Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Sidejacking' Tool Unleashed

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
Ian David Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Aug-07-07 05:13 PM
Original message
Sidejacking' Tool Unleashed
Sidejacking' Tool Unleashed
AUGUST 07, 2007


LAS VEGAS -- Black Hat USA -- Here's another reason not to use WiFi unprotected: Hackers can "sidejack" your machine and access your Web accounts, researchers demonstrated here last week as part of the "Simple Solutions to Complex Problems from the Lazy Hacker's Handbook." (See Black Hat: How to Hack IPS Signatures.)

Robert Graham, CEO of Errata Security, showed -- and released -- his new Hamster tool, a more powerful version of his Ferret WiFi sniffer that can grab users' Gmail, Yahoo, and other online accounts. Hamster basically clones the victim's cookies by sniffing their session IDs and controlling their Website accounts. (See Joke's on Me and Tool Uncovers Inadvertent 'Chatter'.)

"You can be in a café and see a list of people browsing . And you can highjack and clone their Gmail system, for example, Graham says. "We know it's theoretically possible, so we wanted to prove it... This is very powerful because it's so easy to do."

<snip>

Besides the obvious "don't use open WiFi recommendation," Graham says users should routinely log out of their Web sessions, which wipes out their cookie trail and thus dead-ends the Hamster attacker.

More:
http://www.unstrung.com/document.asp?doc_id=131095
Printer Friendly | Permalink |  | Top
blogslut Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Aug-07-07 05:16 PM
Response to Original message
1. So, a secure wireless network is safe(r)?
?

I am wireless ignorant.
Printer Friendly | Permalink |  | Top
 
skids Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Aug-07-07 05:29 PM
Response to Reply #1
2. At home your are best upgrading to "WPA2 PSK"

...and enterprises should really be looking at WPA2 enterprise, even if they skip the CA and go for PEAP-MSCHAPv2.

http://www.windowsitpro.com/Article/ArticleID/50106/50106.html
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Tue Apr 30th 2024, 05:47 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC