Ethical Hacking: Hacking GMail. Teaching Hacking.

Slides:



Advertisements
Similar presentations
Accessing Public Wi-Fi: Security Issues Sankar Roy Department of Computing and Information Sciences Kansas State University.
Advertisements

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
How to Steal Passwords: SSLstrip, LNK Attack, Cross-Site Request Forgery & Scary SSL Attacks Sam Bowne.
Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Network Attacks Mark Shtern.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Online Security Tuesday April 8, 2003 Maxence Crossley.
ASP Cookies Y.-H. Chen International College Ming-Chuan University Fall, 2004.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
1 Enabling Secure Internet Access with ISA Server.
Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Unit 19 INTERNET SECURITY
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Robust Defenses for Cross-Site Request Forgery CS6V Presented by Saravana M Subramanian.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Basics. 2 Professional Development Centre Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services.
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
Types of Electronic Infection
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
E-Detective HTTPS/SSL Interception – MITM & Proxy Decision Group
The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.
Click your mouse to continue. Connecting to the Internet To connect to the Internet, your computer must have: A Web browser, such as Microsoft Internet.
CHAPTER 9 Sniffing.
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
Advanced Strategies Supplemental Training Disclaimer No Guarantee That These Strategies Will Work For You Since we do not know your personal capabilities.
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
science/internet-intro
Trouble-shooting Tips Georgia Bulldogs I can receive, but not send messages  If you can successfully receive messages, but can’t send messages,
Firewalls Fighting Spyware, Viruses, and Malware Ch 5.
Adding and Modifying Accounts in Microsoft ® Outlook Express ™, and modifying connection settings in Microsoft ® Internet Explorer ™.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Security Operations Chapter 11 Part 3 Pages 1279 to 1309.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Teaching Security of Internet of Things in Using RaspberryPi Oliver Nichols, Li Yang University of Tennessee at Chattanooga Xiaohong Yuan North Carolina.
Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.
Accessing the Intranet
IT Security  .
Ethical Hacking: Hacking GMail
How And The Internet Work
Yahoo Support Ireland Toll-Free Number:
7 Steps to Set Up AT&T on MS Outlook | Customer Support Number
Configuring Internet-related services
Access eJournals Form Your Home
Presentation transcript:

Ethical Hacking: Hacking GMail

Teaching Hacking

3 What do Hackers Do? Get into computer systems without valid accounts and passwords Get into computer systems without valid accounts and passwords Open encrypted files without the key Open encrypted files without the key Take over Web servers Take over Web servers Collect passwords from Internet traffic Collect passwords from Internet traffic Take over computers with remote access trojans Take over computers with remote access trojans And much, much more And much, much more

4 Ethical Hackers Ethical Hackers do the same thing criminal hackers do, with one difference Ethical Hackers do the same thing criminal hackers do, with one difference Ethical Hackers have permission from the owner of the machines to hack in Ethical Hackers have permission from the owner of the machines to hack in These "Penetration Tests" reveal security problems so they can be fixed These "Penetration Tests" reveal security problems so they can be fixed

5 Two Hacking Classes CNIT 123: Ethical Hacking and Network Defense Has been taught since Spring 2007 (four times) Face-to-face and Online sections available Fall 2008 CNIT 124: Advanced Ethical Hacking Taught for the first time in Spring 2008

6 Certificate in Network Security

7 Associate of Science Degree

8 Student Agreement Required for every student in CNIT 123: Ethical Hacking and Network Defense or CNIT 124: Advanced Ethical Hacking Required for every student in CNIT 123: Ethical Hacking and Network Defense or CNIT 124: Advanced Ethical Hacking

Sniffing Plaintext Passwords

10 Insecure Login Pages HTTP does not encrypt data HTTP does not encrypt data Always look for HTTPS on login pages Always look for HTTPS on login pages

11 Tool: Cain Click NIC icon to start sniffer Click NIC icon to start sniffer Click Sniffer tab, Password tab on bottom Click Sniffer tab, Password tab on bottom From From

Authentication Cookies

13 GMail Uses HTTPS Sniffing for passwords won't work Sniffing for passwords won't work Most Web mail services now use HTTPS too Most Web mail services now use HTTPS too

14 Cookies Thousands of people are using Gmail all the time Thousands of people are using Gmail all the time How can the server know who you are? How can the server know who you are? It puts a cookie on your machine that identifies you It puts a cookie on your machine that identifies you

15 Gmail's Cookies Gmail identifies you with these cookies Gmail identifies you with these cookies In Firefox, Tools, Options, Privacy, Show Cookies In Firefox, Tools, Options, Privacy, Show Cookies

Cross-Site Request Forgery (XSRF)

17 Web-based Router Target Using Attacker Sniffing Traffic To Internet

18 Cross-Site Request Forgery (XSRF) Gmail sends the password through a secure HTTPS connection Gmail sends the password through a secure HTTPS connection That cannot be captured by the attacker That cannot be captured by the attacker But the cookie identifying the user is sent in the clear—with HTTP But the cookie identifying the user is sent in the clear—with HTTP That can easily be captured by the attacker That can easily be captured by the attacker The attacker gets into your account without learning your password The attacker gets into your account without learning your password

19 Demonstration

20 XSRF Countermeasure Use instead of Use instead of No other mail service has this option at all, as far as I know No other mail service has this option at all, as far as I know

21 References Cain Cain Hamster Hamster king-with-hamster_05.html king-with-hamster_05.html

22 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information Technology City College San Francisco City College San Francisco Web: samsclass.info Web: samsclass.info Last modified Last modified

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.