The talk at DefCon simply highlighted a well known vulnerability involved with sending session information via a cookie over unencrypted channels. As a result, gmail's security has been increased for those of us who want to take advantage. This is just another example of increased security as a direct result of hackers making a vulnerability public - or in this case driving the point home by making stealing someone's session credentials easy enough for a 6 year old. The middler is the name of the program written by Jay Beale. I will post on it at a later date perhaps.
Here is a good article detailing the problem.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment