{"id":226,"date":"2011-05-18T08:06:09","date_gmt":"2011-05-18T12:06:09","guid":{"rendered":"http:\/\/www.digitalundercurrents.com\/blog\/?p=226"},"modified":"2011-05-18T08:09:58","modified_gmt":"2011-05-18T12:09:58","slug":"google-authtoken-vilnerability","status":"publish","type":"post","link":"http:\/\/www.digitalundercurrents.com\/blog\/?p=226","title":{"rendered":"Google AuthToken Vulnerability"},"content":{"rendered":"<p>Remember Firesheep? The software plugin for Firefox that allowed users to take advantage of authentication tokens being transmitted in cleartext across a shared medium, like a wireless network?<\/p>\n<p>Apparently Google doesn&#8217;t.<\/p>\n<p><a href=\"http:\/\/www.uni-ulm.de\/en\/in\/mi\/staff\/koenings\/catching-authtokens.html\">Researchers at ULM have discovered a remarkably similar flaw<\/a> in the communication between Android smartphones and Google web services &#8211; if you&#8217;re updating your calendar or contacts from a public wifi hotspot, eavesdropping and impersonating attacks are trivial. (This includes the automatic synchronization that is on by default on most handsets) Apparently a patch is available; and if the history of Android is any indication, it might even be available to end users in a few months. Maybe.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remember Firesheep? The software plugin for Firefox that allowed users to take advantage of authentication tokens being transmitted in cleartext across a shared medium, like a wireless network? Apparently Google doesn&#8217;t. Researchers at ULM have discovered a remarkably similar flaw in the communication between Android smartphones and Google web services &#8211; if you&#8217;re updating your [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-226","post","type-post","status-publish","format-standard","hentry","category-smartphones"],"_links":{"self":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=226"}],"version-history":[{"count":0,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/226\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}