Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Black Hat Report: All Your Wifi Are Belong To Us

By Scott Gilbertson August 3, 2007 Categories: Web Basics

Blackhat
The Black Hat conference is in full swing down in Las Vegas and already there’s some scary stuff coming out, the BBC reports that one demonstrated exploit allows the attacker to see cookies via wifi.

Robert Graham of Errata Security has created two programs, named “Hamster” and “Ferret,” which sniff wifi traffic and grab cookies as people log in to and out of their webmail or social network accounts.

Although the attack doesn’t allow the perpetrator to reset your password, it does allow them near full access to your accounts, despite that fact that the cookie is encrypted.

Naturally, if you’re using a secure connection to login via https, then you aren’t at risk. If you’d like to force secure connections to GMail and your browser supports Greasemonkey, check out Mark Pilgrim’s handy script.

If you’re not a GMail user, check to see what sort of security options your favorite webmail and other online accounts offer, and remember nearly anything you do on public wifi that isn’t to a secure site can be snooped using Graham’s tools.

If you’d like to check out Hamster and Ferret, Graham says they’ll be available later this week from the Errata site.

Tags: security
Post Comment Comments Permalink Print
Reddit Digg