Recently I had a holiday in Malaysia, the holiday was great but I realised that there is a severe problem with security and the attitude of people in regards to security when we were sitting down for coffee in Starbucks.
Like the rest of the world the Starbuck franchise in Malasia has free wifi, free in such a way that you do not even need to know a username or password to use it. Now for most people this is great and don’t get me wrong I sometimes use it with a lot of restriction on myself because I know the dangers that can come from it.
While we were having coffee and I was thinking about the problems associated with this level of access these 2 characters walked in and sat down. I was only taking limited notice of them, but my focused changed when they started to pull out some interesting equipment. Apart from the laptops, high end HP systems, something that would set me back $4 or 5 K, they also added a couple of USB devices and started to run them up.
I ignored them for about 20 minutes as we were in a family discussion about what and where to eat (very important in our family for some reason) but I glanced over at the screen and all I saw was a graph that looked very similar to wire shark, not only that but it was also logging everything that was going through the WiFi. I normally use wire shark to track rouge access points within client networks and what I was looking at was similar.
This bought this idea to me
One of the easiest ways for someone to steal all of your corporate information, personal information and client information is for you not to be thinking clearly in this type of environment. Those two characters would have picked up any information that was transmitted to any website, share-point environment, mail server or CRM that was not SSL protected. That information is in plain text. Easy to track and even easier to use.
All information concerning Facebook, LinkedIn, even twitter would have been captured, that included the username and password to get onto the sites. That information although may not seem important could be used very efficiently as a social engineering play to gain more information and create an in depth profile of you.
Yes free WiFi is great but if you do not have one that is locked down with a pass code then be very carefully with where you are going on your device.