Slashdot Mirror

← Back to Stories (view on slashdot.org)

Point-and-Click Gmail Hacking Shown at Black Hat

Posted by Zonk on from the man-they-get-all-the-fun-demos dept.

not5150 writes "Using Gmail or most other webmail programs over an unsecured access point just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"

2 of 260 comments (clear)

  1. Re:Slow News day? by zippthorne · · Score: 4, Interesting

    That's odd. I go to https://mail.google.com/ and at no time during the login process do I ever see the address bar go from yellow to white. Are you sure it still works the way you say? Or is it sending something unencrypted so fast that I'm just not noticing (which would be kind of worrying).

    --
    Can you be Even More Awesome?!
  2. Re:Slow News day? by tom17 · · Score: 4, Interesting

    Seemingly neither do the people in the comments section at the bottom of TFA :-(

    Worrying.