Here's an eye-opening article talking about a tool called Hamster that sniffs wireless traffic and reveals plain-text cookies which can then be used to impersonate users. The guy running the tool was able to log in into some poor soul's Gmail account during a BlackHat presentation.
Pretty scary, and it makes me think twice before firing up my laptop in a public wireless hotspot. The people who wrote Hamster, from Errata Security, already released another tool called Ferret, which intercepts juicy bits of information -- they call it 'information seepage'. You can see a presentation on Ferret here. They're supposed to release Hamster into the wild any day now.
Update: If the above wasn't enough to scare you, here's another set of wireless hacking tools called Karma (see the presentation appropriately called "All your layers are belong to us".)
Subscribe to:
Post Comments (Atom)
-
Here's a good interview question for a tester: how do you define performance/load/stress testing? Many times people use these terms inte...
-
Update 02/26/07 -------- The link to the old httperf page wasn't working anymore. I updated it and pointed it to the new page at HP. Her...
-
I've been using dnspython lately for transferring some DNS zone files from one name server to another. I found the package extremely us...
3 comments:
https://mail.google.com/mail/
should stop that problem or are cookies sent unencrypted before the headers are exchanged ...
Maybe I'm paranoid, but I typically surf using an SSH tunnel from my laptop back to my home network even if I'm on a wired connection. If they can hack SSH, then there's not much else I can do to protect myself.
- Jeremy M. Jones
Any person worth his or her salt using an unknown/untrusted network drop will always use a VPN solution to encrypt their traffic. Anything less than that or full SSH/SSL encryption and you might as well print photocopies of your personal information and hand them out.
Post a Comment