac address, penalty box the mac address, and you've then forced them to go seek help hopefully from a helpdesk that knows what you are doing to people to cause them to go to the helpdesk.
Cheers!
--Brett
Indeed.
Fortunately, Democrats have been listening to their base, and while network security may be a problem at the convetion, Some Democrats have been moving secret information the old-fashioned way:
In their pants.
Happily, they still have time to make sure that those who disagree with them will have to sit at the back of the bus:
Cement barriers, 8-foot-tall chain-link fencing, and heavy black netting have been installed around the protest zone outside the FleetCenter, angering protesters who say they will be penned in and closed off from Democratic National Convention delegates. Much of the area is located under abandoned elevated Green Line tracks that slope downward. The setup, which one netting installer called ''an internment camp," will force tall protesters at the southern end of the zone to lower their heads to avoid banging them on green metal girders.
...is getting that many liberals in one spot without adult supervision. There should be a 5-mile safe zone around the perimeter to ensure that conservatives and moderates don't spontaneously combust.
In other news, the laser-cannon-enabled crosses of the ridculously Christian right will be set around the perimeter of the Republican convention later this year. Liberals walking within the perimeter will be burned alive instantly, their ashes teleported to Hell, where, according to Rush Limbaugh and his demonic minions, all liberals go.
Finally, independents will sit at home and grouse, "Why the hell do we only have Nader to pick from?"
IronChefMorimoto
Equal Opportunity Troll
Friends don't help friends install M$ junk.
Excuse me for tooting my own horn, but check out my story in today's Boston Globe about a possible security problem at the Democratic convention next week.
That's OK. at least you:
I for one refuse to buy a Slashdot subscription as long as the "stuff that matters" is just more Roland Piquepaille spam.
If the GOP is truly worried about information security, then why don't they do something about all of our nation's financial institutions having their sensitive back end systems being coded offshore? Especially in areas like India, where terrorism is a big problem? If terrorists really wanted to disrupt the American way of life - all they would need to do is to hack into our financial systems. And given that these are coded offshore, they definately have the opportunity.
Couldn't resist laughing when I read this quote.
The republicans already have hacked some democrat computers.
Fuck wireless security, we're talking about actual bona fide security problems here.
Who cares how unsecure the DNC is. Nothing will happen. Why would the terrorists attack their favorite candidates? They'll be too busy working on the attack details for the RNC anyway.
These stupid things are the fault of the Secret Service. They've been doing this to Bush for years now.
It's forced Bush to become out of touch with how real Americans are thinking. I hope the same doesn't happen to the Democrats as a result of this convention.
Why can't they just jam the wireless frequencies to make wireless useless within 200 yards of the place?
But aren't laptops insecure by their very definition?
Physical security is a large part of security, and laptops get stolen constantly.
As for the rest of the picture, you don't want to know what happens to the average laptop at a trendy WiFi-enabled internet cafe...
Why not just jam the wifi frequencies. There are plenty of ways to do it.
You can set up radio transmitters to do it. Or hell, get a few dozen APs, don't connect them to anything but power, each set to a different channel, put on some good antennas and spread them around. That ought to cause enough confusion to keep anyone from doing anything wireless.
My guess as to your real beef ...
--Mike Perry, Inkling blog
... to actually vote your candidate of choice, especially if they are not projected to "win" per se, and that is to contribute to the furtherence of theo\ir party, election after election. This is because of federal matching funds, which are voluntary check offs of three dollars on everyones income tax. According to the site, candidates are eligible for matching funds once they have crossed a threshold of receiving 5,000$ from individial contributions of 250$ a head in at least 20 states. This helps those candidates and parties to continue to grow, should the candidate/party choose to apply for the funds. I see nothing wrong with it, as it's the only voluntary tax we really have, and it can go to your alternative candidate, if they can cross that threshold. Frankly I think it should go to anyone who makes it to the ballot, but that's for another time. Believe it, the R andD guys always take these funds, so there's no reason to deny your third party alternative candidate the same opportunity, who knows, as the kitty builds up maybe they can become a very credible force. Continually voting for the same old tired party combo that you KNOW will always give you the same exact crap we have had for multiple generations now is a sure fire way to keep getting the same exact crap for the next several generations.
Of course, who knows with blackbox voting any more, but at least the alternative candidates can keep getting additional funding.
