Wall of Sheep :: Press

Press

Wireless Awareness: Don't Be A Sheep; voices.washingtonpost.com; By Brian Krebs; iPhones and other mobile devices with wireless access were among the top contributors to this year's "Wall of Sheep," a public shaming exercise debuting at the Black Hat security conference in Las Vegas this week that aims to educate people about the dangers of sending e-mail and other online communications over open wireless networks.; Defcon's Wall Of Sheep Eats IPhones For Breakfast, Lunch And Dinner; www.tomsguide.com; By Humphrey Cheung; The Wall of Sheep team has 10 core people and approximately two to three times as many "floaters", curious people who drop in to help out. Using open source tools like ettercap, Wireshark and the BackTrack distribution, the team sniffs network traffic and posts login information (partially obscured) on a projector for all to see. Team members told us that many new volunteers often start laughing and "cracking up" when they capture their first passwords. "They think we're running complicated tools, but it's really easy," team member "Cedox" told us.; Feds at DefCon Alarmed After RFIDs Scanned; www.wired.com; By Kim Zetter; Each year the Wall of Sheep volunteers sniff DefCon's wireless network for unencrypted passwords and other data attendees send in the clear and project the IP addresses, login names and truncated versions of the passwords onto a conference wall to raise awareness about information security.

This year they planned to add data collected from the RFID reader and camera (below) - to raise awareness about a privacy threat that's becoming increasingly prevalent as RFID chips are embedded into credit cards, employee access cards, state driver's licenses, passports and other documents.; Wall of Sheep comes to Black Hat; news.cnet.com; By Robert Vamosi; For years, a group called Wall of Sheep has been showing attendees of Defcon when their network connections are insecure. The Wall of Sheep board has been a fixture at Defcon, Black Hat's sister conference set to begin tomorrow at the Riviera Hotel and Casino. The board displays the names (with some identifying information obscured) of those connecting to the Internet in insecure ways. The idea is both meant to shame and educate users on best practices.; Wall of Sheep: Coming to Your Company?; www.pcworld.com; By Robert McMillan; Last month, Markus and three of his fellow volunteers incorporated a company called Aries Security, which they bill as an education and security awareness consultancy that can come in and identify risky behavior on corporate networks.; DEFCON 2007 - Wall of Sheep; www.zdnet.com; By George Ou; It's time to count sheep again and I don't mean the ones in your sleep. I'm talking about the ones on the Wi-Fi Hotspot that are using insecure protocols and getting their online accounts compromised. What you're looking at below is the DEFCON 15 Wall of Sheep.

What do I mean by compromised? Usually that means username and passwords are being transmitted in the clear for anyone to see or it means your account can be hijacked such that an attacker can get in to your account anytime they want after they copy your online Web session. In the above screen shot, a VERY large number of Gmail accounts that failed to use secure HTTPS (https://mail.google.com) were hijacked. This is despite the fact that they logged in using HTTPS because Gmail by default automatically kicks you back in to HTTP mode.; DEFCON's Wall of Sheep; blogs.chron.com; by Barrett Canon; If there is one thing more humiliating to a hacker than getting owned, it is having your misstep (along with your login credentials) put on display for thousands of your peers to see. Above is the poster set up near the DEFCON Wall of Sheep HQ. I'd post a picture of the actual wall, but the cartoon of a sheep getting "owned" by a wolf makes things a little NSFW.
Wall of Sheep at DEFCON illustrates what not to do

www.zdnet.com

By George Ou

At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn't be using.

User's passwords caught and posted on Wall of Sheep.

Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn't on the wall.

Defcon 2007: The Wall of Sheep gets “Hamsterized”

by Humphrey Cheung on 2007-08-07

“Oh look, I got a MySpace.” While other attendees at the Defcon security convention were soaking in the atmosphere, a dedicated group of hackers were soaking in their data. By sniffing both wired and wireless traffic, the group finds user names, passwords and yes even MySpace profile pages and then posts the information on the convention’s famous “Wall of Sheep”. Sure it’s embarrassing if you’re the one being caught, but in this group considers it tough love.

Liquidmatrix Security Digest » Wall of Sheep 2007

by Dave Lewis on 2007-08-05

One of my favourite parts of Defcon. It took them the better part of the first day to get the screen up and running but, when they did the laughter began. One interesting side was the capture of Gmail accounts on the wire. Gmail encrypts the initial login…but not the cookies. At least one victim found out the hard way.

Wall of Sheep in a Comic

by Brian Shearer on 2006-08-10

The Wall of Sheep is featured in the comic "Memory Leak."

Defcon Delays Can't Stop the Madness

by Brian Krebs on 2006-08-04

Already, there are dozens of names on the "Wall of Sheep," a running tally of the unsuspecting or foolhardy souls who venture to log in to various unencrypted Web sites over the hotel's wired, wireless or Bluetooth networks. As of 3 p.m. PT Friday I spotted at least five Myspace.com user-account credentials on the wall, as well as user name and password info for someone at networking giant Cisco and another at a Hawaii state government Web site. At the rate the sheep are piling up this year, we are likely to see more than 100 victims listed on the wall.

ZDnet: Wall of Sheep at DEFCON illustrates what no

by George Ou on 2006-08-04

At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn’t be using. Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn’t on the wall.

