GMail at gunpoint
Robert Graham, CEO of Errata Security, said that encryption services from companies like Google Gmail can provide access to temporary files (session cookies). This is a continuation of his messages, made in August 2007, that the SSL HTTPS sessions should have better protection.
Graham, who works with David Maynor, created two tools (Ferret and Hamster) that together help him access temporary files, such as a local hot spot, such as an Internet cafe. Temporary files allow you to shop at online stores and then return to the store page later without re-entering your password. Using temporary files received from the user's PC, do not even have to decode the password, writes The Register.
Graham made a demonstration of the attack on his Gmail account during the Black Hat USA 2007 conference, showing how to get into the Inbox.
')
Now Graham in his blog says that Gmail, in particular, connects to the hot spot primarily through Javascript, not SSL, and this allows you to use the service to read temporary files and access someone else's email. The same may apply to Amazon.com and other Web 2.0 sites.
Read more
Graham, who works with David Maynor, created two tools (Ferret and Hamster) that together help him access temporary files, such as a local hot spot, such as an Internet cafe. Temporary files allow you to shop at online stores and then return to the store page later without re-entering your password. Using temporary files received from the user's PC, do not even have to decode the password, writes The Register.
Graham made a demonstration of the attack on his Gmail account during the Black Hat USA 2007 conference, showing how to get into the Inbox.
')
Now Graham in his blog says that Gmail, in particular, connects to the hot spot primarily through Javascript, not SSL, and this allows you to use the service to read temporary files and access someone else's email. The same may apply to Amazon.com and other Web 2.0 sites.
Read more
Source: https://habr.com/ru/post/19768/
All Articles