Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How To Stay Secure At The Hotel On A Business Trip
Newest First  |  Oldest First  |  Threaded View
KPierson
KPierson,
User Rank: Apprentice
5/12/2017 | 6:44:37 AM
Thank you for sharing the blog
Your blog is really very helpful.We use to prefer some of the tips like close the windows, use of trackers for computer and mobile, use hotel room safe for valuable belongings, anti-theft bag. Your blog has some many nice tips for traveler security in hotels. Thank you for sharing.
RyanSepe
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:52:15 AM
Re: Get loaner devices from IT.
The potential for VM's is paramount here. Assuming your loaner devices are generic you could use them as a portal to log into a more defined resource.
RyanSepe
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:50:40 AM
Re: Avoid using public-use terminals
Exactly. To add on to this benefit your machine will still have its local security mechanisms iin place most likely to combat unwanted snooping such as a username and password to log in to your laptop and a timeout to ensure that the activity time is utilized by the owner.
Dr.T
Dr.T,
User Rank: Ninja
4/29/2016 | 10:09:13 AM
Secure VPN
VPN works well when it is site-to-site setup. Such as in corporate offices. You can setup VPN server on your corporate server and use a VPN client in your end device, the communication between the end-device and the server would be encrypted so nobody but your corporate can access the data. No privacy but secure. 
Dr.T
Dr.T,
User Rank: Ninja
4/29/2016 | 10:07:52 AM
Re: Get loaner devices from IT.
 

"...  loaner device may be generic. ..."

This is also a good point, for a non-techy person another computer may simply mean he/she would not get his/her job done and additional stress.
Dr.T
Dr.T,
User Rank: Ninja
4/29/2016 | 10:06:23 AM
Re: Get loaner devices from IT.
"... I don't see this being a common occurrence ..."

Agree with you. This was the case in the past, there is less likely an option anymore since we do have our own devices anymore in most cases.
Dr.T
Dr.T,
User Rank: Ninja
4/29/2016 | 10:04:43 AM
Re: Avoid using public-use terminals
 

" ... Avoid using public-use terminals ..."

This is a really great tip. Your own laptop is always better, let's say if you are using Gmail on your own laptop it is already encrypted from your laptop to Gmail server. Better than using hotel PC.
Dr.T
Dr.T,
User Rank: Ninja
4/29/2016 | 9:52:25 AM
VPN client?
I like the list, quite informative. Just one comment, I love it when I see "use VPN client" option when it comes to secure communication and privacy. Does anybody really think that this is bringing any security or privacy? Every VPN client has a VPN Server which one most likely have no control over so it is not secure or private.
RyanSepe
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:33:19 AM
Get loaner devices from IT.
This is a good idea if your organization has extra devices. I don't see this being a common occurence because in many cases a loner computer isn't completely comprehensive solution for travel. For example, if you have a different role within the organization you may require different access, policies, etc. A loaner device may be generic.
RyanSepe
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:30:05 AM
Avoid using public-use terminals
This is definitely a good tip. Whenever I visit a hotel I always see someone on the public terminals and knowing the nature of human behavior there are going to be many times that you forget to log out of whatever you were doing...Email, bank, paypal. These sources can provide data that would make it very easier for a snooper to acquire the information they need.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-43705
PUBLISHED: 2022-11-27
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).
CVE-2022-45934
PUBLISHED: 2022-11-27
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45931
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45932
PUBLISHED: 2022-11-27
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45933
PUBLISHED: 2022-11-27
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side proj...