Social media philosophy blog
Friday October 19th 2018

50 ways to steal your password, part 3

It is a curious thing that many programs and features that are developed to increase Internet safety, also can be used to destroy Internet safety. Perhaps the most obvious example of this is programs for packet analyzing a.k.a. packet sniffing. All Internet messages are chopped down into small packets that are reassembled once they reach their destination. Packet sniffing simply means intercepting traffic, copying the content and then allowing the packets to go on their way. These kinds of activities are done routinely in order to maintain Internet stability. However, the same instruments can easily be used for eavesdropping on Internet usage. Since Internet traffic tends to pass through a huge amount of servers, there are a multitude of passage points at which any individual message can be intercepted and discreetly copied. The most famous packet sniffer was the FBI Carnivore which did a major spy job 1997-2005. It has since been replaced by even more effective software.

A specific genre of packet analyzing is “password sniffing”. Once again, this can be useful for protection but can also be a tool for password theft.

11. Ettercap is a free and open source tool. It puts the network into so-called “promiscuous mode”. This allows the sniffer read everything and visualize everything passing through regardless of address and including the address of the computer sending the message. Ettercap can sniff out both username and password.
12.dSniff is designed for purposes of testing. Therefore it is good at visualizing traffic and can sniff out usernames, passwords, webpages being visited etc.
13. Cain and Abel is a multifunctional packet switching software, officially a “password recovery tool” which can be used both for sniffing out and cracking password hashes (see part two of this series of posts).
14. If you have access to the computer itself, it is also possible to sniff out passwords from the information that the system has dumped. There are many official tools available from major companies in this area.
15. Computer-based password sniffers can also sniff out passwords from other computers if they can utilize the promiscuous mode function.

Leave a Reply