Date: Wednesday, November 14, 2007
Wi-fi hotspot users told to watch out
Experts have warned against the risks of using public internet connections, after new research shows hackers can have easy access to people’s information.
Experts at the Black Hat hacker conference in Las Vegas have demonstrated that hackers can easily access users’ information over a wi-fi connection using specially-developed tools which steal individual’s log-in data. The security firm, Errata Security presented these findings, and said that the hackers steal the identifying ‘cookies’ when they attack a computer, and are then able to pose as the user on their frequently-visited sites. The hackers are also able to access their emails and view their profile pages on sites such as Facebook and MySpace. Errata demonstrated a live attack on a Google Mail (Gmail) account in front of the audience at the conference, using the hijacking tools ‘Hamster’ and ‘Ferret’ which he had developed. These tools monitor the traffic flowing in and out of public wi-fi hotspots, and allow hijackers to seize the cookies as they are passed back to the users logging in to their email or social network account.
These findings fly in the face of the previously widespread belief that websites such as these were safe from hijackers due to the encrypting of the data exchanged when people log in. However, Errata showed that the cookies which are unencrypted can be hijacked. With this ‘cookie’ the hacker could pretend to be the person whose information they had stolen, giving them almost complete access to all of the individual’s information. There are some protections against the hijackers however, such as they would not be allowed to change any information on the site, as most sites ask for the user to re-enter their password before making changes. Following the demonstration Errata said that they would make the attacker tools available for anyone to download. The Black Hat conference is held every year for experts in security to meet and share new developments and information about the world of internet security.
Source:
Projects
Contact
- UK T: 0845 225 1238
- Intl T: +44 161 772 4435
- E: info@bluepec.com
Accessibility
- accesskeys
- A
- A
- A
Article Topics
- A copywriters guide to writing for the web
- Video on the internet
- The importance of usability
- The principles of web design for beginners
- Designing sites with users in mind
- Paypal launches security token to combat fraud
- Do people read differently on the web?
- Identity theft: the modern demon
- Google: the next Big Brother?
- The Facebook Backlash