By Dan Goodin in San Francisco
The Register
15th October 2009
Organizers of last week's SecTor security conference collected names, passwords, and all other traffic passing over two Wi-Fi networks provided to attendees, including one that was encrypted, the event's director has confirmed.
Borrowing a page from the Wall of Sheep at the Defcon hacker conference each year in Las Vegas, the exercise was designed to draw attention to the perils of public networks, conference organizer Brian Bourne told The Reg. Indeed, Bourne - who is the director of Black Arts Illuminated, the company that puts on the event - found partly obscured credentials for his on Twitter account on the SecTor Wall of Shame.
But what made the Wall of Shame different - at least to some attendees - was the sniffing of a network that was represented as secure. The wireless connection carried an SSID named "Sector2009Secured" and was encrypted using the WPA, or Wi-Fi Protected Access, protocol. Before it could be used, attendees had to stop by a booth sponsored by Canadian security vendor eSentire to retrieve the network's pre-shared key.
"In 2009, we still have so many applications leaking credentials onto the wire, and we have people still deploying and using insecure protocols," Bourne said. "Our intention with the Wall of Shame was to highlight that."
