From the “I don’t think we’re in Kansas anymore Toto” files:
LAS VEGAS — Aaaaaah Black Hat, where all that ails computer security is out in plain view, even some stuff that you normally can’t see like Wi-Fi. I go to many conferences over the course of any year but only one, only Black Hat provides its attendess with a disclaimer about Wi-Fi.
This Network is hostile
That’s what it says on the Black Hat sheets telling users how to connect to Wi-Fi here. Sure any Wi-Fi network could be hostile (and really all public ones should be considered as such) but they’ve spelled it out very plainly here.
To make matter even more (in)secure – this year the Wall of Sheep is part of Black Hat. The Wall of Sheep will detail users here at Black Hat that connect insecurely (over the hostile network). Specifically it will look at users who sent their passwords in the clear.
So users who connect to POP/IMAP with Outlook (without using HTTPS) kiss your sheepish skins goodbye. Do you connect to instant messaging with a public IM client (that doesn’t have an HTTPS connection) – ttyl you’re toast too.
It’s actually a very good exercise since all this ‘fun’ is being monitored under the guidance of the Black Hat conference as a learning kind of tool. Other conferences (and public Wi-Fi) present the same risks too, even if they don’t advertise it.