[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8a6b8e350810021018l2cfc049t85c8cd02194ad3d2@mail.gmail.com>
Date: Thu, 2 Oct 2008 10:18:39 -0700
From: "James Matthews" <nytrokiss@...il.com>
To: "Josh Ogle" <jdo24@...nell.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Hotel Network Security: A Study of Computer
Networks in U.S. Hotels
Every time i go stay at a hotel i test the security. Most of the time it
sucks! I like what the hotel in Dallas is doing but how many times am i in
Dallas? I just use a mobile 3g card.
On Thu, Oct 2, 2008 at 9:29 AM, Josh Ogle <jdo24@...nell.edu> wrote:
> I agree with you that if employees (of non-hotels, I believe you mean)
> were instructed as to the best, safest ways to take care of their own
> privacy while on the road traveling, this would be a non-issue.
> However, it's far more difficult to get every single company in the
> world with a traveling salesperson to instruct their non-techie
> employees on the dangers of computer networks, than it is to simply set
> in place technologies *on* those networks that will help prevent the
> attacks from being able to occur. You'll notice, however, in the
> article I have (on the last page) a "clip out" of sorts to give to hotel
> guests, informing them of ways to keep themselves safe while on computer
> networks.
>
> Secondly, and I'm not sure as to the importance of this point but it
> means something to me, I think people go to hotels with an assumption of
> security. If a hotel (especially a "good" one) is in a bad
> neighborhood, you expect it will be supervised by a night
> watchman/doorman. You expect that if you close the door to your hotel
> room, there will be a lock on it that you can close so that no one can
> get in easily. Someone could still break in if they hit the door with
> an axe enough times, but the layer of protection is there nonetheless.
>
> Likewise, I think it's a general assumption, albeit a false one, that
> hotel computer networks are inherently secure. Even those people who
> know that wireless access points are sometimes unsafe do not realize
> that plugging one's computer into a network physically is oftentimes
> just as insecure. The point being that people have a reasonably
> assumption of privacy and security in the hotel environment, and I think
> it's the hotels' responsibility to either a) uphold this, or b) be very
> clear that they are NOT upholding this, and that the computer network is
> very likely unsafe.
>
> -Josh
>
> J. Oquendo wrote:
> > On Thu, 02 Oct 2008, Josh Ogle wrote:
> >
> >> the technology exists to increase a hotel network?s security, a hotel
> >> could potentially be considered at fault for not taking the necessary
> >> precautions to protect their guests from hackers.
> >
> > FYI, just because the technology exists does not mean
> > hoteliers have to run out and accomodate everyone in
> > deploying these technologies. If employees were trained
> > in the risks associated with technology, many of these
> > technologies would go the way of the dinosaur.
> >
> > Supposing someone made you aware of the danger of
> > logging into a network because of the impact of
> > sniffers. Would you PERSONALLY be cruising random
> > hotspots. If you knew definitively the person who
> > runs the network could see and record everything
> > you did, I'm sure the chances of you picking up
> > any network to surf on would diminish.
> >
> > Many people aren't aware of the dangers and this
> > is the root of the problem. Technology is nothing
> > more than a stepping stone. Corporations have the
> > capabilities (or should have) to protect their
> > assets on a layered approach and instances like
> > this - employees hooking up from a hotel - can be
> > mitigated way before the fact. Its called policy.
> >
> >
> >
> > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> > J. Oquendo
> > SGFA, SGFE, CNDA, CHFI, OSCP
> >
> > "A good district attorney can indict a ham sandwich
> > if he wants to ... The accusations harm as much as
> > the convictions ... they're obviously harmful or it
> > wouldn't be news.." - John Carter
> >
> > wget -qO - www.infiltrated.net/sig|perl<http://www.infiltrated.net/sig%7Cperl>
> >
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
http://www.goldwatches.com/
http://www.jewelerslounge.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists