Side Jacking– Now Secure is not secure

A security researcher at the Defcon hacker conference in Las Vegas demonstrated a tool that allows attackers to break into your Inbox even if you are accessing your Gmail over an encrypted session.

If you use Gmail and haven’t yet taken advantage of a feature Google recently provided to prevent hackers from hijacking your inbox, now would be an excellent time to do that (click here, and read Tip #1).

A security researcher at the Defcon hacker conference in Las Vegas demonstrated a tool that allows attackers to break into your Inbox even if you are accessing your Gmail over an encrypted session (i.e. using https://.. which you might recognize as the “gold lock” icon).

Here is a video demonstration of how an attacker would use an automated tool to hijack your login. The music may strike you as offensive, and there’s no narrative, so feel free to mute the sound.

(Well.. once again WordPress is preventing me from embedding the video. To watch it, please click here, Surf Jacking Gmail demonstration.)

While it may seem like Gmail is being singled out here, you should realize that other websites are vulnerable to side-jacking and cookie stealing too.. notably Facebook (I mention it because it has so many users), but Gmail is one of the few sites that allow you to thwart this attack method.

So how do you prevent side-jacking? Here are some simple, but inconvenient, solutions you can use to protect your data.

* If possible, avoid using public or open wireless networks.

* If you need to use a public wireless network, do not access Web sites that require personal information.

* Always use the “logout” feature when finished with a Website that requires a login ID/password.

* For Gmail, click the link in my first paragraph and set the “Always use” option.

* When you need to provide sensitive data in forms, such as if you are doing online banking, open a new instance of your browser and complete your transaction; logout, and close that Browser. Do not open any other websites in that browser.

Folks, the Internet is broken.. and it is the hunting ground for criminals. Please.. let’s be careful out there (and by careful, I mean “paranoid”).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s