Related Links: NLC | Contact | Blogroll | Feed |

 

"You Two! We're at the end of the universe, eh. Right at the edge of knowledge itself. And you're busy... blogging!"
— The Doctor, Utopia


Wednesday, November 22, 2006

Stealing Passwords

I'm giving a workshop next week in Utah titled "Setting up Wireless Access in Your Library" and of course, one of the topics covered will be security issues. In preparation I'm playing with some very interesting software including Ethereal. To keep it non-technical, Ethereal allows anyone to sniff, trap, and save network data, including data being transmitted over the air via WiFi connections. As a test, I connected to an open WiFi access point, started a capture, and logged into my flickr account. I then stopped the capture and saved 2.25MB worth of data (about 45 seconds worth of surfing). Look what I found when I searched the data for the word "password":

Password stealing

I've obscured my password for obvious reasons but I'm sure you still get the point. So, who wants to log into their bank account from a Starbucks?

Labels:

posted by Michael @ 3:50 PM

2 Comments:

At Wed Nov 22, 07:46:00 PM , waltc said...

From an HTTPS page? If so, that's pretty shocking. If not--if a bank or anyone else is using an unsecured page for an important password--that's a different problem.

Not that I'd log into any financial account from anything but my own secure net anyway, but...

 
At Wed Nov 22, 07:49:00 PM , Michael said...

The login page for us with old school flickr logins isn't secure: http://flickr.com/signin/flickr/

 

Post a Comment

<< Home