Humphrey Cheung writes about Errata Security president Robert Graham’s point-and-click demonstration at Black Hat USA. Graham used a sniffer and ran Ferret to copy captured cookies (over wifi at the conference). He then cloned the cookies into his own browser and demonstrated the easy effect by showing someone else’s gmail account in his browser. (He also used the hijacked account to send a message to Cheung.)
Since the attack relies on sniffing traffic, using SSL or some type of encryption (like a VPN tunnel) would stop Graham in his tracks. However, many people browsing at public wireless hotspots don’t use such protections.
“You’re an idiot if you use T-Mobile hotspot,” said Graham.