The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion - with a home-grown tool called Hamster.I constantly warn people about the usage of public WIFI. Heck I warn people about using networks that aren't theirs, ask my ex (and why she's an ex).
The attack can hijack sessions in almost any cookie-based web application and Graham has tested it successfully against popular webmail programs like Google’s Gmail, Microsoft’s Hotmail and Yahoo Mail. He stressed that since the program just uses cookies, he only needs an IP address and usernames and passwords aren’t required.
Friday, August 3, 2007
Webmail Gotchya
As stated earlier I have an N800 which can use any WIFI access point to get on the net. Unfortunately the product will also by default check mail automatically. The clear problem with this is that my web traffic is passing through an unknown network and is available for hacking. Proof of this is here:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment