Thursday, August 23, 2007

Advanced Google Searching (Google Hacking)

Google is a powerful search engine that hackers often use it to find passwords, and confidential or sensitive documents that companies do not realize are even available to the public. Most computer people use Google, but do not know how to use all of its search parameters. The term "google hacking" is a method used by unscrupulous people to not only uncovers sensitive data, but also to expose web server vulnerabilities. Here I list several Google search parameters and examples.



The syntax "filetype:" instructs Google to search for files on the Internet with specific extensions. For example: filetype:doc site:gov confidential Google will produce all the word documents, from all the gov domains that may contain the word confidential. Another example is, filetype:pdf site:com access-list. You may use any domain type, (com, gov, edu…)

The syntax "cache:" will display the version of the web page that Google has in its cache. For Example: "cache:www.microsoft.com" will display Google's cache of the Microsoft homepage.

The syntax "intext" searches for the words within a specific website and ignores the URLs and page titles. For example: intext:confidential will return only links to those web pages that has the search keyword " confidential " in its webpage.



The syntax "intitle:" instructs Google to search for pages that contain the words behind intitle: For example intitle:index of master.passwd will return pages within Unix or Linux where the master.passwd files are. /etc/passwd "allintitle:" will produce a list of all words in the title. Google will ignore the slashes.

intitle: examples:

intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

The syntax "inurl:" instructs Google to search for pages that contain specific words or characters included in the URL such as this inurl:windows. The results of this query will produce such pages that have the word "windows" in it. allinurl: will produces the results of URLs with all of the specified words in its query. allinurl:windows/cracks.

inurl: examples:

inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"




The syntax "link:" will produce a list of webpages that have a link to a specified webpage. For example: link:www.thenetworkadministrator.com will create a Google list of websites with links to www.thenetworkadministrator.com.

The Google syntax "phonebook" searches for U.S. street addresses and phone number information. For Example: "phonebook:James+FL" will list down all names of person having "James" in their names and located in "Florida (FL)".
The syntax related: lists web pages that are "similar" to a specific web page. For Example: related:www.thenetworkadministrator.com will list web pages that are similar to that of TheNetworkAdministrator's homepage.


The syntax site: instructs Google to search for keywords in a particular site or domain. For example: exchange site:microsoft.com will search for the keywords "exchange" in those web pages in all the links of the domain microsoft.com.



Related Posts:


LimeWire Hackers


Extreme Hacking Videos


Wirless Network Attackers


Hacking Login Windows Screen

Tuesday, August 14, 2007

Hacking Videos

.:: reaL hackinG videoS ::.




Hacking Internet Security Cameras





Extortion Spyware



Related Posts:


LimeWire Hackers


Wirless Network Attackers

Hacking Login Windows Screen

Advanced Google Search Keyword Hacking

Wireless Network Attackers

.:: Wireless Network Attackers ::.

Wireless hacking, or "Wardriving" is when someone from outside your home accesses your wireless network. In most case it is because the victim doesn't have security enabled on their wireless access point. The dangers of having a non-secure wireless access-point are: Spammers can send junk mail from your home, hackers and criminals can hack remote locations that are tracked back to you, your confidential information is exposed to anyone that parks outside your home with a laptop. You may also suffer some liability because attacks were launched from your home by the bad guys. Here is a video of Joe and I as we drove around the local new station, showed them hundreds of open wireless networks in minutes


Listed below are 8 Tips to

Top 8 Tips for Wireless Home Network Security

1) Change Default Administrator Passwords (and Usernames)

Changing the default password is important because everyone that purchases the same Wireless access device, knows your password.

2) Turn on (Compatible) WPA / WEP Encryption


By default, your Wireless device comes without the encryption enables. WPA / WEP are security programs that forced your computer to provide an encrypted password before you are allowed access to the wireless access point.

3) Change the Default SSID

SSID is the network name of your wireless network; most people leave the default name, such as, Linksys or NetGear. By changing the name, intruders have a more difficult time identifying your system and use known vulnerabilities. (And of course, use the unchanged default password.) One mistake people make is naming their home network their family name and or address. When cruising a neighborhood of wireless devices, its always scary to see Smithfamily201Elm.

