TidBITS: Sidejack Attack Jimmies Open Gmail, Other Services
Use a virtual private network (VPN). A VPN can encrypt all the data entering and leaving your machine, which prevents any local sniffer from gaining anything of utility, including tokens. Several services offer VPN "rentals," where you pay a monthly or yearly fee to have a tunnel from your computer to their servers, out in a network operation center far away from the network you're using. A couple of services are particularly Mac friendly: WiTopia.net's personalVPN ($39.99 per year for an SSL/TLS VPN) and publicVPN ($5.95 per month or $59.95 per year for an L2TP/IPsec VPN).
Wednesday, August 22, 2007
Tidbits has a long article on "sidejacking". It's a man-in-the-middle attack on non-encrypted hot spot transactions. Nothing new, but now the attacks are packaged. Basically, you need to pay for VPN services ...