Originally appeared in GavinRozzi.com
My travels have found me in Atlantic City for the past weekend at a major casino / hotel. Of course, I knew better than to use the Wifi access without first having a solid VPN service in-hand, however I did connect to the guest Wifi network just for “kicks and giggles”.
What I found horrified me.
Find out what's happening in Laceywith free, real-time updates from Patch.
The casino’s IT department should be ashamed of themselves, because they have failed one of the most basic rules and tenets of good security practice while also putting their customers and employees at risk.
A simple scan of the network using the venerable collection of open source tools at my disposal revealed that the modem used to deliver internet access and phone service to the building- a Comcast Business IP Gateway, no less, was configured to use the DEFAULT username and password.
Find out what's happening in Laceywith free, real-time updates from Patch.
“Admin” and “Password”, which nearly anyone could guess were the only thing preventing Joe Schmoe from logging into the administrative interface and potentially unleashing a devastating attack on the entire digital device using population of the hotel. For example, a would-be attacker could have used the back-end administrative interface to change the DNS (what converts website names such as gavinrozzi.com into IP addresses used to route internet traffic) and redirect your computer / device to rogue sites of the attackers choosing, potentially teeming with malware!
By leaving the doors wide open for hackers and attackers, the casino owners are potentially
You would think that a casino of this popularity and budget would at least have the resources and/or talent to do what somebody most likely does the minute they get a new router / modem out of the box and change the default password to something more secure so as to prevent future security breaches or problems.
Obviously, the IT department at this citrusy named Atlantic City venue needs to improve their security practice. If they are cutting corners here, what else are they cutting corners on? Hopefully this was simply an oversight, albeit a very large one. This just goes to show yet again why using public Wifi without the protection of a VPN is not a good idea at all, and can potentially lead to the theft of your data and violation of your privacy by rogue individuals.
If you don’t have / don’t want to set up VPN protection, then its best to forgo using public or coffee shop Wifi at all. The risks of getting your accounts compromised are just too high.
