This sounds bad.

Oct. 27th, 2010 01:28 pm
Tags:
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2010-10-28 06:59 am (UTC)
pne: A picture of a plush toy, halfway between a duck and a platypus, with a green body and a yellow bill and feet. (Default)
From: [personal profile] pne
I'd replace "(wireless)" with "(usually wireless)" or something like that - the attack would work equally well in, say, a company where there are lots of people on the local LAN.

(Or, theoretically, at home, but there LANs usually only connect a single-figure number of computers, typically under the control of people you know and have some level of trust with.)

Ditto on the "this isn't new in principle, it just got easier and more idiot-proof (script-kiddie enabled)", though.

Date: 2010-10-27 05:55 pm (UTC)
From: [identity profile] silver-chipmunk.livejournal.com
Holy crap! Thanks for posting this!

Date: 2010-10-27 06:20 pm (UTC)
From: [identity profile] prezzey.livejournal.com
In practice IMO it's only dangerous if you are on an open wifi network (or a LAN where you do not trust all the computers physically connected to the network - I've been in that situation) and you transmit sensitive information unencrypted. Which is something you should not do, anyway. There are people who run open wifi networks only to capture the data of people using their hotspot.

This thing just grabs cookies but there are tools which grab everything and you can cherry-pick. I think the key attraction here is that this piece of software does not require much by way of technical expertise.

Date: 2010-10-27 07:02 pm (UTC)
From: [identity profile] dandelion.livejournal.com
It doesn't sound all that different to ordinary cookie-grabbing on sites like Neopets. The only scary part is it can now be done by people with very little technical knowledge (which widens the field of potential abusers significantly).

Date: 2010-10-27 07:34 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
"ordinary cookie-grabbing on sites like Neopets"?

Date: 2010-10-27 07:35 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
See my post if you haven't.

Date: 2010-10-27 07:56 pm (UTC)
conuly: (Default)
From: [personal profile] conuly
We know each other from a Neopets-related board. CG-ing is epidemic there.

Date: 2010-10-27 09:03 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
Yes, but how is the CGing done? Do you guys have a convenient App For That?

Date: 2010-10-27 09:43 pm (UTC)
From: [identity profile] dandelion.livejournal.com
No, hence why it's limited to people with some technical experience; it's done by inserting fairly freely-available Javascript into user-editable areas. Each time it's happened, more of the areas have been sanitised but people are quite creative.

Date: 2010-10-27 09:53 pm (UTC)
siderea: (Default)
From: [personal profile] siderea
Ah! The technical term for that is a "Cross-site Scripting Attack", or XSS for short. LJ has had it's own problems with those.

Date: 2010-10-28 08:15 am (UTC)
ext_78: A picture of a plush animal. It looks a bit like a cross between a duck and a platypus. (Default)
From: [identity profile] pne.livejournal.com
The only scary part is it can now be done by people with very little technical knowledge

This.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

conuly: (Default)
conuly

December 2025

S M T W T F S
  1 2 3 4 5 6
78 9 10 11 12 13
14 15 16 17 18 19 20
21 222324 25 26 27
28 29 3031   

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags

No cut tags
Page generated Dec. 30th, 2025 10:21 pm
Powered by Dreamwidth Studios