Just been watching this, part of last night’s Watchdog episode.
It talks about wireless hotspots being open to abuse by a skilled hacker. Well dur yeah!
This sparked an interesting discussion here and I wanted to write it down.
First of all, he ain’t getting usernames and passwords.
From what we can tell he’s simply sniffing the UNENCRYPTED wireless traffic and pulling out web cookies and session details.
He hasn’t hacked into anyones computer or stolen usernames or passwords.
By using your web cookie or session details I could browse xyz site as you, but I can’t fake logging in, or even ‘replay’ your logging in data to get in at a different time. I could only use your currently open session. Thats why he has to ‘freeze’ the session, as logging out would invalidate the cookies/sessions he’s nabbed.
Further it should be pointed out that this issue with with OPEN wireless hotspots. The wireless traffic from your machine to the wireless receiver is unencrypted and therefore at risk. On an encrypted wireless connection the data is encrypted… it still might be at risk if using WEP or course…
Rant over 