Tuesday, August 07, 2007

Think twice before working from a Starbucks

Here's an eye-opening article talking about a tool called Hamster that sniffs wireless traffic and reveals plain-text cookies which can then be used to impersonate users. The guy running the tool was able to log in into some poor soul's Gmail account during a BlackHat presentation.

Pretty scary, and it makes me think twice before firing up my laptop in a public wireless hotspot. The people who wrote Hamster, from Errata Security, already released another tool called Ferret, which intercepts juicy bits of information -- they call it 'information seepage'. You can see a presentation on Ferret here. They're supposed to release Hamster into the wild any day now.

Update: If the above wasn't enough to scare you, here's another set of wireless hacking tools called Karma (see the presentation appropriately called "All your layers are belong to us".)

3 comments:

garylinux said...

https://mail.google.com/mail/
should stop that problem or are cookies sent unencrypted before the headers are exchanged ...

Unknown said...

Maybe I'm paranoid, but I typically surf using an SSH tunnel from my laptop back to my home network even if I'm on a wired connection. If they can hack SSH, then there's not much else I can do to protect myself.

- Jeremy M. Jones

Jesse said...

Any person worth his or her salt using an unknown/untrusted network drop will always use a VPN solution to encrypt their traffic. Anything less than that or full SSH/SSL encryption and you might as well print photocopies of your personal information and hand them out.

Modifying EC2 security groups via AWS Lambda functions

One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...