Another Way to Lose Your Shirt in Vegas

By Robert MacMillan Staff Writer
Tuesday, July 26, 2005; 10:06 AM

I'm not a big Internet security guy.

I still do a double-take when I hear the noun "exploit" used to describe a weakness in a computer system, and I fight an urge to chuckle like Homer Simpson when I hear the terms " buffer overflow " and " Trojan ."

You might find it unusual, then, that I direct you this morning to read the SecurityFix web log by my colleague Brian Krebs. He understands Internet security and speaks the language of hackers. What he means by " port security " usually isn't what I mean .

Krebs is in Las Vegas this week attending the BlackHat security convention as well as the 13th (ooh, scary!) DefCon gathering of hackers and crackers and the federal law enforcement officers who chase them. It's the Mos Eisley of hackers.

What I found fascinating is the advice he received from kind souls about even being in the greater Las Vegas area:

Former National Security Agency computer security chief Jack Holleran suggested avoiding using the Internet at the DefCon hotel: "Apparently, the 'bad' hackers ... who invariably show up at this conference usually manage to take complete control of the hotel's network."

Here's another comment he got from a reader: "Don't use a personal credit card at the hotel at all, and maybe even within a 100-mile radius. Have fun. ..."

Apparently what happens in Vegas does not always stay in Vegas. Has the Convention and Visitors Authority warned visitors to stick to cashola? Don't bet on it.

Another Security Fix reader, Rick H., went so far as to urge visitors bearing computers to beware of third-party cash machines and to store all their data on a USB drive that they keep on their bodies at all times.

The reason this should prove interesting to the non-geek community is that it's the latest example of your world colliding with the hackers'. By now everybody knows about online identity theft, and more people are touting stories about a victim they know personally.

A recent spate of news stories highlights this blitz into the mainstream, and it's worth quoting a few items here.

The New York Times published an article about an area south of Miami's downtown that could be called the data theft capital of the United States: "In the wireless hacker equivalent of a drive-by shooting wave, criminals obtained the cardholder information of tens of thousands of customers at four major stores there, including a DSW Shoes retail outlet that appears to have been the initial source of a chainwide data breach. Recent investigations reveal that the thieves singled out stores with strong wireless signals and weakly protected data," reporter Eric Dash wrote.

CONTINUED     1        >

© 2005 The Washington Post Company