newsimage

Sidejacking Or Session Hijacking

Session Hijacking

Firesheep: A Mozilla Plug-in developed for Session Hijacking.

Vulnerabilities: Details of your login (User names, passwords) for Sites such as Facebook can be easily uncovered (i.e. your session details can be uncovered).

Root course: Although you login to certain sites which encrypt their log-in pages with SSL, it revert to HTTP as soon as the user leaves the log-in page, so that a hacker could easily hijack your session.

Solution: Only the use of full time TLS/SSL will keep a user safe from being Session Hijacked.

Business organizations should protect their customers and employees by means of

the following:

• Consider extending HTTPS to their whole website.

• Ensure all critical web applications use HTTPS.

• Use a trusted Certification Authority with a well recognized trust mark.

• Advise the customers via the website about the use of HTTPS and explain its importance.

• Enforce the use of VPNs for all critical web applications.

• Educate customers and colleagues about the dangers of Session Hijacking.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>