On Sun, 16 Oct 2011 10:06:10 EDT, "William F. Maton Sotomayor" said:
A similar thing was done at a USENIX in Monterey over a decade ago. The point behind that one was to drive home how bad it was for the attendees to use telnet to their boxes at the mothership. Nothing like seeing people watch their passwords put up on two screens to teach them about SSH.
Did something similar at a SANS-EDU class a few years back, maybe 300 or so attendees. The first morning, I ran several carefully crafted tcpdumps on the wireless network to get just the SYN packets for telnet, ssh, rlogin/rsh, and POP in cleartext and over SSL. Then just before class started up after lunch, I announced the counts (was about 1/3 encrypted, 2/3 cleartext). When the slide with the numbers hit the screen, a predictable 2/3 suddenly got outraged "You have no right to grab our passwords/ that's irresponsible behaior for a security professional/ etc". So I joked "See Randy, I *told* you we wouldn't have to map from IP to MAC to conference registration to tell who they were" which didn't help matters much. ;) Then I tell them that yes, it *would* be irresponsible for me to snarf passwords, so I only grabbed SYN packets. The room got quiet, till I added "but those random people sitting out in the atrium aren't security professionals, and we have no control over whether they grab passwords or not, so you probably want to change your passwords." Sudden flurry of typing from 2/3 of the people. "Over a secure channel, of course". Sudden lack of typing and a lot of deer-in-headlights looks, and one voice from the back of the room "Well played" ;)