Firesheep: A Mozilla Plug-in developed for Session Hijacking.

Vulnerabilities: Details of your login (User names, passwords) for Sites such as Facebook can be easily uncovered (i.e. your session details can be uncovered).

Root course:  Although you login to certain sites which encrypt their log-in pages with SSL, it revert to HTTP as soon as the user leaves the log-in page, so that a hacker could easily hijack your session.

Solution:  Only the use of full time TLS/SSL will keep a user safe from being Session Hijacked.

Business organizations should protect their customers and employees by means of

the following:

• Consider extending HTTPS to their whole website.

• Ensure all critical web applications use HTTPS.

• Use a trusted Certification Authority with a well recognized trust mark.

• Advise the customers via the website about the use of HTTPS and explain its importance.

• Enforce the use of VPNs for all critical web applications.

• Educate customers and colleagues about the dangers of Session Hijacking.                                                                                                                                                                                                                                             

This entry was posted on March 3, 2012 at 10:57 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Posted in Network Programming by admin No Comments Yet