Skip to main content

Hackers bite into "cookies" to plunder user data from websites

Hackers and computer security specialists gathered in Las Vegas on Friday took aim at popular social networking websites, exposing ways to plunder data from software "cookies" used to track users. Revelations made at an international gathering of hackers dubbed DefCon come as Internet rivals Google, Microsoft, and Ask acquire firms that rely on cookies to better target money-making online ads. "Websites could easily fix the problem by encrypting cookies," Errata Security chief executive Robert Graham told AFP.

US college student Rick Deacon arrived at DefCon on Friday ready to demonstrate how to use trickery and software skills to steal enough information from MySpace users' cookies to commandeer their profile pages.

"You can become them on MySpace; basically hijack accounts left and right," Deacon told AFP.

The attack relies on duping MySpace users into clicking on a rigged link, perhaps in an online forum or bulletin board that routes them to a file that steals passwords and other information from their cookies.

"I've never seen it fail," Deacon said. "I become you on MySpace."

Hackers can use commandeered profiles as springboards for more attacks or to infect users' computers with viruses, according to Deacon.

"I could rip through your computer as easily as I stole your cookie."

The "hole" in defense is not limited to MySpace, according to Deacon, who listed Facebook and Google as vulnerable to the attacks.

Social networking websites are prime targets, Deacon said.

"MySpace takes the safety and security of its community incredibly seriously and we have a dedicated rapid response team working 24/7 to address any security issues," MySpace said in a written response to an AFP inquiry.

Graham counters that MySpace is "not going full bore" to block the attacks, which could be "weaponized" to infect computers with malicious code.

Hackers that don't want to trick users into clicking on booby-trapped links to raid cookies can do it remotely at "hot spots" where people wirelessly connect to the Internet, said Graham.

"If you are at any old Wi-Fi hot spot, like a Starbuck's or airport, a hacker can sit next to you and get the cookies you are sending back and forth on the Internet," Graham said.

"It's insanely easy. As far as I can tell, it affects every website."

Graham demonstrated the Wi-Fi hack at a Black Hat conference for computer security professionals in Las Vegas this week, breaking into a web-based e-mail account and sifting through the person's messages.

"There is so much information in your e-mail or social networking account," Graham said. "If I'm stalking you, I can go to your Google Maps cookie and probably find out where you live."

Free public Wi-Fi systems such as the one Google built in its California home town and is working on in San Francisco should feature encryption to protect users, Graham argues.

"I would never use public Wi-Fi," Graham said."Not on your life."

Popular posts from this blog

Using Latitude and Longitude with Google Maps

Whether you want to quickly add a waypoint to your GPS, or view a map of a known location, it can often be convenient to use real latitude and longitude values with Google Maps instead of dealing with street addresses.

Rerieving a map for a lat/lon value is simple enough with Google Maps. You can simply enter the decimal latitude and longitude into the search form instead of a street address.However, if you're viewing a map and you want to retrieve the lat/lon location, there unfortunately isn't a convenient "get latitude and longitude" button. Google Maps deals with latitude and longitude locations internally, though, so with this little snippet of javascript, you can easily get the job done: javascript:void(prompt('',gApplication.getMap().getCenter()) This will return the coordinates of the map's center point. You might want to double-click a position on the map before running the above code. Doing so will reposition that point to the center of the map …

310+ Essential readings, tools and Resources for Bloggers

I was looking for them and then I found them at Problogger, mashable and others from Matt Huggins. While some of you might be aware of some of them, for others it may be a new world. But then these tips help everyone.

Essential Readings

Can You Make a Living Blogging? (Graywolf SEO)Five Beginner’s Blogging Tips (John Chow)The First 7 Days of Blogging (Pronet Advertising)Put on Your Game Face (Pronet Advertising)How to “Announce” a Blog (Blog Traffic School)How to Use Social News Aggregators as a Source for Content Ideas (Dosh Dosh)5 Ways to Building a Better Blog (Pronet Advertising)Bring Your A-game to Write for Blogs (Freelance Switch)What Are You Learning from Leading Edge SEO Bloggers? (Graywolf SEO)How Great Headlines Score Traffic (Copyblogger)10 Sure-Fire Headline Formulas that Work (Copyblogger)Declaring War on Blogger Apathy (ProBlogger)How to Market Your Blog in 2007 (ProBlogger)21 Tactics to Increase Blog Traffic (SEOmoz)Five Steps to a Truly Unique Blog That Attracts Reader…

Social Bookmarking Widget for Blogger

On a social bookmarking system or network, users store lists of Internet resources that they find useful. These lists can be accessible to the public by users of a specific network or website. Other users with similar interests can view the links by topic, category, tags, or even randomly. Other than web page bookmarks, services specialized to a specific subject or format - feeds, books, videos, shopping items, map locations, wineries, etc. - can be found.

The biggest way of increasing traffic to small blogs is Social networking. As such social bookmarking becomes very essential for small blogs such as ours. With that said, it is very important to provide the readers with a very easy way to bookmark the articles they find useful. As you may have seen till yesterday, this blog used Addthis social bookmarking tool which the most of bloggers at blogspot use. But it needs an extra click as compared to thesocial bookmarking widget of blogs and hence comes this article to the …