Home

Point-and-Click Gmail Hacking Shown at Black Hat

not5150 writes "Using Gmail or most other webmail programs over an unsecured access points just got a bit more dangerous. At Black Hat Robert Graham, CEO of errata security, showed how to capture and clone session cookies very quickly over connections without encryption. He even hijacked a shocked attendee's Gmail account in the middle of his presentation. 'While Ou was typing, Graham was running Ferret and sniffing all the cookies that were being sent from Ou's laptop and Google. Graham then clicked on Ou's IP address and Gmail page, complete with Ou's recently sent message on the screen. We photographed both Graham's and Ou's laptop at that time and posted it to the picture gallery. You'll see that the contents are exactly the same.'"Read more of this story at Slashdot.


Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <b> <i> <em> <strong> <cite> <blockquote> <a>
  • Lines and paragraphs break automatically.
  • Images can be added to this post.
  • Each email address will be obfuscated in a human readble fashion or (if JavaScript is enabled) replaced with a spamproof clickable link.

More information about formatting options

To combat spam, please enter the code in the image.