Hacker proves password theft is easy
By Tom Brewster,
Anyone can easily get online and steal passwords - and it will not cost them much either.
This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.
During the hack, he set up his own wireless hotspot, which he simply called BT Openzone.
As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.
When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.
“That’s how easy it is, it is instant,” said Hart.
“People believe passwords are secure, but if someone has got your password you won’t know about it.”
There are various other methods people can use to acquire passwords, from searching for them with simple Google algorithms to using paid-for services run by groups such as the Slick Hackers Group, the security expert explained.
He claimed the solution to the problem was two-factor authentication, where two independent forms of identification are required in conjunction to allow user access.
“There should be no reason why internet service providers shouldn’t be supplying everyone with two-factor authentication,” Hart added, noting Virgin Media had committed to offering such services with the help of CRYPTOCard.
He also sought to dispel the myth that using complex passwords will protect user accounts from hackers. Cyber criminal's methods for stealing passwords render length and variation in characters, letters and numbers meaningless, Hart said.
"Obviously people need to not have a password that is 'password'," he added.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Protect data before hackers get their hands on it
Whilst it is concerning to hear how easy it is for hackers to obtain private information, it is also worth bearing in mind that that solutions are available to prevent the lifting of said information. MSC and SentryBay offer a service whereby the data is encrypted at the kernal level, long before it reaches the ISP. This level of encryption assures that even if a questionable wireless connection is used, the password information can not be deciphered. For more, read here: http://www.msc247.com/protect.html
By MSC_247 on Wednesday Nov 3