PrepAway - Latest Free Exam Questions & Answers

How did the hacker obtain john’s bank Account user ID and password?

Given: John smith uses a coffee shop’s internet hot spot to transfer funds between his checking and saving accounts at his bank’s website. The bank’s website uses HTTPS protocol to protect sensitive account information. A hacker was able to obtain john’s bank account user ID and password and transfers john’s money to another account. How did the hacker obtain john’s bank Account user ID and password?

PrepAway - Latest Free Exam Questions & Answers

A.
John uses same username and password for banking that he does for email. John used a pop3 email client at the wireless hotspot to check the email and the user ID and password were not encrypted.

B.
The bank’s web server is using anX509 certificate that is no signed by a root CA, causing the user ID and password to be sent unencrypted

C.
John’s bank is using an expiredX509 certificate on there web server. The certificate is on john’s certificate Revocation list (CRL), causing the user ID and password to be sent unencrypted.

D.
Before connecting to the banks website, johns association to the AP was hijacked. The Attacker interrupted the HTTPS public encryption key from the bank’s web server and has decrypted john’s login credentials in real time.

E.
John accessed his corporate network with the IPSec VPN software at the wireless hotspot. An IPSec VPN only encrypts data, so the user ID and password were sent in clear text. John uses the same username and password for banking that he does for his IPSec VPN software.

Explanation:
Some hotspots authenticate users. This does not secure the data transmission or prevent packet sniffers from allowing people to see traffic on the network.
http://en.wikipedia.org/wiki/Hotspot_(Wi-Fi)

The access point software on the attacker ‘ s laptop is confi gured with the same SSID that is used by a public – access hotspot. The attacker ‘ s access point is
now functioning as an evil twin AP with the same SSID but is transmitting on a different channel. The attacker then sends spoofed disassociation or deauthentication frames, forcing client stations associated with the hotspot access point to roam to the evil twin access point. At this point, the attacker has effectively hijacked wireless clients at Layer 2 from the original access point. Although deauthentication frames are usually used as one way to start a hijacking attack, RF jammers can also be used to force any clients to roam to an evil twin AP.


Leave a Reply