Now that the election is behind us, the discussion has turned to potential involvement by foreign governments and whether they had their hand in altering the course of US democracy by tampering with the integrity of our election systems. The CIA has all but admitted that there was definite Russian interference aimed at tilting our election. Continue reading “How to Hack an Election”
Ever get a friend request from someone you don’t know and have never met before? More often than not, these accounts are created by criminals looking to harvest your personal information, or scam you in some other fashion.
It typically starts when you receive a friend request from someone you don’t know. And you have no mutual friends in common:
Continue reading “How to Spot a Fake Facebook Account”
It’s been over 3 weeks since Firesheep was released, and yet still there seem to be so many misconceptions about this particular vulnerability. The most prevalent of these misconceptions is that HTTP Session Hijacking, also known as “sidejacking” is something which is limited to only wireless networks. And this belief is not limited to just session hijacking attacks. Somewhere along the way a myth was propagated that wired switched networks are somehow impervious to attacks like these and other similar types of attacks because of the use of collision domains and the inability of an attacker to have unfettered access to the Layer 2 medium. As I mentioned in my previous article on the Misconceptions About Sidejacking with Firesheep, attacks like these and others are not relegated to strictly wireless networks, and in fact there are many so-called Man-in-the-Middle (MITM) attacks which can be performed on a switched wired network to compromise the imaginary security of a Layer 2 collision domain.
Continue reading “Man in the Middle (MITM) Attacks Explained: ARP Poisoining”
Unless you’ve been hiding under a rock for the past few days, you are probably well aware of the recent activity around a new Firefox extension developed by a pair of researchers that brings the issue of session hijacking front and center. The duo behind this extension, Eric Butler and Ian “craSH” Gallagher, developed the software in order to demonstrate the vulnerabilities inherent in many web sites that don’t fully implement encryption. The browser extension, dubbed “Firesheep“, essentially enables an attacker to grab other people’s credentials and use them to gain access to various web sites.
Continue reading “The Misconceptions of Sidejacking with Firesheep”