Comments on: Security Vendor Illegally Collects and Displays Attendee Information at Security Conference http://www.andrewhay.ca/archives/1071 the website of a devastatingly handsome author, sporadic blogger, bbq junkie, and security strong man Thu, 04 Feb 2010 01:07:29 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Andrew Hay » Blog Archive » Featured on Tenable | Hack In The Box http://www.andrewhay.ca/archives/1071/comment-page-1#comment-5514 Andrew Hay » Blog Archive » Featured on Tenable | Hack In The Box Tue, 27 Oct 2009 11:21:03 +0000 http://www.andrewhay.ca/?p=1071#comment-5514 [...] I was interviewed for the Tenable Network Security Podcast about University security and my recent SecTor blog post that caused such a [...] [...] I was interviewed for the Tenable Network Security Podcast about University security and my recent SecTor blog post that caused such a [...]

]]> By: Andrew Hay » Blog Archive » Featured on Tenable Network Security Podcast http://www.andrewhay.ca/archives/1071/comment-page-1#comment-5513 Andrew Hay » Blog Archive » Featured on Tenable Network Security Podcast Mon, 26 Oct 2009 21:38:10 +0000 http://www.andrewhay.ca/?p=1071#comment-5513 [...] I was interviewed for the Tenable Network Security Podcast about University security and my recent SecTor blog post that caused such a [...] [...] I was interviewed for the Tenable Network Security Podcast about University security and my recent SecTor blog post that caused such a [...]

]]> By: SECTOR Sniffing: It Smells, as does the Response « The New School of Information Security http://www.andrewhay.ca/archives/1071/comment-page-1#comment-5507 SECTOR Sniffing: It Smells, as does the Response « The New School of Information Security Thu, 15 Oct 2009 14:51:54 +0000 http://www.andrewhay.ca/?p=1071#comment-5507 [...] Apparently, at the SecTor security conference, someone tapped into the network and posted passwords to a Wall of Sheep. At the SecTor speakers dinner, several attendees were approached by colleagues and informed that their credentials appeared on the “Wall of Shame” for all to see. When questioned about how the encrypted and unencrypted traffic was being monitored, Eldon Sprickerhoff (founding partner at eSentire) stated that, although capturing and decrypting the “secured WiFi” traffic was possible, it was much easier to directly connect a network tap into the physical network and capture both streams of traffic. Because both streams were unencrypted by the time the traffic reached the physical network, the security of the secured WiFi no longer existed. Enterasys, when questioned about their involvement in or knowledge of the collection, stated that they were only aware that the unsecured wireless network was being monitored and were shocked to find out that the physical network was also affected. [...] [...] Apparently, at the SecTor security conference, someone tapped into the network and posted passwords to a Wall of Sheep. At the SecTor speakers dinner, several attendees were approached by colleagues and informed that their credentials appeared on the “Wall of Shame” for all to see. When questioned about how the encrypted and unencrypted traffic was being monitored, Eldon Sprickerhoff (founding partner at eSentire) stated that, although capturing and decrypting the “secured WiFi” traffic was possible, it was much easier to directly connect a network tap into the physical network and capture both streams of traffic. Because both streams were unencrypted by the time the traffic reached the physical network, the security of the secured WiFi no longer existed. Enterasys, when questioned about their involvement in or knowledge of the collection, stated that they were only aware that the unsecured wireless network was being monitored and were shocked to find out that the physical network was also affected. [...]

]]> By: Security Vendor Illegally Collects and Displays Attendee Information at Security Conference EC Baby http://www.andrewhay.ca/archives/1071/comment-page-1#comment-5506 Security Vendor Illegally Collects and Displays Attendee Information at Security Conference EC Baby Wed, 14 Oct 2009 21:25:54 +0000 http://www.andrewhay.ca/?p=1071#comment-5506 [...] Here is the original post: Security Vendor Illegally Collects and Displays Attendee Information at Security Conference [...] [...] Here is the original post: Security Vendor Illegally Collects and Displays Attendee Information at Security Conference [...]

]]> By: Tweets that mention Andrew Hay » Blog Archive » Security Vendor Illegally Collects and Displays Attendee Information at Security Conference -- Topsy.com http://www.andrewhay.ca/archives/1071/comment-page-1#comment-5505 Tweets that mention Andrew Hay » Blog Archive » Security Vendor Illegally Collects and Displays Attendee Information at Security Conference -- Topsy.com Wed, 14 Oct 2009 20:08:15 +0000 http://www.andrewhay.ca/?p=1071#comment-5505 [...] This post was mentioned on Twitter by Andrew Hay, Jeff Wilson. Jeff Wilson said: WOOPS! RT @andrewsmhay: "Security Vendor Illegally Collects and Displays Attendee Information at Conference" - http://tinyurl.com/yfrcjuw [...] [...] This post was mentioned on Twitter by Andrew Hay, Jeff Wilson. Jeff Wilson said: WOOPS! RT @andrewsmhay: "Security Vendor Illegally Collects and Displays Attendee Information at Conference" – http://tinyurl.com/yfrcjuw [...]

]]>