|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Look At All Of These Passwords!(Click here to view the original thread with full colors/images)Posted by: office politics [url=http://blogs.ittoolbox.com/security/investigator/archives/look-at-all-of-these-passwords-11240]Look At All Of These Passwords![/url] Posted 8/21/2006 by SecurityMonkey (Information Security Investigator) If you use any number of popular web forums or even some commercial services like classmates.com, amazon.com, netzero.com or your provider's webmail service, you may not be aware that you're sending your credentials over the internet in the clear. Some sites appear to secure your credentials, but they really don't. Some offer SSL sign-ins, but don't make them the default. Others don't even make an attempt to use proper SSL encryption or any attempt to obscure the credentials. Remember the wall of sheep from DefCon? All of those people that kept logging into net resources assuming that nobody was listening? They were wrong! Let's look at a couple of great examples of sites that have really awful security design, and see exactly how easy it is to steal credentials if you have access to the wire. These were obtained using nothing more than a linux laptop, a cable modem, ettercap (running ARP spoof and MiM gateway) and a bit of coffee. **follow link for the rest vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |