This is actually two questions, inspired by a Washington Post article about Phatbot.
The article said that the Phatbot trojan sniffs internet traffic for PayPal cookies, so what are the implications of that? PayPal doesn’t put financial information in cookies do they?
Can any internet server be remotely configured to sniff network traffic? I don’t know anything about networking protocols, but I had always assumed that equipment and software vendors would make it difficult to configure a server to examine packets that weren’t addressed to it.
Since you asked, I decided to check. I found 6 cookies, and one of those cookies had several ascii strings in it, including:
“paypal.com/”
“login_email”, delimiter-char, my email address
So, how many tries will PayPal give this hacker to guess my password?
And I looked to see if there were cookies from other websites that I log on to that are transmitting unencrypted email addresses, and yes there are. Does passport.com sound familar?
So is there someone setting up network sniffers all ovet the internet and building a database of login names and encrypted passwords?
And each time you log in, does your password get re-encrypted? If someone can get several encryptions of the same password, they decryptic it can’t they?