This paper from Thawte discusses some critical points of Sessions Highjacking and how to prevent them.
What is Session Highjacking?
It is simply a way of taking over a web session by stealing the session ID (which is normally stored within a cookie) and masquerading as that user. Of course, once the hacker has managed to gain the victim’s session details he can do anything on that network that the legitimate user is entitled to do.
Which tools hackers uses to steal the sessions credentials?
FaceNiff is an Android application, released in June of last year, which allows hackers to intercept web session profiles over wireless networks and steal user credentials for Facebook, Twitter, You Tube and other social media sites.
You’ll be able to find out more in the whitepaper which can be downloaded from this link. Please note that the Editor asks quite a few details to fill in the form, so it’s up to you, if you have enough passion to fill all that info to get the paper! I warned you…
The good news is that those informations are re-used when you come back and want to download another whitepaper. I run a section called on Free Virtualization Content (see right hand side of my blog – “Featured Sites”) – you’ll find tons of papers from storage, networking, virtualization….
Here is the link.
This paper was sponsored by Thawte.