Side Jacking Dosed by Shivaraj M E – M & E Team (from MphasiS Software Services) What is Side Jacking? Side Jacking is defined as the malicious act of hijacking an engaged Web session with a remote service by intercepting and using the credentials that identified the user/victim to that specific server. This term is so new that, we can not find anything about it on Wikipedia. Usually, Side Jacking is most common on sites that require authentication through a username and password, such as online Web mail accounts as well as social networking sites. SideJacking works only if the site catches a non-SSL cookie, so any Web site that uses SSL exclusively would be safe from SideJackers. SideJacking was first demonstrated by Robert Graham, CEO of Errata Security at Black Hat in 2007. More on Side Jacking: Side jacking is a technique used to gain access to SSL encrypted web pages like secure email. Many people think that because they are using SSL browser encryption they are totally secure. When a hacker uses side jacking he takes advantage of people who save their login passwords in cookies so they don't have to log in to their secure site every time. By recording the wireless WiFi radio signals the hacker can record those cookies. Once he has those cookies he has access to secure email or other web site. While he doesn't have user's password he still has access to your secure accounts and can log in and do what he wants. The hacker can read your mail, check out what you bought on line and even see your bank and credit card information. All it takes is for the web site you are logging into to have a fallback non SSL mode. This is a common occurrence on many "secure" web sites. It only takes a moment for the hacker to grab the cookie and then use it to log himself into your account. Unless you are using a secure personal VPN at your wireless hotspot you are at risk even if you think all is safe and secure. Further References http://arstechnica.com/news.ars/post/20070801-report-sidejacking-session-information-over-wifi-easy-as-pie.html http://db.tidbits.com/article/9129
Connect with friends all over the world. Get Yahoo! India Messenger at http://in.messenger.yahoo.com/?wm=n/ Join Access India convention: For updates on it visit: http://accessindia.org.in/harish/convention.htm Registration is now open! To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in