Here's an eye-opening article talking about a tool called Hamster that sniffs wireless traffic and reveals plain-text cookies which can then be used to impersonate users. The guy running the tool was able to log in into some poor soul's Gmail account during a BlackHat presentation.
Pretty scary, and it makes me think twice before firing up my laptop in a public wireless hotspot. The people who wrote Hamster, from Errata Security, already released another tool called Ferret, which intercepts juicy bits of information -- they call it 'information seepage'. You can see a presentation on Ferret here. They're supposed to release Hamster into the wild any day now.
Update: If the above wasn't enough to scare you, here's another set of wireless hacking tools called Karma (see the presentation appropriately called "All your layers are belong to us".)
Subscribe to:
Post Comments (Atom)
Modifying EC2 security groups via AWS Lambda functions
One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...
-
A short but sweet PM Boulevard interview with Jerry Weinberg on Agile management/methods. Of course, he says we need to drop the A and actu...
-
Here's a good interview question for a tester: how do you define performance/load/stress testing? Many times people use these terms inte...
-
Update 02/26/07 -------- The link to the old httperf page wasn't working anymore. I updated it and pointed it to the new page at HP. Her...
3 comments:
https://mail.google.com/mail/
should stop that problem or are cookies sent unencrypted before the headers are exchanged ...
Maybe I'm paranoid, but I typically surf using an SSH tunnel from my laptop back to my home network even if I'm on a wired connection. If they can hack SSH, then there's not much else I can do to protect myself.
- Jeremy M. Jones
Any person worth his or her salt using an unknown/untrusted network drop will always use a VPN solution to encrypt their traffic. Anything less than that or full SSH/SSL encryption and you might as well print photocopies of your personal information and hand them out.
Post a Comment