Stealing Passwords

I’m giving a workshop next week in Utah titled “Setting up Wireless Access in Your Library” and of course, one of the topics covered will be security issues. In preparation I’m playing with some very interesting software including Ethereal. To keep it non-technical, Ethereal allows anyone to sniff, trap, and save network data, including data being transmitted over the air via WiFi connections. As a test, I connected to an open WiFi access point, started a capture, and logged into my flickr account. I then stopped the capture and saved 2.25MB worth of data (about 45 seconds worth of surfing). Look what I found when I searched the data for the word “password”:

Password stealing

I’ve obscured my password for obvious reasons but I’m sure you still get the point. So, who wants to log into their bank account from a Starbucks?

3 Replies to “Stealing Passwords”

  1. From an HTTPS page? If so, that’s pretty shocking. If not–if a bank or anyone else is using an unsecured page for an important password–that’s a different problem.

    Not that I’d log into any financial account from anything but my own secure net anyway, but…

  2. do you know if this kind of security risk still exists? I am in cambodia now and using unsecure internet cafe wifi. Should I worry?

Leave a Reply

Your email address will not be published. Required fields are marked *