Wednesday, August 20, 2008

Side Jacking-- Now Secure is not secure

If you use Gmail and haven't yet taken advantage of a feature Google recently provided to prevent hackers from hijacking your inbox, now would be an excellent time to do that. (click here, and read Tip #1.)

A security researcher at the Defcon hacker conference in Las Vegas demonstrated a tool he built that allows attackers to break into your Inbox even if you are accessing your Gmail over a persistent, encrypted session (i.e. using https://, which you might recognize as the "gold lock" icon).

Here is a video demonstration of how an attacker would use an automated tool to hijack your login. The music may strike you as offensive, and there's no narrative, so feel free to mute the sound.

Surf Jacking Gmail demonstration from Sandro Gauci on Vimeo.

While it may seem like Gmail is being singled out here, you should realize that other websites are vulnerable to side-jacking and cookie stealing too.. notably Facebook (I mention it because it has so many users), but Gmail is one of the few that allows you to thwart this attack method.

So how do you prevent this? Here are some simple but, inconvenient, solutions you can use to protect your data.

  • If possible, avoid using public or open wireless networks.
  • If you need to use a public wireless network, do not access Web sites that require personal information.
  • Always use the "logout" feature when finished with a Website that requires a login ID/password.
  • For Gmail, click the link in my first paragraph and set the "Always use" option.
  • When you need to provide sensitive data in forms, such as if you are doing online banking, open a new instance of your browser and complete your transaction; logout, and close that Browser. Do not open any other websites in that browser.

Folks, the Internet is broken.. and it is the hunting ground for criminals. Please.. let's be careful out there (and by careful, I mean "paranoid").

Today's free link(s):
* Because the Internet is not safe, Please look over, Top 10 Things You Should Do To Your Computer.
* . Yes, this is a repeat, but if you don't have it, click the link and read the page. Look for the link for the free version.

Copyright 2007-8 Tech Paul. All rights reserved.jaanix post to jaanix

Posted by at
Labels: , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)