Think about it, Linux is the up and coming main competitor to windows. Don't you think a guy with an ego/business sense like gates wouldn't want to *personally* see what linux is capable of? I bet he has a few linux boxes and distros kicking around, just to stare at, think a bit, then bark orders to his serfs about.
Have someone (or several someones) walking the convention hall floor with sniffers. Any machine found to be transmitting packets via WiFi gets the plug pulled on the wired network. Since every location in the hall is numbered, a simple call back to the network center can get them switched off without having to physically confront them. However, I just like the idea of a guy walking up with scissors and SNIPPING them.
Maybe they should hire Nigerian guards.
Signs would be posted all over -- "TURN OFF YOUR WIFI OR YOUR NETWORK CONNECTION WILL BE TURNED OFF. If you do not know how to do this, please call 1-900-xxx-xxxx ($3.95/minute) for assistance." Using the number of a phone sex line would not be funny. (OK, yes it would, but it's still not a very good idea.)
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
http://uk.news.yahoo.com/040317/325/eotq9.html
"WE WANT BUSH TO WIN
The statement said it supported U.S. President George W. Bush in his reelection campaign, and would prefer him to win in November rather than the Democratic candidate John Kerry, as it was not possible to find a leader "more foolish than you (Bush), who deals with matters by force rather than with wisdom."
In comments addressed to Bush, the group said:
"Kerry will kill our nation while it sleeps because he and the Democrats have the cunning to embellish blasphemy and present it to the Arab and Muslim nation as civilisation."
"Because of this we desire you (Bush) to be elected.""
Sounds to me like they just don't want anyone but the 'official' bloggers posting review... "Worst convention EVER!"
I note that this year, despite two national political conventions in cities, the allocation of money for homeland security is apportioned so that states with low populations receive a windfall, while states with large urban areas have to foot the bill for their own security.
This, in light of the 9/11 Commission's conclusion that al-Qaida took advantage of this very same type of governmental ineptitude in their attack on America almost three years ago provides me with ample proof that there is plenty of reason to doubt security.
Just today, the FBI told all of the news agencies that they had information that al-Qaida is specifically targeting the news vans at Fleet Center.
In light of all of this, I have to figure that the terrorists are either in the US government and plotting to keep us all so scared that we won't go anywhere or do anything or they are evil hackers bent on global dominance through the takeover of every computer for the purpose of downloading everyone's bank account information from their copy of Quicken (probably a pirated copy). Frankly, I like the hacker idea best.
Fade up on Joe Democrat at the Boston Convention, computer unsecured from WiFi attack. Suddenly, randon characters race across his computer screen.
Mesmerized, Joe stares into his screen as the images flitting before him lull him into a hypnotic trance as we fade to black...
Fade up on Joe Democrat as he shakes the hand of the Candidate. The Candidate pauses and looks intently at Joe's eyes, which begin to display random characters like his computer screen did. The Candidate nods and immediately rises to go tot he lecturn.
Cut to the Candidate delivering a speech where he refuses the party's nomination and decides to not run.
Cut to the newsvans where the producers and directors stare at each other in consternation as Joe Democrat infiltrates the newsvan compound unseen. Fade to black.
Fade up on idyllic world without media, computers political parties, newspapers, candidates or cursing Vice Presidents. Camera trucks into the open door of the Presidential Mansion, through the entryway of the Oval Office. There, wearing the Turban of the Holy One sits...
Monica Lewinsky!
Gods don't kill people, people with gods kill people.
use the tactics of the late former mayor daley during chicago's hosting of a democratic convention back in the late sixties. at least the irony would be entertaining.
Serenity now, insanity later.
A friend of mine is a photographer at the DNC, and aside from having to have all his gear inspected regularly (digital's great, no film to fog in X-rays), he's got one really big problem:
He's got these two heavy-duty custom battery packs for keeping the flash going full-tilt. They look like bombs. No lie. Aluminum case, heavy, solidly built, bolts at the corners... you can't get more suspicious looking.
I'm waiting for his report on enduring regular cavity searches. I told him anytime someone hassles him, he should just say, "Imshallah," and bear it.
Design for Use, not Construction!
Somehow I doubt anyone's going to be able to get any kind of "wireless transmitter" anywhere near the FleetCenter without being severely beaten, seeing as how security in the entire city of Boston is going to be tighter than ever.
.. Because I sure know that when I hear about Microsoft and Cisco, I immediately think security.
But by far the best quote in the article is:
But Garcia insisted the Democrats have the computer security situation well in hand, with the help of security specialists from Cisco Systems Inc. and Microsoft Corp.
