Thursday, March 1, 2012

The Mobile Cuckoo

After reading The Cuckoo's Egg I came across an article stating that 99% of NASA's portable devices are unsecured. The reason why is that mobile devices have certain security features turned off, such as preventing cross-domain requests. Modern browsers have the ability to send cross-domain requests, but this option is turned off by default. The reason? A user can load a page that looks valid but is used by a hacker to send requests to desired server to get sensitive data and information. In The Cuckoo's Egg, a hacker was able to access government computers by guessing common username and passwords. This can also be done with cross-domain requests, guessing HTTP GET and POST queries on a cross-domain request. Finding the right query, a hacker would be able to access a user's information from his own server using a cross-domain request. In browsers to make this possible the hacker would have to hack into the server, put a page on the server to make it a domain-request, and then get the user to that page. If you are a hacker use a mobile device, it's a lot easier.


Posted by on Thursday, March 01, 2012
Labels:

2 comments:

  1. csuresawMarch 11, 2012 at 12:51 PM

    That's interesting. Though, it is not surprising that using a mobile device is less secure. So the lesson to be learned is be careful when accessing private information when using mobile devices.

    ReplyDelete
  2. ParkerMarch 12, 2012 at 7:06 PM

    The same could be said for connecting to an unsecured internet router, such as public wi-fi at restaurants and airports. Many people don't realize that sending and receiving sensitive data over these public routers is potentially dangerous.

    ReplyDelete

Subscribe to: Post Comments (Atom)