4) Disable SSID Broadcast

In Wi-Fi networking, the access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may come and go. In the home, this feature is unnecessary, and it increases the likelihood an unwelcome neighbor or hacker will try to log in to your home network.

5) Assign Static IP Addresses to Devices

Most home networkers gravitate toward using dynamic IP addresses. This means that the IP Address, (the IP Address is needed to participate on a network.) is typically assigned automatically. A dynamic IP address on an unsecure system can also supply a hacker with a IP Address.

6) Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the "physical address" or "MAC address." Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hacker software programs can fake MAC addresses easily.

7) Turn Off the Network During Extended Periods of Non-Use

The ultimate in security measures for any wireless network is to shut down, or turn office your wireless access point when you are not using. You are the most vulnerable at work or asleep, and mischief minded people know it.

8) Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of "leakage" outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach across streets and through neighboring homes. When installing a wireless home network, the position of the access point or router determines it's reach. Try to position these devices near the center of the home rather than near windows to minimize this leakage.



Related Posts:


LimeWire Hackers


Extreme Hacking Videos


Hacking Login Windows Screen

Advanced Google Search Keyword Hacking

LimeWire Hackers

.:: LimeWire Hackers ::.

Limewire may be a convenient tool for downloading shared music and files, but it can also reveal your personal files.

If you know how to search Limewire, you will find thousands, even hundreds of thousands of personal and confidential documents, unknowingly shared on the Internet. Joe showed us tax returns, scanned copies of driver licenses, personal, and sexy pictures, and even banking account information...all for the taking by Internet "bad guys".

Listed below are some security tips to help protect you from having your personal data exposed in the Internet.

Click here to download the Video

Limewire Tip for Safe File Sharing

Limewire is a peer-to-peer file sharing program that lets you search and share file with other people on the Internet. Limewire is free to download and free to use. There are several problems with using a file sharing program like Limewire. Here we will show you how to keep from exposing your computer and your personal files from viruses and identity thieves.

What not to share


When you install Limewire, the program asks you if you want to search you computer for media files to share. This is where the first security problem can arise. Limewire will automatically search your hard drive for any media files then ask you if you want to share the folder those files are stored in. Unfortunately this search almost always asks the user if they want to share the windows system folder. If you were to share your windows system folder you will be sharing all of your computer's primary files to the internet and in worse case sinerios your password files will be exposed to these file sharing programs. The next folder to avoid sharing is My Documents. Let?s see what else gets saved in My Documents. Word documents, Excel spreadsheets, digital photos, your tax documents, scanned documents. Almost every program saves in My Documents by default. Then there are the people who find it easier to share their entire c:\ drive rather than go through the bother of finding the files they wish to share. These make everything on your computer accessible to the internet. So what should you do to share files? The safest way to share files is to create a directory set the directory's permission to read/write only. Then tell Limewire that is the only directory that you wish to share from.

What not to open


Anything, Do not open any files that you download from a file sharing network without scanning the file for viruses first. Viruses can look like any type of file and you are downloading these files from strangers. Virus writers and spammers will flood sharing networks with their malicious files. A favorite technique of virus writer is to name viruses similar to the most popular downloads.

Limewire is not a free iTunes


Downloading copyrighted material can get you into a lot of trouble. So how can you tell what material will not get you into trouble. Limewire will let you know when you are downloading unlicensed content. If it is unlicensed then it can get you into trouble. A good rule of thumb is if you have seen it in the movie theater or the music store then you probably could get in trouble for downloading.

Visit Joe's website at www.CRCIT.net for more Tips.

http://www.crcit.net/limewire.html



Related Posts:


Extreme Hacking Videos

Wirless Network Attackers


Hacking Login Windows Screen

Advanced Google Search Keyword Hacking

Sunday, August 12, 2007

802.11n wireless LAN Test's Results

802.11n wireless LAN tests show 'unbelievable' results at state college


The IT staff at Morrisville State College, where the first large-scale Draft 802.11n wireless LAN is being designed, ays the beta gear exceeds expectations. The school last week plugged in the first 10 production units of Meru Networks access points.

One issue still facing the college, however, is when and how to upgrade the electrical system for the high-throughput devices, 900 of which will eventually be deployed across campus

The New York college, near the state’s rural center, is in the final stage of building a pervasive campuswide WLAN based initially on Meru Networks’ existing 802.11a/b/g access points. Those will start to be replaced this month and next with the newest Meru access points, which have a chipset that supports 11n. The first ten of these were shipped to the college last week.

