Feeds

Flash: Public Wi-Fi even more insecure than previously thought

How to gain permanent access to Gmail accounts

Secure remote control for conventional and virtual desktops

Black Hat Users of Yahoo! Mail, MySpace and just about every Web 2.0 service take note: If you access those services using public Wi-Fi, Rob Graham can probably gain unlimited access to your account - even if you logged in using the secure sockets layer protocol.

Graham, who is CEO at Errata Security, demonstrated the hack to attendees of the Black Hat security conference in Las Vegas. The technique uses a plain-vanilla network sniffer to read the cookies returned by Google Mail, Hotmail and scores of other sites after a user has entered login credentials.

The websites rely on the cookie as a session ID to validate the browser as belonging to the person who just logged in. By copying the cookie and attaching it to a completely different browser Errata Security researchers showed it was easy to gain unfettered access to the accounts of others.

Picture of Rob Graham with notebook computer sitting on his lap

Rob Graham displays the Gmail account of an unsuspecting Black Hat attendee

"If I sniff your Gmail connection and get all your cookies and attach them to my Gmail, I now become you, I clone you," Graham said during a presentation on Thursday. "Web 2.0 is now fundamentally broken."

The technique allowed Graham to open the Gmail account of an unsuspecting Black Hat attendee who had used the conference access point to get his email. Although the Errata Security chief closed the window several seconds after accessing it, nothing short of good manners prevented him from reading the person's messages, or, for that matter, accessing maps, calendar or other Google properties used by that person.

The hack caught our attention because it shatters a common assumption concerning secure surfing on public access points. Up until now, we felt relatively safe using hotspots to access email as long as we logged in with an SSL session. Yes, we knew that any subsequent pages that were not appended by "https" in the address bar were were susceptible to snooping, but intruders still had no way to access the account itself.

Now we know better. Any session that isn't protected from start to finish by SSL is vulnerable to the hack. And because session IDs generated by most sites are valid for an indefinite period, that means intruders could silently access our accounts for years - even if we regularly change our passwords.

The only way Graham said he knew to work around the vulnerability is to use Google and select options that automatically keep Gmail, Google Calendar and several other properties encrypted throughout the entire session. (Check our Defcon Survival Guide for more on this.) If you use most other services, you're out of luck, as they all switch to an unencrypted browsing mode after login. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.