Gawker: valleywag, defcon

How not to get your Gmail hacked

Alaska Miller — Wed, 20 Aug 2008 14:40:00 EDT

Last time someone came out with a Gmail exploit, it was possible to completely hijack your account with just email filters. This time around, hackers found a way to break into your account via "session" cookies. Mike Perry — a reverse-engineering specialist in San Francisco — is debuting a tool at Defcon that can sniff out the browser's cookies during your session of email crunching. When you click on links from inside email messages, website operators can use that Gmail cookie and be able to find out your account information and password.

To combat this problem, Google released a new feature for Gmail that lets users login and use Secure Sockets Layer (SSL), but it's not automatic. Here's how to set it up:

Log in to Gmail and click "Settings."
In the General tab scroll down to "Browser connection."
Make sure "Always use https" is selected and save changes.

Seems kind of odd that Google wouldn't set this up automatically but, hey, at least you can access your email — unlike those Apple dorks, right?

MIT students free to talk about bugs in Boston bus system

Paul Boutin — Tue, 19 Aug 2008 18:00:00 EDT

Three MIT students who'd been blocked by a judge from presenting their findings on "vulnerabilities in Boston's transit fare payment system" at this month's Defcon security conference are free to speak starting Friday. A U.S. District Court judge refused to extend the 10-day gag order issued against Zack Anderson (pictured), RJ Ryan, and Alessandro Chiesa just before the conference. The Massachusetts Bay Transportation Authority had asked for a five-month restraining order to allow time to fix the vulnerabilities. San Francisco's Electronic Frontier Foundation represented the students. (Photo by Zack Anderson)

MIT brats' free-bus scheme blocked by judge

Paul Boutin — Mon, 11 Aug 2008 14:20:00 EDT

You can fill this blank in yourself: Three students from the Massachusetts Institute of Technology were scheduled to present an analysis of "vulnerabilities in Boston's transit fare payment system" at the Defcon security conferences in Vegas. They were stopped at the last minute after the Massachusetts Bay Transit Authority sued them for allegedly violating the Computer Fraud and Abuse Act. The Electronic Frontier Foundation has chosen to represent the students. That's great news, if only because it involves the EFF standing up for something besides BitTorrent.

Hackers turn table on Dateline NBC reporter

Owen Thomas — Sat, 04 Aug 2007 15:40:03 EDT

It's called "social engineering" — the art of getting into a system by manipulating humans rather than machines. Hackers, of course, are famous masters of the art. But no one told Dateline NBC associate producer Michelle Madigan that. Engaging in some botched social engineering of her own, Madigan tried to sneak into Defcon 15, the annual gathering now underway in Las Vegas where hackers, Feds, and security experts gather, goodnaturedly, to swap tricks of the trade. Madigan, clearly, did absolutely no research before venturing into the lion's den. She had no idea who she was up against. No idea.

After Defcon organizers got wind of her ruse, they offered her a chance to register for a press pass and cover the conference openly. She refused — four times! — but, amazingly, still didn't understand that the jig was up. She was then lured into a conference hall and outed, on tape. Pursued by a pack of hackers and reporters with cameras of their own, she's captured in this YouTube clip fleeing the scene as she whimpers into a cell phone. "They're making fun of me and they're taking pictures!" was one pursuer's taunt. Cruel? A bit. But was Madigan planning to do anything different to the hackers she hoped to surreptitiously film?