At the convention, Graham was able to hijack someone’s Gmail account during his unscripted demonstration.
The attack is actually quite simple. First Graham needs to be able to sniff data packets and in our case the open Wi-Fi network at the convention fulfilled that requirement. He then ran Ferret to copy all the cookies flying through the air. Finally, Graham cloned those cookies into his browser – in easy point-and-click fashion - with a home-grown tool called Hamster. -Source TG Daily
The attack is able to hijack sessions in just about any web application that uses cookies. He was able to successfully break into the big three: Gmail, Yahoo! Mail and Hotmail.
As Graham stated, “I see ten people’s cookies on my screen, I just need to click on the guy’s IP address and I’m in. Once you get someone’s Google account, you’d be surprised at the stuff you’d find."
How You Can Protect Yourself
What can you do to safeguard your email, especially in public Wi-Fi hotspots? Be sure to use a secure login (HTTPS instead of HTTP) every single time. This will send your credentials over an encrypted Secure Sockets Layer (SSL), which will encrypt your login session and prevent your cookies from being cloned.
For Gmail: Use https://mail.google.com/mail/
For Yahoo!: Click the "Secure" link below the "Sign In" button.
For Hotmail: Click the "Sign in using enhanced security" link on the sign in form.
If you have any login pages (for any type of online account) bookmarked, be sure to check and see if they have secure login pages available. Then, update your bookmarks to those pages.
0 comments: on "Gmail And Yahoo! Mail Hacked - How To Protect Yourself"
Post a Comment