Traenk mulls over his ethical hacking job and remote access technologies. Does user convenience make unseen threats more real?
Make my professional life easier. Make it easier to hack your
access. Over the next few blogs, I'm going to outline how new
developments can make it easier to access your applications, your information, possibly your bank account.
Consider those browsers that sync all your bookmarks and favorites
and other browser bits to a common repository. Go to a new machine, and
whammo! You're now getting all your stuff, including cached passwords
and bookmarks and favorites and top websites visited and cookies and what else???
Nice world. Nice for me. If hackers can impersonate you, if your password can be guessed, what
goodies get loaded to their browsers maybe? I mentioned browser cached
passwords, right? Those cached passwords may feature access to a website that has your credit card recorded, chambered and ready to fire,
right? And if you've shipped gifts to friends and relatives, how
quickly can some hacker order goods, authorize their shipment to your friend
(who isn't expecting anything from you), and then exploit the race condition by
grabbing the goods, when no one is looking, without anyone the wiser?
What else, what else can happen? Poorly designed websites sometimes put the ID and Password into the URL. That means by clicking the bookmark, well, that bookmark logs the person in automatically, with you and your credit information available to the hacker. All because someone guessed your browser synchronization password.
I just passed the exam for the SANS GWAPT, so a lot of new
information is bouncing around in my brain. Overall, anything that will
centralize your security and account and usage info into a central
repository--that's a Snowden-esque nightmare, maybe? It's certainly an
What do you think? Are browser synchronization technologies reasonably secure?jt, GPEN & now GWAPT