If someone plugs a wireless laptop on which has Microsoft's network bridging enabled, the potential exists for loop conditions to wipe out the network also. Microsoft's bridge runs spanning tree, but it doesn't really help much if spanning tree isn't properly configured on the rest of the ethernet topology. Cisco switches, and perhaps others, have configurable provisions to handle such errors, but if they aren't in place, the convention could fall victim not to Republicans or terrorists, but Microsoft.
Is it too late to whip together a 6th HOPE in Boston on, oh, let's say.....July 26th-29th?
We'll all be meeting in the free speech zone....see you there!
Authority questions you. Return the favor.
No doubt many viruses will be transfered at the convention, but it really is a private matter between the senator and... oh, did you say computer viruses?
Amazing that people can actually live doing nothing other than "evaluating" security in different workplaces (or conventions) i mean i could ask them the same standard questions:
1. Are your (wireless) network password protected?
If answer is yes, then "good carry on..." If answer is no, then "ALERT ALERT we have a problem here, do something about it immediately, you commie-terrorist-loving bastard" and in both cases i would cash in $200 an hour..
The same applies to Executive-Virus-Security-Chiefs whoose only job is to read bulletins about new viruses and hitting the global virusdefinition update button.
easy solution:
just fill the place up with microwaves and hand out free bags of popcorn to keep the microwaves running.. this should sufficiently "disable" wifi furing the event.
I guess it does sound like that, but no, I haven't lost my job to a "goo-back from the future". I was just hoping to responses that would make me better informed - perhaps my opinion is bogus. The government DOES already control business decisions in the name of terrorism, I want to know why they are not concerned about exposing our country's financial code in this way. Terrorists attack places of business and finance with bombs, and I think that the next step to this is to attach businesses through technology. It is where we are the most vulnerable, and it is the one place that the government is not protecting.
While I don't agree with the grandparent's assertion that India is some kind of terrorist hot-spot, the poster has a point.
The US already forbids a host of technologies that are military of nature. At my last job, whenever we had to duplicate a database to one of our overseas sites, we had to ask the project owner if it contained any contraband for legal reasons. Laser tech, strong encryption, missile tech, certain kinds of advanced computing and electronic tech are all forbidden from leaving the country's borders along with a few dozen other things.
While India isn't a hotbed of terrorism, we have no control of what happens to software once it's being worked on over there. For a few thousand rupees, a foreign programmer might be very tempted to burn a disk of bank software to the highest bidder. Lax foreign laws and lack of realistic enforcement would make that much more likely in developing countries than within the US.
I think that the government should consider the fact that there is a greater danger posed to the citizens of this country from hijacked personal information and security systems than from missiles. This is another part of national security that should be retooled now that the cold war has been over for more than a decade.
Blaze a trail to the New World
You can even take the national security aspect out of the argument. When you look at giving a third party access to intellectual property, you should be looking at a risk assessment to determine what are the possibilities that there will be unauthorized disclosure, and what you will do to mitigate the risk.
Having been involved in various outsourcing activities, I've done the risk assessment exercises. The approach is the same if you are talking about outsourcing the production of your company annual report, your call center activities, the development of your software, or sensitive customer information (like your banking example.) If disclosure of the information would put you, or your company in a risk position, you need to deal with it or not disclose. The government isn't really needed to oversee what you are doing here if you do your job right.
If a company outsources the production of their annual report to some goo-backs from the future and they use the information to do some insider trading before your financials are announced publically, you deserve the full force and effect of SEC laws that prohibit leaking insider information. I would think the same approach would be valid for financial code.
So I guess I'm arguing for the more libertarian approach of letting corporations make their business decisions with full knowledge of the penalties for messing it up. Not a real-world scenario perhaps, but (IMO) the way it should be done.
You are right that this should be a national security issue instead of a party issue. However, any party that talks about national security should make this their business. Not being totally libertarian, I am glad that the government does oversee some (but not all) parts of the private sector to prevent injury to its citizens. I am glad that they mandate airport security to prevent physical harm. I am glad that they FDIC insure our bank accounts to prevent financial loss. I am glad that the Sarbanes-Oxley law was implemented to prevent entire corporations from falling, and thus hurting people's and the economy's financial health. I believe that the government should continue on this track. They should prevent corporations from exposing private information to consulting firms that are not subject to the same laws and the same monitoring. Because the company alone will not pay the penalty for messing up. It could hurt the nation as a whole.