[MLB-WIRELESS] warwalking the Democratic Convention

Clae clae at tpg.com.au
Tue Jul 27 22:59:05 EST 2004 

>Date: Tue, 27 Jul 2004 01:09:20 -0400
>From: Declan McCullagh <declan at well.com>
>To: politech at politechbot.com
>Subject: [Politech] Democratic National Convention cops just don't get
>	security?
>List-Help: <mailto:politech-request at politechbot.com?subject=help>
>
>Here's a press release saying that DNC cops are using handhelds with 
>(apparently) 802.11 to access law enforcement databases:
>http://www.findbiometrics.com/viewnews.php?id=1326
>
>---
>
>From: "John F. McMullen" <observer at westnet.com>
>Date: July 26, 2004 2:09:11 PM PDT
>To: Dave Farber <farber at cis.upenn.edu>, Declan McCullagh
><declan at well.com>, Peter Neumann <neumann at csl.sri.com>
>Subject: [johnmacsgroup] Cybersecurity: they just don't get it...
>
>FYI
>---------- Forwarded message ----------
>From: wes_morgan at US.IBM.COM
>To: johnmacsgroup at yahoogroups.com
>Subject: [johnmacsgroup] Cybersecurity: they just don't get it...
>
>I'm watching CNN's Headline News, and they run a story on security
>preparations for this week's Democratic Convention in Boston.  They go
>on,
>at great length, about the extensive network of cameras--approximately
>75
>of them, scattered around various Federal buildings and convention
>sites--and make it a point to illustrate how the security force, with
>their
>wireless networks and handheld devices, can grab the feed from any of
>these
>cameras at the tap of a stylus.
>
>So, they show one such device - with it's 802.11b card clearly
>identifiable
>- and show another agent viewing a webcam of the Boston Harbor
>shoreline -
>with the URL of the hosting site clearly readable.  When talking about
>the
>cameras, they show several different cameras on different buildings,
>some
>of which seem fairly unusual in their architecture.
>
>I now know that they're using 802.11b, and I know the name at least one
>system handling the webcam feeds, and (with a bit of reconaissance) I
>can
>probably determine the position of at least one camera.
>
>So much for cybersecurity; I can't believe that the Feds even let that
>stuff on the air, much less that they did so without obfuscating
>critical
>information.
>
>*sigh*  What were they thinking?
>
>---
>
>-------- Original Message --------
>Subject: Re: [IP] Cybersecurity: they just don't get it...
>Date: Mon, 26 Jul 2004 17:06:32 -0700
>From: Ross Stapleton-Gray <amicus at well.com>
>To: dave at farber.net, johnmacsgroup at yahoogroups.com
>CC: Declan McCullagh <declan at well.com>, Peter Neumann <neumann at csl.sri.com>
>References: <C11581D0-DF5D-11D8-811D-000393D166C6 at farber.net>
>
>At 04:44 PM 7/26/2004, wes_morgan at US.IBM.COM wrote:
>>I now know that they're using 802.11b, and I know the name at least one
>>system handling the webcam feeds, and (with a bit of reconaissance) I can
>>probably determine the position of at least one camera.
>>
>>So much for cybersecurity; I can't believe that the Feds even let that
>>stuff on the air, much less that they did so without obfuscating critical
>>information.
>>
>>*sigh*  What were they thinking
>
>I would guess that the single greatest impact of any of this would be in
>the public at large thinking, "Ah, they're using modern technology to
>monitor things at the convention... looks like they're prepared!"  Given
>that this is so much more an era of perceptions than of reality, you could
>chalk this (exposure of security systems on CNN) down as "doing their
>(primary) job."
>
>And there are a variety of other potential wrinkles.  It could be that this
>was entirely scripted, and the intent is to dangle a tempting vulnerability
>in hopes of attracting attention... that 802.11b network *is* exposed,
>*but* part of a honeynet; that one camera, and others looking like it, are
>either dummies, or secondary to the *real* cameras, which are all
>hard-wired, and not looking all that much like the ones they highlighted on
>CNN...
>
>I suspect, like the pre-selection of all the candidates rendering the
>actual purpose of a convention into that of an infomercial, that this layer
>of physical security won't really matter all that much.
>
>I'd worry about other things, e.g., "smart target" hacking, where [pick
>your terrorist bogeyman] cons one or more of the protesting groups into
>becoming martyrs to the cause of socio-economic terrorism, and summons a
>"flash mob" of jubilant and radicalized techno-youth to convene on the spot
>where they've previously deposited the explosives-laden backpack...
>
>Ross
>
>-----
>
>Ross Stapleton-Gray, Ph.D., CISSP
>Stapleton-Gray & Associates, Inc.
>http://www.stapleton-gray.com
>
>
>_______________________________________________
>Politech mailing list
>Archived at http://www.politechbot.com/
>Moderated by Declan McCullagh (http://www.mccullagh.org/)


-- 
"Australian history ... does not read like history, but like the most 
beautiful lies..." ( Mark Twain, 1897 )

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list