Has this happened to you? I was staying at a hotel where the WiFi creates one flat network, and, of course, there are numerous people who don't know the first thing about basic security practice. Why do I know this? Because I could see several of them who had file sharing turned on for their PCs. They were listed by name in my Mac's Finder (John Jones Computer, Sally Jenkins Computer, and so on), and it was a bit scary.
When I travel, I remember to turn off the file sharing setting on my PC for precisely this reason. It is a simple step, but a critical one.
So recently I was in this hotel in Silicon Valley and I was feeling somewhat puckish. I noticed that one person's computer was listed. I clicked on his computer to see if file sharing was turned on. It was, and in a moment, I could see his entire hard drive, including a "private" folder filled with PDFs of his credit card and other banking statements, and loads of business documents.
So I took one of my newfound friend's documents -- it was a boating license or something -- copied it to a USB key, and printed it out at the business center. I left it with a note to my friend at the front desk, suggesting that:
He turn off file sharing tout suite if he didn't want anything else shared with the entire hotel for the rest of his stay, and
He might want to invest in some hard disk encryption, particularly for all the stuff that he very conveniently left in his "private" folder for everyone to see.
Most hotels don’t really spend the time and energy to lock down their networks, and most business travelers don’t spend the time and energy to lock down their computers. The result is a boon for any corporate spy that has a laptop and minimal skills. Go to any city-center convention hotel today and within minutes you can collect PowerPoints, secret documents, and business plans on just about any industrial topic. And you don’t need any skill, other than showing up at the right time and place.
As I saw last week, many hotels typically don’t segment their guest LANs, meaning that everyone in the hotel is on the same segment, has the same access, and can see anything across the entire network. This is true for wired and wireless access. Obviously, if a wireless user can sit in the parking lot of the hotel and gain access to the entire hotel LAN, this is even more trouble waiting to happen. The best situation is to have every single guest on a separate virtual LAN so they can’t see anyone else’s traffic. This requires them to use more expensive switching hardware, of course.
How prevalent is all of this? Two colleagues, Lisa Phifer and Craig Mathias, traveled around the northeast and tested 24 hotels back in 2006. They found trouble almost everywhere they went. Just one in four sites could prevent wireless eavesdropping and block all notebook probes. Sadly, the situation isn't much different in 2013.
“Hotspot users might be unpleasantly surprised to discover they are reachable from the Internet [when they choose public IP addresses]. We expected paid networks would protect users from each other or Internet attacks more often than free hotspots, but this was not the case. Several free hotspots had noteworthy exposures, but so did paid networks, including the most expensive sites," reported the duo.
The only two Internet providers that passed all security tests were I-Bahn and T-Mobile. They segregate traffic by user and prevent people from inadvertently sharing their connection. The others, including Guest-Tek, Passsym, Starwood, TurboNet, StayOnline, and Wayport, all had security problems when the pair did their original research.
So don't forget the security basics when you travel. Don't leave your USB key drives lying around with all sorts of private stuff on them. Use a simple PIN to protect your phones. This isn't rocket science: it is basic Security 101, or not even but still something that everyone should just do and internalize. And if you stay at a hotel that has a flat network, use disk encryption and a VPN to keep people like me from looking around your computer's hard drive.
— David Strom is a world-known expert on networking and communications technologies. He has worked extensively in the IT end-user computing industry and has managed editorial operations for trade publications in the network computing, electronics components, computer enthusiast, reseller channel, and security markets.
"Compared with hotel WiFi, EVERYTHING is fast. Hotel WiFi is ridiculously slow. "
@Mitch: I think it has to do with people hogging up the network with excessive downloads. Good hotels have strict bandwidth controls on the network to ensure users don't end up misusing the network.
It's a simple thing to do, shutting off file sharing. Unfortunately, many people forget or neglect to do it and end up paying for it. I agree with your suggestion that they start making students aware of this in school; it's not something you really teach, per se. More like a warning or precaution.
I agree that so many people seem to forget the most simple security practices for their own files. I hate that they are setting themselves up for a nightmare, but what can you do about ? I personally think that middle schools should teach computer security as part of their material, but that is sadly overlooked.
Only messages are encripted because it is highly undesirable that anyone could read them, and three languages in a single message happen because of the mess in one's head.
So can we say, that a mess is the best encryption?
Thanks for a very useful security 101 jolt. Your article has made more interested in checking how secure my devices are and curious to see how secure the environment around me is.
It is clear that a lot of users do not take the time to learn enough about securing their systems despite the clear and constant threat.
I recall staying at a hotel on Long Island while on vacation a few years ago and using their wireless network. It got some sort of virus, which circumvented my laptop's security system and screwed up my computer. The hotel was working with a local solution provider; the company's reps scurried around the hotel for hours, trying to fix the problem, as guests scowled at them (yes, I confess, I was one of them--I was on deadline). Another time, another hotel, and they used a different service provider to try and fix their downed wireless network. Servicing these hotels could be a great marketing tool for a national solution provider -- or the complete opposite!
I get the impression that hotels don't run the networks themselves; they just partner with specialists.
@Mitch, I agree with you. I think it makes sense for hotels to partner with specialists because it would be difficult for them to manage the network themselves. I think hotels should demand more security from these service providers becacuse ultimately it imapcts its customers.
excellent point. In California you would have been crimmially liabel, even persons who work for a company who do proof of vulnerability without a written contract between parties is in jeopardy of prosecution. And while on the subject, perhaps a brief explanation of where to begin to find the swiith that turns ooff file sharing would prove helpful
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
These days, 3D printers seem to be everywhere. You can build your own, go to one of the TechShops around the country, and maybe even find a pop-up store like the one that came to midtown Manhattan in December and offered dozens of objects for sale, along with the opportunity to watch several printers in action creating them.
Entrepreneurs recently flocked to Kansas City for an experimental implementation of Google gigabit fiber. The Kansas City Startup Village (KCSV) is using that fiber, and Techstars co-founder Brad Feld is getting into the act by buying a home where entrepreneurs can live and work.
Last week, NBC shuttered the hyperlocal news portal EveryBlock.com, and laid off its few full-time staffers. The decision was a poor one, and a blow for civic activists all over. It's a shame, given how many examples of great civic science there are.
Over the holiday break, my wife and I had two memorable experiences when we went to Morton's and the Olive Garden for dinner. These chain restaurants sit at different ends of the market, and we had very different experiences -- but not in the way you might expect.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
A recent release of the popular TweetDeck app for Twitter power-users gives new life to software that had previously taken a wrong turn. Here's a quick walk-through of the new TweetDeck, to show you why it should be at the top of your Twitter toolkit.
As enterprises leap into the Web 2.0 world of blogging, commenting, and social networking, just 'being there' won't deliver ROI. You may want a 'Web Evangelist' to systematically harvest the feedback in order to polish your product or service.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
