Slashdot Mirror

← Back to Stories (view on slashdot.org)

Point-and-Click Gmail Hacking Shown at Black Hat

Posted by Zonk on from the man-they-get-all-the-fun-demos dept.

not5150 writes "Using Gmail or most other webmail programs over an unsecured access point just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"

6 of 260 comments (clear)

  1. psh by jimbug · · Score: 1, Funny

    everyone knows my mom's cookies taste better than gmail's. they can't be intercepted over an open wirless network either.

    --
    Bite my shiny metal ass.
    1. Re:psh by Applekid · · Score: 4, Funny

      Maybe not, but the heavenly smell is basically a SSID broadcast of their existance to those interested in finding them.

      --
      More Twoson than Cupertino
  2. Re:I give 10 minutes by Amiga+Lover · · Score: 1, Funny

    Apple has nothing at all to do with it.

    Wow, you guys are getting quick. One minute for a denialist to chime in. I'm impressed.

  3. Re:I give 10 minutes by Anonymous Coward · · Score: 1, Funny

    I'll go:

    TFA shows photos of two laptops involved in the traffic cloning thing. While they are not Apple laptops, Apple does indeed make laptops. If they did not it would not be possible to clone cookies from an Apple laptop, thus you could not clone a person's Gmail session, neither using your Apple laptop nor they using theirs.

    This is also true of desktops.

    Can you clone the Gmail cookies of the Amish? No you cannot, they do not have Apple computers.

    Also, almost certainly someone inside the Apple Corporation owns Google stock, or vice versa, further proving Apple's cuplability in the matter.

  4. Re:thank god... by Howitzer86 · · Score: 4, Funny

    I have never heard of anyone thanking God that they use Yahoo... in my entire life.

  5. It's not Google's fault... by overeduc8ed · · Score: 4, Funny

    It's not Google's fault -- gmail is still in beta! :)