Public networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.
Black Hat's most notorious incidents: A quiz
He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.
"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.
"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," the user's Wi-Fi-enabled device.
Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.
 | Seite: 1 | 2 |  |
| ||||
| ||||
| Informationsvorsprung sichern - CIO-Newsletter bestellen | |||
| |||
UMFRAGE