With 11n, users can expect to see throughput of 100M to 300Mbps, depending on how the access point and client adapter are configured. That compares with 20M to 25Mbps today for 11a and 11g WLANs. In addition, users can expect to see high throughput sustained over longer distances from 11n access points. In tests that began in June, Morrisville network administrators are finding that 11n is delivering on its promise.


“Some of the statistics [from the tests] were just unbelievable,” says Jean Boland, vice president of technology services for the college, in Morrisville, N.Y. “[In general,] speeds were five times that of 11g.” Often, they were higher: According to Boland, a 50MB file uploaded from a laptop to a network drive took 3 minutes, 51 seconds with an 11g connection, but 26 seconds with an 11n connection -- nearly nine times faster.


An 11n chipset built into a new notebook PC transferred the same file in 8 seconds. That specific result was so startling, the testers thought they had made a mistake and ran the test again, with the same result.


The tests use Meru’s beta 11n access points. The clients are existing laptops fitted with a 2.4GHz 11n Linksys USB adapter, and new Lenovo T61 Thinkpad notebook PCs with a built-in Atheros Communications 11n chipset that can run on the 2.4GHz and 5GHz frequencies.

WLAN distance differences


Morrisville Network Administrator Matt Barber runs the tests in dorms and student rooms, and near active areas where other access points and equipment operate. His team sets up the access point and clients, and each time runs through an identical set of data transfers, using different kinds of files, at specified distances from the access point, so the results can be compared.


As with 11a/b/g, the 11n connection speed drops as distance to the access point increases -- but not as much. “We’re losing a lot less of the speed as we move further away, compared to the effect we see in 11g,” Barber says.


In addition, the 11n data rate decreases in much smaller increments. The 802.11 standard specifies that data rates decrease by set amounts at certain distances, like steps. “11n has similar behavior, but it has many more steps,” Barber says. When clients are very close to the access point, the testers routinely record a rate of 280M to 300Mbps. Moving further away in stages causes the rate to drop to 240M to 279Mbps. “In some places, this is faster than if I plugged into the wall [Ethernet jack],” Barber says.


For Morrisville, raw distance is less important than penetration -- how well 11n can get through the cinder block and steel that are found in many of the campus’ 45-odd buildings. Again, 11n is paying off. “We’re seeing this [penetration] more than we expected,” Barber says.


“You might see with your laptop a dozen [11n] access points, though only two to three might be visible to your eyes,” Boland says The greater rate at greater distance means that Morrisville may be able to deploy slightly fewer 11n access points when the networl is fully converted to 11n later this fall. The main benefit, however, Boland says, is that the dense packing of 11n access points and the greater reach of 11n clients means that users will be more likely to find and keep a high-throughput connection.


“We’re designing the net so that we have lots of access points,” Boland says. “As you move further, another access point will be in range to keep that [data] rate up high.”


Tests will continue. The next priority is to find 5GHz 11n client adapters, either cards or USB devices.
So far, site surveys have been done in most campus buildings -- and conventional Meru 11a/b/g access points deployed in about 30 -- by IBM, which is the network integrator for the project. The remaining buildings will be done in August, so that returning students will be able to access the upgraded campus WLAN.

Thursday, August 9, 2007

A beginner's guide to BitTorrent

A beginner's guide to BitTorrent



Despite the fact that BitTorrent has been around for a good 6 years now, the lightning fast file sharing protocol hasn't completely taken off in the mainstream. Since we post a decent amount about BitTorrent around here, we figured it was just time we put out a beginner's guide to BitTorrent. This is the guide you can send to your friend next time he gets that glassy look in his eyes when you mention BitTorrent and how quick and easy it makes downloading albums educational, public domain videos and other large files.
Without going into too much detail, here's a crash course in the file sharing protocol that is BitTorrent (feel free to skip to the
How to find and download a file with BitTorrent section if you're not all that interested in the details).

What is it?

