summaryrefslogtreecommitdiff
path: root/wired/old/published/Webmonkey/Monkey_Bites/2007/07.30.07/Fri/blackhat.txt
blob: 62fc1b04e6cc26e1a55cbee91059d38e20a1eed8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Black Hat Report: All Your Wifi Are Belong To Us

The Black Hat conference is in full swing down in Las Vegas and already there's some scary stuff coming out, the BBC [reports][1] that one demonstrated exploit allows the attacker to see cookies via wifi.

Robert Graham of Errata Security has created two programs, named "Hamster" and "Ferret," which sniff wifi traffic and grab cookies as people log in to and out of their webmail or social network accounts.

Although the attack doesn't allow the perpetrator to reset your password, it does allow them near full access to your account.

Naturally, if you're using say GMail and forcing it to connect via https, then you aren't at risk. If you'd like to force secure connections to GMail and your browser supports Greasemonkey, check out Mark Pilgrim's [handy script][3].

If you're not a GMail user, check to see what sort of security options your favorite webmail and other online accounts offer, and remember nearly anything you do on public wifi that isn't to a secure site can be snooped using Graham's tools.

If you'd like to check out Hamster and Ferret, Graham says they'll be available later this week from the [Errata site][2].

[1]: http://news.bbc.co.uk/1/hi/technology/6929258.stm
[3]: http://erratasec.blogspot.com/
[2]: http://userscripts.org/scripts/show/1404