I’m never a fan of press rooms and tend to spend most of my time in sessions which is a good thing this year for me at Black Hat. There were a pair of French journalists who actually sniffed out journalist user/pswrd on the wired press room network. Apparently they were trying to get at CNET (among others).
As I wrote earlier in the week, the Black Hat network is hostile and there was a Wall of Sheep effort to embarrass (and help) users who send their login credentials in clear text, but that’s over Wi-Fi. The press room is wired and had no such Wall of Sheep warning. So the jokers who sniffed out other journalist passwords got ejected from the conference – and rightly so.
That said on the Wi-Fi network, Black Hat founder Jeff Moss noted in a Wednesday AM introduction that Wi-Fi admins for Black Hat protected against some 709 clients that tried to set up rogue access points (many with the SSID: BlackHat). What the Black Hat admins did was DDoS any SSID set to BlackHat (other than the official ArubaNetworks one) based on the access points MAC address.
So what’s the difference between setting up a rogue access point and sniffing traffic in the press room? LOTS.
The press room (though I avoided it) is supposed to be a ‘safe’ zone
for journalists where they can plug in (power/Ethernet) to get work
done without interference. Violating that sanctity is a crime in my
That said, don’t send user/pswrd in the clear cause you never know who is listening.