BitTorrent is not a program. It's a method of downloading files using a distributed peer-to-peer file sharing system. The programs that you use to download files via the BitTorrent protocol are called BitTorrent clients.
BitTorrent is not like Limewire/Kazaa/Napster/other P2P programs you've used in the past. This is often the biggest source of confusion for people new to BitTorrent. It's not difficult to use, it's just different. As soon as you forget about your old file-sharing program (and you will once you start using BT), the easier it will be to start using BitTorrent.


How does it work

What makes the BitTorrent protocol unique is that it distributes the sharing of files across all users who have downloaded or are in the process of downloading a file. Because BitTorrent breaks up and distributes files in hundreds of small chunks, you don't even need to have downloaded the whole file before you start sharing. As soon as you have even a piece of the file, you can start sharing that piece with other users. That's what makes BitTorrent so fast; your BitTorrent client starts sharing as soon as it downloads one chunk of the file (instead of waiting until the entire download has been completed).

In order to download a file like the educational public domain video we mentioned above, you have to find and download a torrent file (which uses the .torrent file extension) and then open it with your BitTorrent client. The torrent file does not contain your files. Instead, it contains information which tells your BitTorrent client where it can find peers who are also sharing and downloading the file.

How to find and download a file with BitTorrent

Now that you've got a better idea of the terminology and process behind BitTorrent, let's jump right into using BitTorrent.
First you need to download a BitTorrent client (the program that manages your BitTorrent downloads). I'd recommend:


.uTorrent for Windows
.Transmission for Mac
.Azureus or KTorrent for Linux (Actually, Azureus is cross platform, meaning it will work on Windows and Mac, but on those platforms it's not nearly as lightweight as the alternatives listed above.)

Search for a good torrent. There are a handful of really good web sites for downloading torrents (that's right, you search for torrents on the internet). The sites I'd recommend (in no particular order) are:

Mininova
The Pirate Bay
isoHunt
TorrentSpy
btjunkie
Demonoid (Demonoid is sort of a members only site, but if you can get yourself a membership, it's one of my favorites [and a great place to find more esoteric downloads].)

Try out whichever one you like. One might fit your tastes better than another, but I've had good experiences with all of these. From this point, search the site using their search box like you're using Google—just type in the name of what you're looking for. You'll likely get several results, but you want to choose the torrent with the highest number of seeders (indicated in most BitTorrent search results under a field labeled 'S'). Seeders are people who have already downloaded and are sharing the entire file. The more seeders, the faster your download will be. Some sites also provide you with a health meter, which is generally a measure of seeders vs. active downloaders.

Download the torrent. Once you've found a good and healthy torrent, find the download link and download the torrent. Your browser will ask you what you want to do with the file, so be sure to tell it to open the torrent in the BitTorrent client you downloaded above.


Your BitTorrent client will open and (possibly) ask you where you want to save the file(s). Pick your save location, hit OK, and that's it; your file will begin downloading. If you're not impressed with the speed at first, be patient. It can sometimes take a minute or two before the download ramps up to full speed. If you're still not happy, try searching for another torrent with more seeders.


That's it?

Yep, that's it. That, in a nutshell, is how to download files using BitTorrent. There can be more to it, of course, if you want to dive in a bit deeper. For example, you can run through the Speed Guide in uTorrent to improve your download speeds (the guide is fairly self explanatory—just go to Options -> Speed Guide to get started), download select files from the torrent rather than every file, throttle your bandwidth, and so on, but this basic guide should get you started.

Also, to ensure you stay in good standing in the BitTorrent community (and aren't labeled a leecher), you should always try to upload as much as you download. Most BitTorrent clients keep track of your upload/download ratio, and you should generally continue sharing a file until your ratio reaches 1, after which you can feel free to remove it from your client (the file will remain on your computer—you just stop sharing it).


Source
:
http://lifehacker.com

Wednesday, August 8, 2007

'Freelancers Toolbox' - 30+ Online Freelance Resources


For Freelance Photographers



iStockPhoto - the leading stock photos site.
Fotolia - a “web 2.0″ version of iStockPhoto.
PhotoStock Plus - Sell your photos worldwide to a large variety of clients.
eXpress Digital - Set up your own online store front for selling your photography.
SmugMug - Take pictures, set your prices and earn a profit selling from your own virtual gallery.
ImageKind - Setup a free online gallery and sell your art online as framed prints.
Shutterstock - Submit your photos and get paid a commission every time they are downloaded.
ImageCatalog - Earn a forty percent commission when someone downloads your photos.
Big Stock Photo - Submit your images for review and if approved you will get paid for others downloading them.
StockXpert - Earn fifty percent commission for selling your stock digital photos through their website.

