Comments on: SideJacking - Stealth WiFi Attack

By: Researcher

Researcher — Tue, 28 Aug 2007 02:35:27 +0000

@Jordan: The “https” recommendation for not getting sidejacked isn’t necessarily a good solution. See this article.

By: Jordan

Jordan — Thu, 16 Aug 2007 20:50:12 +0000

I gotta say, that topic is pretty under-whelming to me. Was anybody really surprised at this result? Of course people use plain text and on open wifi networks their credentials (session cookies or otherwise) are often vulnerable. Hardly new or exciting.

A whole new term: “sidejacking”? This is /not/ an attack worthy of a new name.

VPN first, change your bookmark to https://gmail.google.com/ any number of easy ways to not get caught.

By: Dragos Lungu

Dragos Lungu — Thu, 16 Aug 2007 20:35:20 +0000

Actually you don’t need to run another fake AP like the Evil Twin attack . All you need to do is hook up to the public (crowded) AP and start sniffing. It’s a lot easier.

Apart from SSL / VPN, you are right, applications should require 2FA at least for sensitive operations.

I doubt however that (free) webmail apps will integrate 2FA anytime soon and I’ve seen more than once confidential data sent by yahoo / gmail

By: dre

dre — Thu, 16 Aug 2007 20:09:42 +0000

Evil Twin is a better attack and has been known for quite some time. There are many tools to inject or read cleartext data off of any wired or wireless transmission or insert yourself as MITM or MITB.

If the website is intelligent, they will make sure that any real transactions (setting a new password, changing an email address, anything involving a purchase, etc) require the full 2FA or MFA.

If you think about it, cookie poisoning is similar to ARP poisoning, parameter tampering (a cookie is just a parameter in the HTTP header) or any other spoofing breach of confidentiality and non-repudiation.