informa
/
Attacks/Breaches
News

Joke's on Me

After a poor decision to use a public wireless link, I got 'hacked' at Black Hat DC

11:45 AM -- I knew it would be living on the edge, but I had to use the convenient (and did I say unsecured?) WiFi network at Black Hat DC last week to check my email. And I got what I deserved.

A WiFi "sniffer" tool -- in fact, one that I had just written about -- blasted my username and password up on the screen for everyone in the "Device Drivers 2.0" session to see while I cluelessly checked my messages next door. (See Tool Uncovers Inadvertent 'Chatter'.) The funny thing is that I overheard laughter in the session, and thought, "Wow, what a fun and raucous-sounding presentation it was." Little did I know the laughter was at my expense.

As soon as Errata Security's David Maynor and Robert Graham -- who were conducting a demo of their new "Ferret" tool -- realized my info was embedded with the other seemingly-innocuous data, they scrolled away from it. Maynor tried to call me on my cell to warn me that I had a "big problem."

Basically, the Ferret sniffs for all bits of information sent over WiFi. It's aimed at enterprises that don't realize how much data they are really broadcasting via WiFi-enabled laptops like mine. "It looked for all broadcasts of information, and started printing it on the screen," says Graham, CEO of Errata, about the Black Hat demo. "We were pointing out among all the little bits of information, like beacon packets from WAP, probe packets...and interesting information on people."

Graham and Maynor tried to make me feel better by saying I wasn't the only one. Apparently their tool detected one attendee quickly de-associating his request from the wireless connection as soon as they started the demo. "It turned out to be someone who immediately turned off his machine... He was scared" they would detect his traffic or information, Graham says.

And all that laughter was more nervous laughter, they assured me. "People in the audience laughed because they were worried about what they were exposing in their lives as well," Graham says.

Oh, Maynor and Graham invited me to be a "part" of their demo again, this time at Black Hat Amsterdam. (Nervous laughter).

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Errata Security
  • Recommended Reading:
    Editors' Choice
    Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
    Joshua Goldfarb, Director of Product Management at F5