TORONTO. One of the standard tables at the DefCon security conference is the Wall of Sheep, where unsecured user log-ins and passwords are displayed for all to see.
I never thought I’d see the same thing in Toronto, but I just did. I’m at the SecTor security conference and a vendor called e-sentire has a similar wall called ,the ‘Wall of Shame.’ The basic idea behind the wall is to catch all the users that are connecting insecurely.
Eldon Srprickerhoff founding partner of e-sentire explained to me that his company wrote its own application to sniff the traffic and capture username/passwords/cookies and other data.. As opposed to Black Hat / DefCon where the the Wall of Sheep sniffed only unencrypted traffic (that is no WPA2), this Wall was sniffing unsecured HTTP connections on both SSIDs.
The problem is that at SecTor getting the WPA2 password isn’t as easy as it is at Black Hat. In order to get the password, the SecTor show guide says you have to visit the enterasys booth. I visited the booth, stood there for a few minutes and couldn’t figure out where to get the WPA2 info.
The other problem is that to the best of my knowledge there was no disclaimer when you get on the open WiFi network, or even in the show guide, that the network was being monitored for a wall of shame. That doesn’t seem right or fair to me.
The deeper warning of course is that a whole lot of people, at a security conference were passing their username/password for all kinds of things, in the clear. That is, they were connecting to sites/services without HTTPS. That’s a big problem and could happen anywhere.
Standing for less then 3 minutes at the e-sentire booth, Sprickerhoff showed me how his company’s tool not only caught the user credentials but the cookies and any attachment (for an email) that users sent.
The lesson to me is clear. Don’t ever input your username/password on HTTP, because if you don’t know it, someone (rightly or wrongly) could be watching you.