At the recent Black Hat security convention, Robert Graham, the CEO of errata security demonstrated on camera how he hijacked a Gmail session and read the victim’s emails. He sniffed the Wi-Fi network for cookies and copied them into his notebook using his self-made tool, Hamster. The hack doesn’t need the victim’s username or password to work. It only requires an IP address.
This hack has been reported to work on almost any cookie-based web application. Therefore, other web-based email services Yahoo Mail and Hotmail is vulnerable as well.
The good news is that this hack can be easily prevented with the use of SSL or any other types of encryption. However, it is reported that Internet users seldom use these form of security measures when accessing the emails thus putting them at risk.
For example, accessing Gmail from http://mail.google.com will lead you to an SSL page where you insert your username and password. However, you will then be redirected to a non-SSL page to access your emails which puts you in a vulnerable situation.
On the other hand, accessing Gmail from https://mail.google.com (doesn’t work for me that’s why I’m using https://mail.google.com/mail?tab=wm instead) forces Gmail to redirect you to an SSL page after login.
There are some photos of the hacking demonstration available. Remember to always use an SSL page (https) whenever there is such an option. Protect yourself online.
Stumble it!
Share it!
Subscribe to my feed
Links. You have probably seen thousands of it. If of any chances that you have not, here is a link to this technology blog, another to my personal blog and another to my first blogspot blog.
The usual method a webmaster or a blogger formats their links are by changing its font colour, background colour or underline. Therefore, all the links pretty much works the same way. If you are interested in checking out a different type of link, here is something interesting for you.
Scrollovers is an easy way to give your website that distinct identity over the rest the websites on the Internet. Scrollovers is built on standard HTML, Javascript and CSS. Therefore, integrating it into any websites will be easy.
Scrollovers has been tested and works perfectly on these browsers:
- Firefox 2.0
- Internet Explorer 7
- Internet Explorer 6
- Internet Explorer 5.5
- Safari 3 (Windows)
- Opera 9
Hop over to Scrollovers now to get a look and feel of what it is all about.
Stumble it!
Share it!
Subscribe to my feed
Some of us may have been waiting anxiously for WiMAX to arrive in Malaysia. The news was that it should start to roll out at the end of this year. However, I was shocked when I stumbled upon an article just a while ago.
telecomasia.net has reported on the 31st July that Malaysia will delay WiMAX rollout until middle of 2008.
(Business Times via NewsEdge) Malaysia has delayed the rollout of high-speed wireless Internet services to the middle of next year, to minimize potential glitches, Energy, Water and Communications Minister Datuk Seri Dr Lim Keng Yaik said.
I didn’t read anything about this in the newspaper (maybe I missed it). After checking TheStar’s online achieve, I still couldn’t find any article reporting on it. I’m not sure how true this story is but if it is reliable, I’m sure I won’t be the only disappointed man in Malaysia (because Streamyx sucks).
They delayed the rollout to give more time to the four license holders to build a stable infrastructure. I guess it’s better to wait a little longer and get a reliable (and fast!) internet connection than to face the same problem that some/most of us are facing now.
I just hope it won’t be delayed again.
Stumble it!
Share it!
Subscribe to my feed
I’ve been getting a lot of spam comments lately. Thank goodness for Akismet or else I’ll need to delete them one by one. However, it still bothers me because I have to filter through the Akismet spam list before deleting them. That’s because false positives do happen occasionally. One thing I notice is that some of the spam comments that I’ve been getting lately has “evolved”. They no longer look gibberish and “spammish” like it used to be.
There are those type that sounded like Martians trying to speak English while adding drug keywords (bold) every now and then.
Enhance vaccine were resolved phendimetrazine to primary spokesman. They all and loss phencyclidine only two phenazopyridine for vaccines gene. Cerebral hemispheres front lines phenazine not always phenaphen governance. For these doctors who phenytoin they were phenyltoloxamine off in phenylpropanolamine tail. Patient beds insurance premium phenylhistine medicine will phenylephrine pr introduct phenyleph self.
There are those that is written in good English but has a flaw because it uses the whole “title” of the post (eg. Indexed By Search Engine Faster at TenthOfMarch.com).
I couldn’t understand some parts of this article ndexed By Search Engine Faster at TenthOfMarch.com, but I guess I just need to check some more resources regarding this, because it sounds interesting.
Lastly, there are those that are short and sweet. These are the deadliest because you know they are spams but you wish there were not.
your blog is so important. you are the new media. keep it up….
*sigh*
Why no one ever compliment me like that?
Stumble it!
Share it!
Subscribe to my feed
Wordpress 2.2.1 was released late June but I’ve only upgraded it on this blog in less than a week ago. I guess I should have waited a while more because Wordpress 2.2.2 was just released one or two days ago.
*Sigh*
I’ll be upgrading both my blogs to the latest version soon. Download the latest version here.
Stumble it!
Share it!
Subscribe to my feed
Recent Comments