Topic: Collaboration

DEFCON 2007 - Wall of Sheep (shame)

Summary: It's time to count sheep again and I don't mean the ones in your sleep. I'm talking about the ones on the Wi-Fi Hotspot that are using insecure protocols and getting their online accounts compromised.

By George Ou for Real World IT | August 6, 2007 -- 23:38 GMT (16:38 PDT)

It's time to count sheep again and I don't mean the ones in your sleep. I'm talking about the ones on the Wi-Fi Hotspot that are using insecure protocols and getting their online accounts compromised. What you're looking at below is the DEFCON 15 Wall of Sheep.

What do I mean by compromised? Usually that means username and passwords are being transmitted in the clear for anyone to see or it means your account can be hijacked such that an attacker can get in to your account anytime they want after they copy your online Web session. In the above screen shot, a VERY large number of Gmail accounts that failed to use secure HTTPS (https://mail.google.com) were hijacked. This is despite the fact that they logged in using HTTPS because Gmail by default automatically kicks you back in to HTTP mode.

The Wall of Sheep team hunts down the sheep in their command bunker

Robert Graham and David Maynor side-jacking sheep with Hamster

Learn how to protect your online privacy here.

Topics: Collaboration, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments

Log in or register to join the discussion

Not good

This sense of smug superiority can't end well. It's a useful service, but let's not forget they're compromising the easiest targets first and foremost. Let's keep our perspective, please.

...and yet another homage to Maynor? Wow. Just wow. I hear there were actually other security researchers at the event. Don't be too shy to introduce yourself.

GW Mahoney
7 August, 2007 02:33

Reply Vote
- They were just doing their job of sploitin'
  
  At least, I think that is what you are to do at DEFCON.
  
  nucrash
  7 August, 2007 05:09
  
  Reply Vote
- GMail, and millions will bennefit
  
  Whether they are smug or not, do you think Google hasn't already got a team working at making taking over Gmail accounts harder? I would not be surprised if HTTPS became the default soon and users will have no HTTP access soon.
  
  TripleII
  
  TripleII-21189418044173169409978279405827
  7 August, 2007 08:40
  
  Reply Vote
- Your obsession has to end
  
  Your obsession with Maynor bashing has to end. Besides, this wasn't a Maynor project. Hamster was a Robert Graham project and it's hardly the entire story here with just one little photo at the bottom of the page.
  
  georgeou
  7 August, 2007 09:08
  
  Reply Vote
  - We're still waiting
    
    You had promised us emails and exposes about how poor Maynor had been slimed by others.
    
    Robert Crocker
    8 August, 2007 08:43
    
    Reply Vote
    - That was released back in March
      
      http://blogs.zdnet.com/Ou/?p=451
      
      georgeou
      8 August, 2007 14:30
      
      Reply Vote
    - You may not agree
      
      And I don't agree either, but George did present his rationale ( http://blogs.zdnet.com/Ou/?p=451 ) and I give him credit for that.
      
      I didn't think Fox was out of line to publicize the fact that SecureWorks would not confirm the original claims. If someone drops a bomb that any MacBook can be remotely hijacked in 60 seconds, then they claim that their demonstration did not intend to make that claim - in other words, "we didn't say that" - *that* is a retraction. The fact is Maynor or SecureWorks should have confirmed or formally retracted their own assault, but they chose not to.
      
      Some people went too far, saying Maynor admitted to lying, which he clearly did not do. In the end, since it turned out to be a fraud, they were proved morally right, but it was still irresponsible reporting.
      
      I say fraud, because the best they could have had was something that was very hard to reproduce, which is not what was presented to Krebs. If fact, that private demo almost had to be rigged, since it worked the first time. However, since his incredible statements, "I didn?t feel the need to do the do the entire hijack", and "This is now a dead subject for me", we should assume the worst of the remaining unanswered questions, which is to say that after months of effort he could not reproduce it on a standard MacBook.
      
      George may not share my opinion that David is a disgraced researcher, but when I see him or his company being used as a primary source, it's always a jolt.
      
      GW Mahoney
      8 August, 2007 20:33
      
      Reply Vote
      - Again, this post has nothing to do with Maynor
        
        This is a Robert Graham project which he proved on stage and to me when he hijacked some Gmail accounts. The code is being released within a week.
        
        georgeou
        8 August, 2007 23:57
        
        Reply Vote
      - Already posted (link)
        
        I think this is it:
        
        http://www.erratasec.com/sidejacking.zip
        
        I wasn't doubting that Robert had done this. I was saying that it's already been done and he was just scripting it. Does this really count as security research?
        
        I encourage other programmers to comment. My perception is that anyone who's written a bot could do this in one sitting.
        
        GW Mahoney
        9 August, 2007 10:30
        
        Reply Vote
n3tw0rks4t4n

I have a hunch that this year, the Wall of Sheep crew are going to end up being the sheep. They will not be able to perform their network plain-text pass scouering duties, once we get ahold of their boxen. They won't know when or wherefrom it hit, nor will their weak distros be able to match our challenge =) here's to hell-acious hacking! n3tw0rks4t4n

b5981202
28 June, 2011 18:31

Reply Vote