Side Jacking
Dosed by Shivaraj M E – M & E Team (from MphasiS Software Services)
What is Side Jacking?
Side Jacking is defined as the malicious act of hijacking an engaged Web
session with a remote service by intercepting and using the credentials that
identified the user/victim to that specific server.
This term is so new that, we can not find anything about it on Wikipedia.
Usually, Side Jacking is most common on sites that require authentication
through a username and password, such as online Web mail accounts as well as
social networking sites. SideJacking works only if the site catches a non-SSL
cookie, so any Web site that uses SSL exclusively would be safe from
SideJackers. SideJacking was first demonstrated by Robert Graham, CEO of
Errata Security at Black Hat in 2007.
More on Side Jacking:
Side jacking is a technique used to gain access to SSL encrypted web pages like
secure email. Many people think that because they are using SSL browser
encryption they are totally secure. When a hacker uses side jacking he takes
advantage of people who save their login passwords in cookies so they don't
have to log in to their secure site every time. By recording the wireless WiFi
radio signals the hacker can record those cookies. Once he has those cookies he
has access to secure email or other web site. While he doesn't have user's
password he still has access to your secure accounts and can log in and do what
he wants. The hacker can read your mail, check out what you bought on line
and even see your bank and credit card information.
All it takes is for the web site you are logging into to have a fallback non
SSL mode. This is a common occurrence on many "secure" web sites. It only
takes a moment for the hacker to grab the cookie and then use it to log himself
into your account.
Unless you are using a secure personal VPN at your wireless hotspot you are at
risk even if you think all is safe and secure.
Further References
http://arstechnica.com/news.ars/post/20070801-report-sidejacking-session-information-over-wifi-easy-as-pie.html
http://db.tidbits.com/article/9129
Connect with friends all over the world. Get Yahoo! India Messenger at
http://in.messenger.yahoo.com/?wm=n/
Join Access India convention: For updates on it visit:
http://accessindia.org.in/harish/convention.htm
Registration is now open!
To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe.
To change your subscription to digest mode or make any other changes, please
visit the list home page at
http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
