How to get a Hotmail password (VI): Sniffing

When connected to Internet, all data received and send is transmitted through some medium, be it a network cable, the air when you are using wireless or the telephone when using a modem. This medium is not always protected against eavesdropping, so if the data is transmitted without some kind of protection it can be seen by whoever is listening to it.

For example, in a typical network, like the one you can have at home or at work, it’s usually really easy to intercept all the communication. In the past, Ethernet LANS usually used hubs, a connector which retransmits the data to all computers attached to the network, so everyone could see all the data only by telling the network card to do it. In the present, hubs are quite rare and have been substituted by switches, which work in a similar way but don’t transmit the data to all computers, only to the destination one. But, some software exists which can be used to confuse the switch and make it behave like a hub, making it to transmit to everyone.

If using a wireless network it can be even easier to get this data, as the air is used to transmit it so everyone can read it. By switching our network card to a state called monitor mode all the signal received from the air can be recorded and analized.

We need to get some protection against this kind of attack and the best way to do it is to use Secure HTTP, a protocol which encrypts the data send and received in a way only the original server and the client can read it. We can recognise if we are using this kind of protocol by looking at the URL of the page, which should begin with https:// instead of the usual http://. For example, in Yahoo! Mail you can choose to use one of the two modes: Normal and Secure. Always choose Secure, especially if you are connecting from an unknown network, like in an Internet cafe or from work.

One thought on “How to get a Hotmail password (VI): Sniffing”

Comments are closed.