Recognize-Security

Google Developer Day 2008 got pwned

Posted by Trancer on Nov 05 2008

Now that is funny, Israel Google Developer Day 2008 networks got hacked, the wireless network and the wired LAN.
I got this email from Google, a day after the convention:

Dear attendee,

First of all thanks for attending Google Developer Day yesterday, we hope you found it useful. Unfortunately, we need to let you know about an incident which took place during the conference which you may need to take precautionary action on.

We identified unauthorised activity on the public wired Ethernet network which was provided by the convention centre for conference attendees to access the Internet. This may have affected a limited number of attendees accessing websites and online applications through the wired Ethernet connection. We have no evidence so far to suggest that the wireless network also provided at the event, and which was used by most attendees, was affected.

Due to the unauthorised activity, there is a chance that if you used the wired network, any user name and password entered to access a website may have been put at risk. When trying to access a secure website (a website using https), you may have received an alert indicating that the page had an invalid security certificate. In any case, we advise users as a precaution to change the passwords for any websites or services they accessed through the wired connection during the conference.

We’re really sorry that this has happened but we believe that the vast majority of attendees won’t have been affected by this incident. In the meantime, we look forward to seeing you at future events very soon.

The Google Developer Day Team

Sounds like a typical man-in-the-middle using ARP poisoning technique.
In my opinion, that’s really irresponsible from Google, risking their event visitors with unsecured LANs. There was tons of developers at the convention and the information at stake here is sensitive.
Hope they do good next year, I also strongly recommend changing routers and switches default passwords when setting up a network for the convention ;-)

See also an article at Calcalist web site (Hebrew).

Categories: LOLz

0 Comments | Comments RSS | TrackBack URL

Recognize-Security Welcome to the Machine November 2008

Google Developer Day 2008 got pwned Posted by Trancer on Nov 05 2008 Now that is funny, Israel Google Developer Day 2008 networks got hacked, the wireless network and the wired LAN. I got this email from Google, a day after the convention: Dear attendee, First of all thanks for attending Google Developer Day yesterday, we hope you found it useful. Unfortunately, we need to let you know about an incident which took place during the conference which you may need to take precautionary action on. We identified unauthorised activity on the public wired Ethernet network which was provided by the convention centre for conference attendees to access the Internet. This may have affected a limited number of attendees accessing websites and online applications through the wired Ethernet connection. We have no evidence so far to suggest that the wireless network also provided at the event, and which was used by most attendees, was affected. Due to the unauthorised activity, there is a chance that if you used the wired network, any user name and password entered to access a website may have been put at risk. When trying to access a secure website (a website using https), you may have received an alert indicating that the page had an invalid security certificate. In any case, we advise users as a precaution to change the passwords for any websites or services they accessed through the wired connection during the conference. We’re really sorry that this has happened but we believe that the vast majority of attendees won’t have been affected by this incident. In the meantime, we look forward to seeing you at future events very soon. The Google Developer Day Team Sounds like a typical man-in-the-middle using ARP poisoning technique. In my opinion, that’s really irresponsible from Google, risking their event visitors with unsecured LANs. There was tons of developers at the convention and the information at stake here is sensitive. Hope they do good next year, I also strongly recommend changing routers and switches default passwords when setting up a network for the convention ;-) See also an article at Calcalist web site (Hebrew). Categories: LOLz 0 Comments \| Comments RSS \| TrackBack URL Leave a Reply Click here to cancel reply. Name (required) Mail (will not be published) (required) Website	Categories Advisories Articles Exploitation Exploits LOLz Malware Metasploit Presentations Rec-Sec Security News Tools Vulnerabilities Web Application Security Archives March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 December 2008 November 2008 October 2008 September 2008 August 2008 January 2008 June 2007 May 2007 April 2007 March 2007 February 2007 Pages About Recognize-Security Links BinaryVision BlackHat Security BugSec Ltd. Digital Whisper Extraexploit Inj3ct0r exploit database milw0rm NiX IRC Network NullByte Pankaj Kohli Peter Van Eeckhoutte The Metasploit Project TryThis0ne Udi Mosayev Uninformed xorl eax, eax Meta RSS 2.0 ATOM 1.0 RDF 1.0 Links OPML OpenSearch
Valid XHTML \| Valid CSS \| RSS \| Comments RSS Copyright © 2009 Recognize-Security. Some rights reserved. ~~Security~~ Hacking, However, is an art, not a science.

November 2008

Google Developer Day 2008 got pwned

Leave a Reply