Tuesday, August 07, 2007

Think twice before working from a Starbucks

Here's an eye-opening article talking about a tool called Hamster that sniffs wireless traffic and reveals plain-text cookies which can then be used to impersonate users. The guy running the tool was able to log in into some poor soul's Gmail account during a BlackHat presentation.

Pretty scary, and it makes me think twice before firing up my laptop in a public wireless hotspot. The people who wrote Hamster, from Errata Security, already released another tool called Ferret, which intercepts juicy bits of information -- they call it 'information seepage'. You can see a presentation on Ferret here. They're supposed to release Hamster into the wild any day now.

Update: If the above wasn't enough to scare you, here's another set of wireless hacking tools called Karma (see the presentation appropriately called "All your layers are belong to us".)

3 comments:

justme said...

https://mail.google.com/mail/
should stop that problem or are cookies sent unencrypted before the headers are exchanged ...

Jeremy Jones said...

Maybe I'm paranoid, but I typically surf using an SSH tunnel from my laptop back to my home network even if I'm on a wired connection. If they can hack SSH, then there's not much else I can do to protect myself.

- Jeremy M. Jones

Jesse said...

Any person worth his or her salt using an unknown/untrusted network drop will always use a VPN solution to encrypt their traffic. Anything less than that or full SSH/SSL encryption and you might as well print photocopies of your personal information and hand them out.