Home > Blogs > Please make my job easier

Please make my job easier

Traenk mulls over his ethical hacking job and remote access technologies. Does user convenience make unseen threats more real?

Make my professional life easier.  Make it easier to hack your access.  Over the next few blogs, I'm going to outline how new developments can make it easier to access your applications, your information, possibly your bank account.

Consider those browsers that sync all your bookmarks and favorites and other browser bits to a common repository.  Go to a new machine, and whammo!  You're now getting all your stuff, including cached passwords and bookmarks and favorites and top websites visited and cookies and what else???

Nice world.  Nice for me.  If hackers can impersonate you, if your password can be guessed, what goodies get loaded to their browsers maybe?  I mentioned browser cached passwords, right?  Those cached passwords may feature access to a website that has your credit card recorded, chambered and ready to fire, right?  And if you've shipped gifts to friends and relatives, how quickly can some hacker order goods, authorize their shipment to your friend (who isn't expecting anything from you), and then exploit the race condition by grabbing the goods, when no one is looking, without anyone the wiser? 

What else, what else can happen?  Poorly designed websites sometimes put the ID and Password into the URL.  That means by clicking the bookmark, well, that bookmark logs the person in automatically, with you and your credit information available to the hacker.  All because someone guessed your browser synchronization password.

I just passed the exam for the SANS GWAPT, so a lot of new information is bouncing around in my brain.  Overall, anything that will centralize your security and account and usage info into a central repository--that's a Snowden-esque nightmare, maybe?  It's certainly an attractive target.

What do you think?  Are browser synchronization technologies reasonably secure?

jt, GPEN & now GWAPT

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.

Other Things You Might Like

Data Breaches: Crisis and Opportunity

Data Breaches: Crisis and Opportunity