Jump to content
Science Forums

Please Set Your GMail to Secure Mode

alexander
 Share

Recommended Posts

alexander Newbie

alexander

Posted
Posted

I don't know how many of you follow what happens at Defcon, but many of you should, because it is the biggest black-hat conference of the year, newest volnurability vectors get described, and newest tools get put out. Genreally, if a tool is put out, there is generally a fix, such is the case with Surf Jack, a neat tool to steal gmail cookies.

 

Here's the thing, Google, as well as many other giants, set session cookies such that one can access the logged in account over HTTP or HTTPS. Utilizing this neat feature, Mike Perry has created a tool to hijack google cookie data. But utilizing the neat feature allows him to hijack the data, whether you logged in with http or https. It does this quite simply, if your session data is encrypted over HTTPS, next time you send a dns request, the tool forwards you to http:// and the session data is stolen.

 

Luckily for you, well, us, google has a fix. In your gmail settings, scroll all the way down, and select "Always use HTTPS". This will restrict the http access, and disallow the clear passing of the session data. Also remember, any time you use WiFi, to log into an account, ALWAYS log off that account when you are done...

 

My security tip of the day...

Link to comment
Share on other sites
alexander Newbie

alexander

Posted
  • Author
Posted

Because gathering session data wirelessly is even simpler. I love scapy, it's got to be my most favorite python program ever. Tools written on top of scapy are interesting, yet very dangerous, one such tool is called WiFiZoo, aimed as sniffing authentication data, right out of the air... Not just GMail data, any handshake, secure or not... and then with a flick of a mouse (has a very nice web interface) shazaam, you are able to use the data to get into the session, and it does not matter that you are on different IPs, scapy can bend (change) all of that...

Link to comment
Share on other sites
freeztar Newbie

freeztar

Posted
Posted
Because gathering session data wirelessly is even simpler. I love scapy, it's got to be my most favorite python program ever. Tools written on top of scapy are interesting, yet very dangerous, one such tool is called WiFiZoo, aimed as sniffing authentication data, right out of the air... Not just GMail data, any handshake, secure or not... and then with a flick of a mouse (has a very nice web interface) shazaam, you are able to use the data to get into the session, and it does not matter that you are on different IPs, scapy can bend (change) all of that...

 

But it can only sniff it out as it is being transmitted, correct?

Link to comment
Share on other sites
freeztar Newbie

freeztar

Posted
Posted
ok, if you sign out the cookie data is invalid, and noone can just log in using that...

 

But wouldn't they use it right after you log in anyways. :shrug:

I see what you're saying though.

DNS servers are patched, problem is, the dns games will never leave the local network, especially on a wifi net :phones:

 

At the risk of going off topic, how exactly would that work? Is it like, someone is wardriving, finds your SSID and monitors traffic acting as a relay between the router and the victim? How would it work for a wired network?

 

Sorry for all the questions, but I'm generally non-chalant about "lock-down" security and you're making me think that I need to learn about this stuff much more.

Link to comment
Share on other sites
alexander Newbie

alexander

Posted
  • Author
Posted
But wouldn't they use it right after you log in anyways.

50/50 there, probably not, but they may...

 

acting as a relay between the router and the victim

well, no, there is a jump you've made there, in order to act as a relay, you need to poison arp. If someone is wardriving, they are just monitoring packets on an AP, not in between, just catching rf data going out in all directions... MITM comes if they are able to connect, identify their target and successfully execute a Man In The Middle, whether by ARP poisoning, or by taking over the AP. At this point all your traffic is flowing through them, and yeah, all your base are belong to them.

 

How would it work for a wired network?

similarly, arp poisoning works on a wired network to execute a MITM, and unless you are running one of those nifty 5k cisco boxes thats all up to date, your wired network is very volnurable to a MITM, and as i said, once the attacker is successfully executing that, you are screwed ;) er :)

 

MITM can be executed using other protocols. One can create a rougue DHCP server on a network (you can see how dangerous that is), one can create a rougue DNS server, or bring down the network dns server and set up a computer to act as one (that would be really deep penetration)... I mean there are a plethora of ways to do it on a wired network...

Link to comment
Share on other sites
alexander Newbie

alexander

Posted
  • Author
Posted
Question is this only a G-Mail problem?

 

Google, as well as many other giants

 

yes, chances are that your other email accounts are susceptible to this attack vector... problem is, it is likely that they have not fixed the possibility of such attacks though, at least i have not seen the report yet ;)...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...