Live hack proves password theft is easy

By

Fake hotspot snares users.

Anyone can easily get online and steal passwords - and it will not cost them much either.

Live hack proves password theft is easy

This was the message during a live hack coordinated yesterday by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.

During the hack, he set up his own wireless hotspot, which he simply called BT Openzone.

As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.

When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.

“That’s how easy it is, it is instant,” said Hart.

“People believe passwords are secure, but if someone has got your password you won’t know about it.”

There are various other methods people can use to acquire passwords, from searching for them with simple Google algorithms to using paid-for services run by groups such as the Slick Hackers Group, the security expert explained.

He claimed the solution to the problem was two-factor authentication, where two independent forms of identification are required in conjunction to allow user access.

“There should be no reason why internet service providers shouldn’t be supplying everyone with two-factor authentication,” Hart claimed.

He also sought to dispel the myth that using complex passwords will protect user accounts from hackers. Cyber criminal's methods for stealing passwords render length and variation in characters, letters and numbers meaningless, Hart said.

"Obviously people need to not have a password that is 'password'," he added.

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?