For Freelance Writers


Blue Mountain Arts - Pays you up to $300 dollars for accepting and publishing your poetry in their greeting cards.
WritingCareer.com - Hundreds of freelance writing jobs plus articles and career advice for freelance writers.
PoeWar.com - Small directory of freelance writing jobs and resources for freelancers.
Recycled Paper Greetings - Greeting card manufacturer that hires freelance writers and artists to create their cards.
Helium - Select a topic, write an article and earn a commission from the advertising revenue.
Online Writing Jobs - Fairly extensive, well maintained job directory for freelance writers.
WritersWeekly - Popular freelance writing ezine. Great for finding jobs, news and resources in the freelance market.

For Freelance Programmers

RentACoder - Locate and bid on open ticket coding jobs and get paid when you fulfill their request. Check for Comments abt RentACoder at the end of this page.
DesignQuote - Free job search for freelance programmers and web designers.
ScriptLance - Hundreds of new programmer projects listed daily. Place your bids on open projects and pick up some side work.
iFreelance - Many available opportunities for programmers, web designers and graphic artists.
Heritage Web Solutions - Hosting company that hires freelance designers and programmers to build their customers sites. Must submit your portfolio for consideration.
Freelance Auction - Freelance web designers can place bids on proposals. Requires you pay them a commission from your earnings if you get the job.



Misc. Freelance Job Resources




Elance - Freelance job search database covering positions in writing, website development, graphics art and more.
Go Freelance - An extensive database of freelance positions. This is a paid service.
Guru.com - Very large free online marketplace for freelancers. Many freelance job types available.
GetAFreelancer - Huge selection of freelance jobs for programmers, web designers, graphic artists, writers, photographers and many more.
Craigslist - The internet classified giant has listings for freelancers too.
Freelance Portfolios - Free service that allows you to create a virtual portfolio highlighting your expertise as a freelancer.
SoloGig - Nice directory with everything listed from senior software developers to at home wine tasters. Worth taking a look.
FreelanceJobs.org - Freelance directory for web designers, adminstrative, sales, writing, translations and more.
Project4Hire - Ton of different job categories for freelancers. Bid on proposals and make some money.

100 Websites You Should Know and Use

100 Websites You Should Know and Use
The Web is constantly turning out new and extraordinary services many of us are unfamiliar with. During TED University at this spring's TED2007 in Monterey, Julius Wiedemann, editor in charge at Taschen GmbH, offered an ultra-fast-moving ride through sites in many different areas, from art, design and illustration, to daily news, blogs and curiosity. Now, by popular demand, here's his list of 100 websites you should know and use >>


CURIOSITY & KNOWLEDGE


GRAPHICS, MUSIC & ARTS


E-COMMERCE EXPERIENCE


SEARCHING & FINDING
msdewey.com [Requires Flash]


ONLINE RESOURCES


TOP INTERACTIVE EXPERIENCE CREATORS

Monday, August 6, 2007

Tips on Job Application

.:: Tips on Job Application ::.
A job application represents your first and possibly only opportunity to impress an employer into wanting to hire you. An application can make or break your chances of success with landing a job, so in this article, we'll let you in on some tips that can help make your job application stick out amongst the stack.
When you first go in to apply, be sure to be polite to the receptionist or whatever person you encounter that is getting you the application. Bosses sometimes ask these people their initial impressions of the applicant, and if you are polite and kind, you may stick out amongst the rest.
You should use a pen with blue or black ink when filling out an application. Pens are more formal then pencils, and any other color ink will be distracting to the person perusing your application. If you're unsure of your ability to fill the application out properly the first time, you may want to bring an erasable pen.
Another factor that employers often use when testing applicants is to see how exactly how prepared of a person the applicant is. Be sure to bring a pen with you when you are applying; asking the receptionist for a pen is seen as bad form by many bosses.
Be sure to bring with you a quick fact sheet based on your personal information that may come into play on the application. Be sure to have references, past job experience, and other notable application information with you so that you don't have to leave to find out the address or phone number of a former employer.
Be sure not to leave any blanks on the application. If there is a box that doesn't apply to you, don't leave it empty; employers may think that you just missed it. Write ‘Not Applicable' in the By Jonathon Hardcastle.
If you have noticeable periods of unemployment between jobs in your job history, be sure to note on the application exactly what the cause of your lack of work was, such as saying that you were going to school for a period of time.
These quick hints can make the difference between whether or not you are chosen for your desired position. By being prepared and confident while undergoing the application process, you may seem of high stature to your future employer, furthering your chances at getting the job. Best of luck!
Jonathon Hardcastle writes articles on many topics including Employment, Family, and Education.

