[LINK] don't use webmail in public
Kim Holburn
kim at holburn.net
Fri Feb 1 20:49:33 AEDT 2008
It would seem to be a bad idea to use webmail in public internet
places like wifi hotspots etc. because your system and browser leak
cookie data.
http://blog.wired.com/27bstroke6/2008/01/ssl-gmail-not-a.html
<http://tinyurl.com/yroz32>
> SSL Gmail Not As Safe As You Thought
> By Kim Zetter EmailJanuary 31, 2008 | 9:58:01 PMCategories: Hacks
> and Cracks
>
> Google_logoOne of the big stories at DefCon last year was a
> security researcher's demonstration of wirelessly sniffing users'
> session cookies while they accessed their e-mail accounts or
> conducted e-commerce transactions via wireless networks. The attack
> allowed a hacker access to the victim's Gmail or Hotmail account
> without needing to decipher the user's password.
>
> Now the security researcher who presented that info has found that
> even using SSL HTTPS to access your Gmail account -- which was
> touted at the time as a surefire way to protect Gmail users against
> such an attack -- is vulnerable to this hack.
>
> Robert Graham of Errata Security says he's been able to grab
> session cookies even when users access their account in a
> presumably secure manner. He describes the vulnerability
http://erratasec.blogspot.com/2008/01/more-sidejacking.html
<http://tinyurl.com/25zwc6>
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link
mailing list