Here's an eye-opening article talking about a tool called Hamster that sniffs wireless traffic and reveals plain-text cookies which can then be used to impersonate users. The guy running the tool was able to log in into some poor soul's Gmail account during a BlackHat presentation.
Pretty scary, and it makes me think twice before firing up my laptop in a public wireless hotspot. The people who wrote Hamster, from Errata Security, already released another tool called Ferret, which intercepts juicy bits of information -- they call it 'information seepage'. You can see a presentation on Ferret here. They're supposed to release Hamster into the wild any day now.
Update: If the above wasn't enough to scare you, here's another set of wireless hacking tools called Karma (see the presentation appropriately called "All your layers are belong to us".)
Tuesday, August 07, 2007
Think twice before working from a Starbucks
Subscribe to: Post Comments (Atom)
Modifying EC2 security groups via AWS Lambda functions
One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...
This post is a continuation of my previous one on " Running Gatling tests in Docker containers via Jenkins ". As I continued to se...
For the last month or so I've been experimenting with Rancher as the orchestration layer for Docker-based deployments. I've been pr...
Here's a good interview question for a tester: how do you define performance/load/stress testing? Many times people use these terms inte...
should stop that problem or are cookies sent unencrypted before the headers are exchanged ...
Maybe I'm paranoid, but I typically surf using an SSH tunnel from my laptop back to my home network even if I'm on a wired connection. If they can hack SSH, then there's not much else I can do to protect myself.
- Jeremy M. Jones
Any person worth his or her salt using an unknown/untrusted network drop will always use a VPN solution to encrypt their traffic. Anything less than that or full SSH/SSL encryption and you might as well print photocopies of your personal information and hand them out.
Post a Comment