Security Tips From 'Anatomy of a Hack'
January 03, 2006
Security company details risks mobile workers face from wireless intrusions.
As if there weren't enough problems with the recent onset of new virus and spyware attacks. Mobile workers face an additional set of problems all their own.
Fiberlink Communications has released a free on demand video at its Web site that details what it calls ongoing security risks and vulnerabilities that threaten mobile workers.
The "Anatomy of a Hack" video shows some of the techniques, skills and tools used by hackers to exploit vulnerabilities on mobile, notebook computers in order to gain access to corporate systems.
The Blue Bell, PA-based enterprise security firm said attackers are focusing on poorly protected applications, such as the Kazaa file sharing program, Windows Media Player, and even the Firefox browser, even though it's generally considered safer than Internet Explorer. Their intent, the firm said, is to grab information that can be used to gain access to corporate systems.
Although some of the video is spent touting its own its own Extend 360 security solution, the 36 minute Fiberlink video mainly details how an intruder can surreptitiously take over another user's notebook with just a little knowledge and certain software tools. Once in the system, passwords and access to other corporate data are an easy next step. The intruder can also shut down an anti-spyware's ability to detect a break in. An additional free best practices report, also at Fiberlink's Web site, details preventative steps organizations can take.
In an early part of the video, Fiberlink's Chris Rogers' introduction is suddenly interrupted by voices coming out of his computer. It's the start of the demo by Dan Hoffman, the company's mobile workforce security expert, who has hacked into Roger's system and launched a text to speech application.
Hoffman explains this can be done very easily by someone at a coffee shop or other WiFi hotspot who wants to gain access to another user's notebook. "If I know my IP address, I can pretty well figure out everyone else's IP address on the network," says Hoffman.
Hoffman does emphasize that an enterprise-grade, personal firewall can protect mobile workers from these kind of attacks. Much as a burglar might pass by the house with a strong alarm and protection systems, he says "hackers prefer the path of least resistance."