Showing posts with label Wireshark. Show all posts
Showing posts with label Wireshark. Show all posts

Tuesday, 18 December 2012

Privacy Risk on new ebay.com.au website First and Last Name in Cleartext

The new ebay.com.au website has been released with much fanfare but the creaters of the website have now decided to embed the users first name and last name on most pages visited.  The test is delivered under plain http and can easily be captured over the air or wire using Wireshark.

Steps to replicate:
  1. Login to ebay.com.au with correct credentials
  2. Navigate to he home page
  3. Hover the mouse to the top left hand corner under the "G'Day <First Name>"
  4. Be greeted with a hover over panel with <First Name> <Last Name> in plain sight.

Conducting a Wireshark trace illustrates the issue.  A sting search in packet details for GH_alertData will display the first / last name.



Why is this bad:
Potentially a hacker can gain easy access to your first, last name and ebay id and use this info to produce a phishing email or collect this data for further attacks.

Where can this happen:
The most likely place for this to happen is over an unencrypted wireless network, i.e at the airport or the cafe.  Wired networks are also vulnerable.

What can ebay do:
Secure their website by using the https protocol for the entire website.

What else sucks:
On a internet connection that can stall, i.e 3G/wifi, the hover function can time out and throw up the message, "We're sorry, there was a problem retrieving this information".  Now the user can easily log out without refreshing the page.
Sidejack friendly...




WindyCityTech Blogger
WindyWindyCityTech Wordpress
Posted by at No comments:
Labels: , , , , , , , , , ,

Saturday, 26 March 2011

Wireshark No Interfaces, sudo permissions how to fix!



When I open Wireshark in Ubuntu, there are no interfaces.  That is because Wireshark needs to be run with sudo permissions to access the interfaces.  It is not a good idea to run Wireshark from sudo as there are 30K lines of code running with full admin permissions and it will warn you about it as well.

Below is the preferred way.

sudo su
groupadd wireshark
usermod -a -G wireshark stretch
newgrp wireshark
chgrp wireshark /usr/bin/dumpcap
chmod 750 /usr/bin/dumpcap
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

If setcap does not exist then:
sudo apt-get install libcap2-bin

check to see if sucessful
getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip

logout and log back in!
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)