February 2010
February: Hackers & Attackers - Aurora, Haiti & IE  
SpartanTec, Inc.
How Wi-Fi Attackers Poison Browsers
by Ellen Messmer, Network World

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

Black Hat's most notorious incidents: A quiz

He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.

"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," the user's Wi-Fi-enabled device.

Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.

"Once the cache is poisoned, it's going to stay there," Kershaw said. This means that an attacker can intercede to "poison the URL" of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a "shim" that could "ship your internal pages off to a remote server once you're in a VPN."

The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. "Who knows how to clear the browser cache in an iPhone?" he asked.

Kershaw acknowledged he doesn't know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he'd advise corporate security professionals to try to "forbid users from taking laptops onto open networks," though he admitted, "Your users may lynch you." He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.

This story, "How Wi-Fi attackers are poisoning Web browsers," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

For more information about enterprise networking, go to NetworkWorld. Story copyright 2010 Network World Inc. All rights reserved.
 PRINTER FRIENDLY VERSION
Learn More
home
Learn More
Request a Meeting
Tell a Friend
About Us

We Guard Your Assets!
http://www.SpartanTec.com

SpartanTec, Inc. provides IT security solutions across all industries, including Educational, State Government and Commercial organizations.

We welcome your inquires. Contact us via:
Product News
Websense Introduces First Real-Time Security Application for Facebook

Websense delivers Defensio 2.0, the first real-time threat detection system for the social Web

Organizations and individuals alike are adopting blogging platforms, social Web sites like Facebook and Twitter, and other Web 2.0 technologies at a rapid pace. In fact 59 percent of all U.S. Internet users now use social networks, 70 percent consume content on social media and social networking sites and 46 percent of Fortune 100 companies have an official company presence on Facebook today.

Unfortunately, the social nature of Web 2.0 also causes security risks to spread swiftly and claim many victims. The chairman of the Federal Communications Commission himself fell victim and accidentally spammed his friends on Facebook after mistakenly clicking on a bad link.

Today, Websense® is helping organizations and individuals protect their blogs, Facebook pages and other Web 2.0 sites through the delivery of Defensio™ 2.0, a threat detection system for the social Web that analyzes and classifies user-generated content in real-time as it is posted to blogs and Facebook pages, to protect visitors from being exposed to malicious links and spam.

Individuals and organizations with Facebook pages can visit www.defensio.com to download the free Defensio security application for Facebook. It runs on the Facebook page in real-time, scanning and analyzing content posted to the page – including wall posts, comments, third-party applications and links – to look for security threats and spam. If a threat is identified, the Defensio application alerts the Facebook page owner so they may remove it and prevent their online friends and fans from being exposed to the risk.

Whereas other security applications are designed to help clean a users’ computer after it has been infected, the Defensio application from Websense is the first proactive security measure that helps prevent users from ever being exposed to the threat in the first place.

Protect your Facebook page today by visiting www.defensio.com.  


Powered by IMN