Online BackUp Storage


Mozy is a very good online Data BackUp service around. The good thing about it is that you don't notice that it is there, it backs up your files without interrupting your work and in case of a disaster (lets hope this won't happen), you can easily restore your files. It's free, 2GB automated backup of all your photos, music, videos and documents.
You can schedule daily or weekly backups or you can let the automatic backup happen.
If you decide to sign up then use my referral code BM8H98 and we BOTH get an extra 256MB free. if you want the link.


https://mozy.com/?ref=BM8H98

* Use the above link to SignUp on Mozy.Com you can have more than 2GB.

Certifications Exams

Preparing for any Microsoft certification exams? Click the link below for any kind of help for certification exams.... Free online exams for GRE, TOFEL, CCNA, MCSE, MCSD, NOVELL, MICROSOFT and many more at


Microsoft Certification Exams
http://www.testsworld.com/microsoft/


Cisco Certification Exams
http://www.testsworld.com/cisco/


IBM Certification Exams
http://www.testsworld.com/ibm/default.asp


Oracle Certification Exams
http://www.testsworld.com/oracle/default.asp


Sun Certification Exams

http://www.testsworld.com/sun/default.asp


Novell Certification Exams
http://www.testsworld.com/novell/default.asp


PMI Certification Exams
http://www.testsworld.com/pmi/default.asp


Sybase Certification Exam
http://www.testsworld.com/sybase/default.asp


Red Hat Linux Certification Exam
http://www.testsworld.com/redhat/default.asp


Check Point Certification Exam
http://www.testsworld.com/checkpoint/default.asp


Certified Internet Webmaster Certification Exam http://www.testsworld.com/ciw/default.asp

Friday, August 3, 2007

BLACK HAT - Researchers: Web apps over Wi-Fi puts data at risk

Web apps over Wi-Fi puts data at risk
Users who access Google's Gmail or the Facebook social-networking site over Wi-Fi could put their accounts at risk of being hijacked, according to research from Errata Security Inc., a computer security company.

It's not just those sites but any rich Web applications that exchange account information with users, including blogging sites such as Blogspot or even software-as-a-service offerings such as Salesforce.com, that could pose a risk for users, wrote Errata's Robert Graham, CEO, and David Maynor, chief technology officer, in a paper.

Most Web sites use encryption when passwords are entered, but because of the expense, the rest of the information exchanged between a browser and a Web site is not encrypted, they wrote in a paper presented at the Black Hat 2007 security conference in Las Vegas this week.
Using a packet sniffer, which can pick up data transferred between a wireless router and a computer, it's possible to collect cookie information while a user is accessing one of those sites over Wi-Fi.


Cookies consist of bits of data sent to a browser by a Web site to remember certain information about users, such as when they last logged in. Included in the cookie can be a "session identifier," which is another bit of unique information generated when people log into their accounts.
By collecting cookie information and the session identifier with the packer sniffer and importing it into another Web browser, the hacker can get inside a person's account. The attacker may not, however, be able to change a person's password, since many Web 2.0 applications require a second log-in to change account information.


Nonetheless, it could allow a hacker to create blog postings, read e-mail or do other malicious activity. Meanwhile, the victim is directed to a version of the Web page they intended to visit, which Errata calls "sidejacking."

There is a remedy, however. "The consequence of this is that users should never use a Wi-Fi hot spot unless they are using VPM (virtual private networking) or SSL (secure sockets layer) to access their accounts," they wrote.

Download PDF2Word v3.0

Download PDF2Word v3.0
Moved To: