| Gmail hacked over WiFi HotSpot |
| Author: |
Message: |
albert
Veteran Member
Posts: 2246
Reputation: 42
– /  / 
Joined: Feb 2005
|
O.P.  Gmail hacked over WiFi HotSpot
Well, to shorten up the story :
quote:
Originally posted by Zdnet Blog
Robert Graham (CEO Errata Security) gave his Web 2.0 hijacking presentation to a packed audience at Black Hat 2007 today. The audience erupted with applause and laughter when Graham used his tools to hijack someone’s Gmail account during an unscripted demo. The victim in this case was using a typical unprotected Wi-Fi Hotspot and his Gmail account just popped on the large projection screen for 500 or so audience members to see. Of course had the poor chap read my blog about email security last week he might have avoided this embarrassment. But for the vast majority of people using Gmail or any other browser or “Web 2.0″ application, they’re all just a bunch of sheep waiting to be jacked by Graham’s latest exploit.
Full stories and how-to :
http://blogs.zdnet.com/Ou/?p=651
By the way, what do you guys think of this?
It seems that it isn't only Gmail, but online applications with cookies? Is that correct?
This post was edited on 08-09-2007 at 11:19 PM by albert.
|
|
| 08-09-2007 11:19 PM |
|
 |
ShawnZ
Veteran Member
Posts: 3141
Reputation: 43
32 / / 
Joined: Jan 2003
|
|
RE: Gmail hacked over WiFi HotSpot
this is literally the entire reason people secure their wifi. this type of attack is so well known, its not even a "neat trick" -- its just how its done.
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
| 08-09-2007 11:27 PM |
|
|
albert
Veteran Member
Posts: 2246
Reputation: 42
– / /
Joined: Feb 2005
|
O.P. RE: Gmail hacked over WiFi HotSpot
quote:
Originally posted by ShawnZ
so well known, its not even a "neat trick" -- its just how its done.
I secure mine with a WEP 10 characters key, is that enough? |
|
| 08-09-2007 11:34 PM |
|
|
ShawnZ
Veteran Member
Posts: 3141
Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Gmail hacked over WiFi HotSpot
quote:
Originally posted by albert
quote:
Originally posted by ShawnZ
so well known, its not even a "neat trick" -- its just how its done.
I secure mine with a WEP 10 characters key, is that enough?
no 
in fact, you shouldn't be using WEP at all Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
| 08-09-2007 11:37 PM |
|
|
Supersonicdarky
Veteran Member
Posts: 2316
Reputation: 48
– / – / 
Joined: Feb 2005
Status: Away
|
RE: Gmail hacked over WiFi HotSpot
* Supersonicdarky will have fun next time he is stealing wifi 
|
|
| 08-10-2007 01:04 AM |
|
|
Verte
Full Member
Posts: 272
Reputation: 7
Joined: Apr 2007
|
|
RE: Gmail hacked over WiFi HotSpot
I bet it's possible to secure yourself by encrypting all your IP traffic, though you will need a way to decrypt it at the server end. And you know, I bet TOR would work most of the time.
was put impeccably into words at DebianDay for me last Saturday, by Knut Yrvin of Trolltech - adults try something once, fail, and then are like "ffs this doesn't work". Children try, fail, and then try again, and succeed - maybe on the second, or even fifth retry. But the thing is that they keep at it and overcome the problems in the end.
-andrewdodd13 |
|
| 08-10-2007 10:18 AM |
|
|
M73A
Veteran Member
Posts: 3213
Reputation: 37
34 / / 
Joined: Jul 2004
|
RE: Gmail hacked over WiFi HotSpot
i have WEP and MAc filtering... is that okay? just my ds only takes wep  |
|
| 08-10-2007 10:54 AM |
|
|
andrewdodd13
Senior Member
Oh so retro
Posts: 869
Reputation: 16
35 / /
Joined: Jan 2005
|
RE: Gmail hacked over WiFi HotSpot
MAC filtering just means they can't steal your connection, but they can decrypt the signal if they're up for it, which means they can do the hack described in the topic.
I can't really be bothered reading this atm, but doesn't G-Mail use SSL?
Edit: Okay, so I went and read it. Cookie snatching is pretty evul.
This post was edited on 08-10-2007 at 11:14 AM by andrewdodd13.
|
|
| 08-10-2007 11:11 AM |
|
|
Steven
Senior Member
Phillup you little devil you/..
Posts: 616
Reputation: 34
31 / / –
Joined: Mar 2005
|
|
RE: Gmail hacked over WiFi HotSpot
If there serious about trying to hack into your gmail account, i bet they wouldnt stop when they see WEP. If they would go through that to go into someones account, then why not try to crack WEP? So WEP probably isnt the smartest choice.
|
|
| 08-10-2007 01:00 PM |
|
|
ShawnZ
Veteran Member
Posts: 3141
Reputation: 43
32 / /
Joined: Jan 2003
|
RE: Gmail hacked over WiFi HotSpot
quote:
Originally posted by andrewdodd13
I can't really be bothered reading this atm, but doesn't G-Mail use SSL?
gmail has ssl capability (if you go to https://gmail.com it'll be ssl) but by default only the logon page uses ssl
This post was edited on 08-10-2007 at 02:28 PM by Tochjo.
Spoiler: the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
the game.
|
|
| 08-10-2007 01:28 PM |
|
|
|
Pages: (2):
« First
[ 1 ]
2
»
Last »
|
|
|
![[Image: lost7ru.gif]](http://img518.imageshack.us/img518/6144/lost7ru.gif)
![[Image: AndrewsStyle.png]](http://web2live.org/36/AndrewsStyle.png)
![[Image: sig2ni2.gif]](http://img306.imageshack.us/img306/2076/sig2ni2.gif)