Trang chủ > Hacker - Xâm Nhập, Kỹ Thuật Xâm Nhập > Gmail Hacking Tool – A New Way to Hack Gmail

Gmail Hacking Tool – A New Way to Hack Gmail

Bài  này được thuyết trình tại conference ở  Las Vegas. Các bạn quan tâm đến mục hacking có lẽ không quên cũng tại hội thảo này 1 phóng viên bị phát hiện thế nào

“Một nữ phóng viên đài NBC (Mỹ) đã bị biến thành trò cười sau khi cô giả vờ là chuyên gia lập trình hòng thâm nhập vào đại hội DefCon để ghi lại “những hành vi bất hợp pháp” của giới tin tặc nhưng sớm bị bại lộ.” [Vnexpress]


Gmail Hacking Tool – A New Way to Hack Gmail

(Sẽ đăng video và slide cho các bạn sau)

A new Gmail hacking tool that is capable of automatically stealing the Gmail IDs of non-encrypted sessions and breaking into Gmail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed this Gmail hacking tool is planning to release the tool in two weeks.

When you log in to Gmail account the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually click the sign out button. When you click sign out this cookie is cleared.Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done.

According to Google this behavior was chosen because of low-bandwidth users, as SLL connections requires high bandwidth.The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for a hacker to sniff the traffic on the network to insert an image served from and force your browser to send the cookie file, thus getting your session ID. The new Gmail hacking tool is capable of doing this. Once this happens the hacker can log into the account without the need of a password. People checking their e-mail from public wireless hotspots are more likely to get hacked than the ones using secure wired networks.

Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.

“If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Nguồn DefCon

Cập nhật và chỉnh sửa  alexbtp

  1. Tháng Sáu 13, 2013 lúc 5:29 sáng

    Hello! I just wanted to ask if you ever have any problems
    with hackers? My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due to no backup.
    Do you have any solutions to stop hackers?

  2. Tháng Bảy 27, 2013 lúc 10:35 sáng

    If you find it a bit maddening to follow the daily
    fluctuations of the scale even though you are eating properly, pick three
    days of the week on which you will always weigh yourself
    (for example, Monday, Wednesday, and Friday). It’s old news
    that tracking food intake could lead to losing a few pounds [2].
    Then leave it a while until your tummy lets you know that you’re hungry again before opting for a healthy snack.

  1. No trackbacks yet.

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập: Logo

Bạn đang bình luận bằng tài khoản Đăng xuất / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Đăng xuất / Thay đổi )

Connecting to %s

%d bloggers like this: