Thursday, July 22, 2004

DNC convention network vulnerable?

The Boston Globe has an article showcasing possible vulnerabilities in the network setup planned for the Democratic National Convention. Apparently, some of the hackers over at Newbury Networks have keyed in on the fact that although the DNC is deploying an exclusively-wired network, the influx of thousands of laptops pretty much guarantees some of them will be misconfigured to act as as bridges to their built-in wireless networks. The article describes an attack whereby a Bad Guy could set up a high-power access point near the convention site and trick unwary laptop users into associating with his malicious network, and then use the attendees laptops as jumping-off points into the wired network.

This attack has a reasonable chance of succeeding but it's nothing new. You see this type of thing any place lots of people bring laptops (conventions, conferences, heck even hotel networks). The real question in my mind is about the potential risk. I'm not familiar enough with what goes on at these conventions to know what's on the network or evaluate what the potential loss could be. Anyone care to comment?

No comments: