February 26, 2004


''Remote Insecurity'' Report Shows Business Travelers are More Vulnerable than Ever to Password Theft

-- Sniffing of public wireless connections, in-room hotel access,
rouge software and "shoulder surfing" among risks

Secure Computing Corporation (NASDAQ:SCUR), the experts in securing connections between people, applications, and networks(TM), today announced the release of a new report, "Remote Insecurity: How Business Travelers Risk Exposing Their Companies When Remotely Accessing Company Networks." The report was prepared by respected independent security consultant Rodney Thayer of Canola/Jones Internet Investigations in the San Francisco Bay Area, and documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks. The full report is available at http://www.securecomputing.com/pdf/remoteinsecurity.pdf.

Posing as a business traveler, Thayer tested the possibility of password theft in multiple locations such as an Internet kiosk in an airport, an Internet cafe, as well as an in-room hotel broadband network, and wireless access at a coffee shop. Thayer found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information.

Wireless access points are especially vulnerable to "sniffing," Thayer found. Tests conducted at an airport Internet cafe and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless "sniffer" software.

Even behind the closed doors of a national hotel chain, using a wired broadband Internet connection is risky business. Thayer documented how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have "file sharing" enabled on their PCs. Corporate data and passwords can easily be stolen.

Publicly available Internet kiosks and workstations, such as those found in Internet cafes, hotel and airport "business centers" and trade show floors were also shown to have multiple vulnerabilities. Widely available "keyboard logging" software could be secretly downloaded and installed on public terminals that have not been properly secured, allowing a cyber-criminal to collect and steal passwords and other private information. Even a properly secured workstation can leave a business traveler vulnerable to password theft -- by low tech "shoulder surfing."

What can enterprises do to protect their employees who must access the Internet while they travel? One solution is two-factor authentication tokens, such as the SafeWord(R) line of tokens from Secure Computing. SafeWord eliminates these problems with "keychain" tokens that generate one-time-only passcodes for each user session -- foiling password thieves even if a passcode is compromised, since the passcode can never be used again.

"SafeWord products are on the cutting edge when it comes to eliminating the risks associated with fixed passwords," said Jay Goldlist, vice president and general manager, Enterprise Security Division at Secure Computing. "We're excited about the new release of SafeWord(R) RemoteAccess(TM), which sets the standard for ease of use and Active Directory integration. Now any organization running a Windows server and Active Directory can simply and cost-effectively add strong authentication to their trusted connections."

SafeWord RemoteAccess provides a complete strong authentication solution specifically designed to protect remote user access to private networks and applications. SafeWord RemoteAccess secures connections to VPNs, RADIUS-compliant devices, Citrix applications, and Microsoft Outlook Web Access. With tight integration and simplified management through Active Directory, and with tokens that generate new passcodes with every user login, SafeWord RemoteAccess easily and cost effectively largely eliminates the risks associated with fixed passwords.

Pricing and Availability

Secure Computing SafeWord for RemoteAccess is available immediately through Secure Computing distributors and value added resellers worldwide. Simplified pricing combines tokens, software licenses, and support, starting at $99 per user. Other solutions that also feature active directory integration include SafeWord for Citrix(R) MetaFrame(R), SafeWord(R) for Nortel Networks, and SafeWord for Check Point.

About Secure Computing

Secure Computing (NASDAQ:SCUR) has been securing the connections between people and information for over 20 years. Specializing in delivering solutions that secure these connections, Secure Computing is uniquely qualified to be the global security solutions provider to organizations of all sizes. Our more than 11,000 global customers, supported by a worldwide network of partners, include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see http://www.securecomputing.com.

This press release contains forward-looking statements relating to the Secure Computing's offering of SafeWord RemoteAccess and the expected benefits of such product, and such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, undetected software errors or bugs, competitive pressures, technical difficulties, changes in customer requirements, general economic conditions and the risk factors detailed from time to time in Secure Computing's periodic reports and registration statements filed with the Securities and Exchange Commission.

SOURCE: Secure Computing Corporation

Secure Computing Corporation
David Burt, 206-892-1130
[email protected]
The KMC Group
Pam Miller, 425-450-9965
[email protected]

Posted by Craig at February 26, 2004 06:24 PM