by Veit on February 10, 2007
You look forward to the interview. The candidate seems very qualified and easily passed your initial screening. He’s well groomed and nicely mannered as you observe when showing him around the office. Initially, the interview goes well, but after around 30 minutes, the candidate informs you that he’s not really that much interested in the position. Bummer, he would have been a very good fit for the position!
However, the interview was a big success for the candidate . Unbeknown to you, he carried a little device with him, not much bigger than a PDA (Personal Digital Assistent). And while you showed him around the office and went through the interview, the device hacked into your wireless network. And into the one of the company in the neighboring office, plus the Wi-Fi access points on the floor above and below. All of the settings of these networks were probed, recorded and the vulnerabilities documented. And probably sold to some hackers within hours after the interview.
Sounds like a Sci-Fi thriller? Think again! At this week’s RSA conference, which covers IT security issues, Aitel Immunity Inc. introduced a product called Silica which is based on the Nokia 770 Internet tablet. It runs on Debian/Linux and is preloaded with Aitel’s CANVAS attack tool. Its purpose is for an IT security organization to scan for vulnerabilities while moving through a building or around a campus. While Aitel has no intentions of selling this device to hackers, you can bet it is only a matter of time before the device will end up in the hands of hackers who certainly have different users than what the company intended.
More information on the device can be found in this ZDnet blog by Ryan Naraine.
There are many other interesting scenarios that IT security experts have to worry about. What about the following: This device is put in the package of a digital camera or some other gadget and then mailed overnight as a gift to the CEO of a medium size business. Knowing that FedEx guarantees delivery by 10am, it is programmed to turn on at 11am. It might still be in the box, it might be anywhere in the office or next to the desk of the CEO’s assistant, but that does not prevent it from coming alive, snooping out the company’s network and even using it to upload the findings to some server in a foreign country.
How can one defend against such a threat? I’m not sure, since I’m not an IT security expert, but I sure hope IT departments will figure it out, otherwise, the consequences could be very scary, indeed!
by Veit on February 9, 2007
Again, I’m sitting in my favorite Starbucks, since it’s Friday afternoon. Again, there are numerous people working on their notebooks. A cursory glance at my neighbors shows them being on some Internet sites, doing whatever they want to do. This also means they are connected to a Wi-Fi access point. My wireless adapter tells me that I have the choice between two networks. The obvious one is T-Mobile’s since they have a deal with Starbucks. That’s what I’m connected to — my company has a roaming deal, so it’s convenient to just sign on. Besides, they have a big, fat T1 connection into my Starbucks which I always use to do a network backup of my notebook. But I seem to be pretty much alone on the T1 (not that I’m complaining)
However, there’s a second access point which allows me to connect to a free Wi-Fi service. Obviously, someone wants to siphon off customers from T-Mobile. A quick logoff and subsequent login to the other, open access point gives me an IP address ending in a 16. Wow, that means there are probably a dozen other people connected to this access point. Connectivity is considerably more sluggish, but that’s not the point. It’s free, so people use it (and yes, there’s a risk to connect to an open access point). Its SSID is the name of a neighboring restaurant. So I decide to pack up at Starbucks and wander over to Cafe De Soul. They serve good tea, plus all other kinds of healthy food. It’s pleasant there, not as noisy as in Starbucks, also not as crowded. So I decide to hang out a bit, spending my money with them rather than with Starbucks. I chat with the manager — they have a DSL pipe into the building. I’m one of the first ones that inquire about their free Wi-Fi service. And yes, they do this to lure customers away from Starbucks.
This is a very smart move. Let’s see: A vanilla Linksys Wi-Fi access point is less than $50, the cost for their DSL service is also less than $50 per month. How many customers do they have to lure away from Starbucks in order to break even? Not many. And counting in repeat business (possibly me?), the cost is negligible. Pretty good bang for their limited Marketing bucks!
by Veit on February 2, 2007
For various reasons, I work out of my local Starbucks on Friday afternoon. I enjoy “Kaffee und Kuchen”, use Wi-Fi to connect to my office, work on my laptop and try to refrain from making any cell phone calls, if possible. After one to two hours, I pack up and leave. Almost all of us profit from this arrangement: Starbucks makes extra bucks which they would not have made otherwise and I can work and be productive. The only loser is T-Mobile – ever since they canceled my free trial account, I use the free Wi-Fi connection from a neighboring eatery rather than pony up for T-Mobile. But that’s a different story (to be blogged here eventually).
Recently I noticed an interesting phenomenon. Up until 6 months ago, there were only a few people working on their notebooks while sipping their lattes. Nowadays, I encounter today’s scene more and more often: The four tables next to the window all had notebooks sitting on them, plus coffee cups and various pieces of clothing on the chairs. There were the occasional sun glasses, key chains and even cell phones. But nobody sat at these 4 tables. One of the 4 turned out to be on the phone outside (thanks for being so considerate) while the other 3 notebook owners were missing. Two of them walked in during the next 30 minutes, with the last one appearing after more than one hour with a pair of shopping bags from the local store and a lunch container from a local cafe. She then sat down to enjoy her late lunch.
Obviously, more and more people use Starbucks as their office, exhibiting usual office behavior (working, chatting, meeting with other people, being on the phone and running errands while “parking” their stuff in their “office”). At the same time, there’s often a shortage of available tables at Starbucks, so other customers are unable to find a seat. Is this correct? The local baristas seem unwilling to do anything about it, so should we just tolerate it? Take our business to the next Starbucks or Peets (if they have Wi-Fi)? Get in a (verbal) fight with one of the “office workers”?
What would you do?
