SideJacking and You

I know many of you reading this blog will be asking yourself the question am “I” being SideJacked “now”, many more will be asking what on earth is “SideJacking”!

SideJacking is the term used to describe the malicious act of hijacking an engaged Web session with a remote service by intercepting and then using the credentials that identified the user/victim to that specific server.  SideJacking is most common on sites that require authentication through a username and password, such as online Web mail accounts as well as social networking sites.

But, SideJacking works only if the site catches a non-SSL cookie, so any Web site that uses SSL exclusively would be safe from SideJackers.

SideJacking is not “new” and was first demonstrated at Black Hat in 2007. However, what is new is Firesheep:firesheep-102610-02which is an add on to Firefox that makes this kind of exploitation easy to do, meaning anyone with a copy of Firefox and Firesheep that is sharing the same network as you can “SideJack” your session enabling the malicious user to login to your to the service using your credentials.

What can you do about it?

Well there are a number of options:

  • on a wireless network you control, such as your home network, turn on WPA2 if its not on already, which will protect your network and users at home, you may need to look in the manual of your router and operating systems to switch this on, it varies from device to device.

 

 

  • other sites may have similar capabilities, and you should check out the security settings that are available.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: