Slashdot Mirror

← Back to Stories (view on slashdot.org)

Point-and-Click Gmail Hacking Shown at Black Hat

Posted by Zonk on from the man-they-get-all-the-fun-demos dept.

not5150 writes "Using Gmail or most other webmail programs over an unsecured access point just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"

3 of 260 comments (clear)

  1. Re:psh by Applekid · · Score: 4, Funny

    Maybe not, but the heavenly smell is basically a SSID broadcast of their existance to those interested in finding them.

    --
    More Twoson than Cupertino
  2. Re:thank god... by Howitzer86 · · Score: 4, Funny

    I have never heard of anyone thanking God that they use Yahoo... in my entire life.

  3. It's not Google's fault... by overeduc8ed · · Score: 4, Funny

    It's not Google's fault -- gmail is still in beta! :)