Newbury Networks Locates Devices for Wall of Sheep

by Newbury Networks on 2005-08-03

A team from Newbury Networks worked with the [Wall of Sheep], an independent group of security professionals who run the venerated "Wall of Sheep" project which finds and publicly identifies users who expose their identity via unsecured connections. Newbury was tasked with supplementing the "Wall of Sheep" by locating WiFi devices, identifying unsecured activity, and detecting wireless attacks. Newbury created a floor plan of the conference space and mapped the hall's "RF fingerprint" to allow for pinpoint identification of wireless devices' location. Newbury projected a large wall display, providing attendees a real-time "air-traffic control" view of wireless activity using Newbury Network's award-winning WiFi Watchdog.

Hackers Demonstrate Their Skills in Vegas

by Greg Sandoval on 2005-08-01

To make their point, they pilfered Internet passwords from convention attendees. Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen. It was dubbed the "The Wall of Sheep."

Make:Blog: @ DEFCON - The wall of sheep

by Phillip Torrone on 2005-07-31

At DEFCON there's a wall with a projection of username and passwords (some of the password that is). When you use any wireless here, it's safe to assume that all the packets are being captured and if you're foolish, you logged in to webmail, pop, AIM, etc...DEFCON is reality concentrated in to one spot- when you see your friend's password on the wall, and a big sheep go by, it's a clever reminder.

The Inquirer: Wall of Sheep - I See Stupid People

by Charlie Demerjian on 2005-07-30

One of the highlights of Defcon 13 is the Wall of Sheep. This large projection of stupid people is hard to miss if you are in the chill out room, and it is a lot of fun. What they do is post usernames and enough of a password for the terminally stupid to realise that they are serious, but not enough to give it all away. The sheer number of them at a place where people should know better is really frightening.; Wall of Sheep at DEFCON illustrates what not to do; www.zdnet.com; By George Ou; At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn't be using.

User's passwords caught and posted on Wall of Sheep.

Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn't on the wall.
Defcon 2007: The Wall of Sheep gets “Hamsterized”: by Humphrey Cheung on 2007-08-07; “Oh look, I got a MySpace.” While other attendees at the Defcon security convention were soaking in the atmosphere, a dedicated group of hackers were soaking in their data. By sniffing both wired and wireless traffic, the group finds user names, passwords and yes even MySpace profile pages and then posts the information on the convention’s famous “Wall of Sheep”. Sure it’s embarrassing if you’re the one being caught, but in this group considers it tough love.
Liquidmatrix Security Digest » Wall of Sheep 2007: by Dave Lewis on 2007-08-05; One of my favourite parts of Defcon. It took them the better part of the first day to get the screen up and running but, when they did the laughter began. One interesting side was the capture of Gmail accounts on the wire. Gmail encrypts the initial login…but not the cookies. At least one victim found out the hard way.
Wall of Sheep in a Comic: by Brian Shearer on 2006-08-10; The Wall of Sheep is featured in the comic "Memory Leak."
Defcon Delays Can't Stop the Madness: by Brian Krebs on 2006-08-04; Already, there are dozens of names on the "Wall of Sheep," a running tally of the unsuspecting or foolhardy souls who venture to log in to various unencrypted Web sites over the hotel's wired, wireless or Bluetooth networks. As of 3 p.m. PT Friday I spotted at least five Myspace.com user-account credentials on the wall, as well as user name and password info for someone at networking giant Cisco and another at a Hawaii state government Web site. At the rate the sheep are piling up this year, we are likely to see more than 100 victims listed on the wall.
ZDnet: Wall of Sheep at DEFCON illustrates what no: by George Ou on 2006-08-04; At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn’t be using. Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn’t on the wall.
Newbury Networks Locates Devices for Wall of Sheep: by Newbury Networks on 2005-08-03; A team from Newbury Networks worked with the [Wall of Sheep], an independent group of security professionals who run the venerated "Wall of Sheep" project which finds and publicly identifies users who expose their identity via unsecured connections. Newbury was tasked with supplementing the "Wall of Sheep" by locating WiFi devices, identifying unsecured activity, and detecting wireless attacks. Newbury created a floor plan of the conference space and mapped the hall's "RF fingerprint" to allow for pinpoint identification of wireless devices' location. Newbury projected a large wall display, providing attendees a real-time "air-traffic control" view of wireless activity using Newbury Network's award-winning WiFi Watchdog.
Hackers Demonstrate Their Skills in Vegas: by Greg Sandoval on 2005-08-01; To make their point, they pilfered Internet passwords from convention attendees. Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen. It was dubbed the "The Wall of Sheep."
Make:Blog: @ DEFCON - The wall of sheep: by Phillip Torrone on 2005-07-31; At DEFCON there's a wall with a projection of username and passwords (some of the password that is). When you use any wireless here, it's safe to assume that all the packets are being captured and if you're foolish, you logged in to webmail, pop, AIM, etc...DEFCON is reality concentrated in to one spot- when you see your friend's password on the wall, and a big sheep go by, it's a clever reminder.
The Inquirer: Wall of Sheep - I See Stupid People: by Charlie Demerjian on 2005-07-30; One of the highlights of Defcon 13 is the Wall of Sheep. This large projection of stupid people is hard to miss if you are in the chill out room, and it is a lot of fun. What they do is post usernames and enough of a password for the terminally stupid to realise that they are serious, but not enough to give it all away. The sheer number of them at a place where people should know better is really frightening.

Wall of Sheep

Press

Upcoming Events