'What they know and you don't, can really hurt you! Now Black hat wants to prove it!

Sidejacking' Tool Unleashed
— Kelly Jackson Higgins, Senior Editor, Dark Reading

AUGUST 2, 2007 | LAS VEGAS -- Black Hat USA -- Here's another reason not to use WiFi unprotected: Hackers can "sidejack" your machine and access your Web accounts, researchers demonstrated here today as part of the "Simple Solutions to Complex Problems from the Lazy Hacker's Handbook." (See Black Hat: How to Hack IPS Signatures.)

Robert Graham, CEO of Errata Security, showed -- and released -- his new Hamster tool, a more powerful version of his Ferret WiFi sniffer that can grab users' Gmail, Yahoo, and other online accounts. Hamster basically clones the victim's cookies by sniffing their session IDs and controlling their Website accounts. (See Joke's on Me and Tool Uncovers Inadvertent 'Chatter'.)

"You can be in a café and see a list of people browsing [over WiFi]. And you can highjack and clone their Gmail system, for example, Graham says. "We know it's theoretically possible, so we wanted to prove it... This is very powerful because it's so easy to do." More

Comment in the Forums