Thread: Wi Fi Hacking & VPN (Watchdog)
View Single Post
Old 30-10-2009, 13:57   #18
Raistlin
Inactive
 
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
Raistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered stars
Raistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered starsRaistlin is seeing silvered stars
Re: Wi Fi Hacking & VPN (Watchdog)
Quote:
Originally Posted by jamiefrost View Post
As far as I know this method does not invlove passwords at all, I think its along the lines of getting the 'session ID' and using that info to get into the account.

Not sure about stopping you from logging out but I think this along the same lines as the session still being active.

Another method is to setup a false hot spot duplicating t-mobile / openzone etc and foolign you into thinking you are connected to a proper free-wifi hotspot.

JJ
The video clearly shows some of the software that they're using, specifically a piece of software designed to capture packets of traffic off the network. Given that most people are logging in over unencrypted channels this is by far the easiest way to accomplish what they showed in the video.

As for capturing your session, I don't think that's quite what they're doing (although I'm happy to be shown wrong). I think that they're actually not 'capturing' the session, but interfering with the traffic that's being passed as part of it. I would be very (VERY) surprised if gMail was susceptible to session hijacking attempts. It's more than likely a sophisticated man-in-the-middle attack, and given that there happens to have been a nice new tool for this sort of tomfoolery released recently.....

---------- Post added at 12:57 ---------- Previous post was at 12:52 ----------

Quote:
Originally Posted by Russ View Post
With all this taken in to account, are these any good?
VPN software is the best defence really, but it relies on you having an end-point to connect your VPN software to.

Typically the idea would be that you set up a VPN end-point on a trusted machine/network. You then connect to that end-point using the VPN software on your laptop, this establishes an encrypted 'tunnel' between you and the end-point, it also (to all intents and purposes) means that you are now vitually connected to the network that the end-point is sat on (hence 'Virtual' Private Network).

Then, when you browse the Internet, all the traffic to or from your laptop goes through that tunnel, and you're actually browsing from the network that your end-point is sat on. Provided that end-point (and the connection it has to the Internet) is trusted and secure then you're safe. Given that most people will configure this so that your end-point is on your home Internet connection you're effectively as safe as you are plugged in and browsing from home, albeit from anywhere in the world that you choose to be.
Raistlin is offline   Reply With Quote