Sidejacking Or Session Hijacking

Session Hijacking

Firesheep: A Mozilla Plug-in developed for Session Hijacking.

Vulnerabilities: Details of your login (User names, passwords) for Sites such as Facebook can be easily uncovered (i.e. your session details can be uncovered).

Root course:  Although you login to certain sites which encrypt their log-in pages with SSL, it revert to HTTP as soon as the user leaves the log-in page, so that a hacker could easily hijack your session.

Solution:  Only the use of full time TLS/SSL will keep a user safe from being Session Hijacked.

Business organizations should protect their customers and employees by means of

the following:

• Consider extending HTTPS to their whole website.

• Ensure all critical web applications use HTTPS.

• Use a trusted Certification Authority with a well recognized trust mark.

• Advise the customers via the website about the use of HTTPS and explain its importance.

• Enforce the use of VPNs for all critical web applications.

• Educate customers and colleagues about the dangers of Session Hijacking.                                                                                                                                                                                                                                             


Leave a Comment

You must be logged in to post a comment.