NEWS: Public Wi-Fi even more insecure than previously thought!
- From: John Navas <spamfilter1@xxxxxxxxxxxxxx>
- Date: Tue, 14 Aug 2007 15:41:18 GMT
[see IMPORTANT NOTES below]
<http://www.theregister.com/2007/08/02/public_wifi_hack/>
How to gain permanent access to Gmail accounts
Black Hat Users of Yahoo! Mail, MySpace and just about every Web 2.0
service take note: If you access those services using public Wi-Fi,
Rob Graham can probably gain unlimited access to your account - even
if you logged in using the secure sockets layer protocol.
Graham, who is CEO at Errata Security, demonstrated the hack to
attendees of the Black Hat security conference in Las Vegas. The
technique uses a plain-vanilla network sniffer to read the cookies
returned by Google Mail, Hotmail and scores of other sites after a
user has entered login credentials.
The websites rely on the cookie as a session ID to validate the
browser as belonging to the person who just logged in. By copying the
cookie and attaching it to a completely different browser Errata
Security researchers showed it was easy to gain unfettered access to
the accounts of others.
"If I sniff your Gmail connection and get all your cookies and attach
them to my Gmail, I now become you, I clone you," Graham said during
a presentation on Thursday. "Web 2.0 is now fundamentally broken."
The technique allowed Graham to open the Gmail account of an
unsuspecting Black Hat attendee who had used the conference access
point to get his email. Although the Errata Security chief closed the
window several seconds after accessing it, nothing short of good
manners prevented him from reading the person's messages, or, for
that matter, accessing maps, calendar or other Google properties used
by that person.
The hack caught our attention because it shatters a common assumption
concerning secure surfing on public access points. Up until now, we
felt relatively safe using hotspots to access email as long as we
logged in with an SSL session. Yes, we knew that any subsequent pages
that were not appended by "https" in the address bar were were
susceptible to snooping, but intruders still had no way to access the
account itself.
Now we know better. Any session that isn't protected from start to
finish by SSL is vulnerable to the hack. And because session IDs
generated by most sites are valid for an indefinite period, that
means intruders could silently access our accounts for years - even
if we regularly change our passwords.
The only way Graham said he knew to work around the vulnerability is
to use Google and select options that automatically keep Gmail,
Google Calendar and several other properties encrypted throughout the
entire session. (Check our Defcon Survival Guide
(http://www.theregister.com/2007/08/01/defcon_survival_guide/) for
more on this.) If you use most other services, you're out of luck, as
they all switch to an unencrypted browsing mode after login.
IMPOTANT NOTES:
* Although Google Notifier
<http://toolbar.google.com/gmail-helper/notifier_windows.html> uses
secure HTTPS to check your mail, when double-clicked it does NOT launch
secure Inbox connections! To modify it to do so, see my hack at
<http://groups.google.com/group/Gmail-ABCs/browse_thread/thread/fec53b3c068ab901/03e9f005ef185e80#03e9f005ef185e80>),
* CustomizeGoogle is a free Firefox extension that can force secure
HTTPS connections for both Gmail and Google Calendar.
* Another way to secure Gmail is to use a POP3/SMTP client (e.g.,
Mozilla Thunderbird <http://www.mozilla.com/en-US/thunderbird/>).
(Gmail POP3/SMTP only works over secure connections.)
* Other online email services may NOT fully securable!
Don't use them on public networks except over VPN.
* Free VPN is available from AnchorFree <http://anchorfree.com>.
For other VPN options, see <http://wireless.wikia.com/wiki/Wi-Fi#VPN>
JiWire Hotspot Helper <http://www.jiwire.com/hotspot-helper.htm> is
recommended.
--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>
.
- Follow-Ups:
- Re: NEWS: Public Wi-Fi even more insecure than previously thought!
- From: John Navas
- Re: NEWS: Public Wi-Fi even more insecure than previously thought!
- Prev by Date: NEWS: Google leaps into new Sprint portal (WiMAX)
- Next by Date: FS: L4.5PNF-RC 5/8" Andrew N-type for LDF4.5-5
- Previous by thread: NEWS: Google leaps into new Sprint portal (WiMAX)
- Next by thread: Re: NEWS: Public Wi-Fi even more insecure than previously thought!
- Index(es):
Relevant Pages
|
