Sidejacking – a special kind of theft, where an attacker intercepts traffic of user sessions, ie, for example, the traffic between the Wi-Fi router and user connect to the internet. We can find the plug-in Firefox, which automates session hijacking in unprotected Wi-Fi networks. This plug-in called Firesheep. It has a built in database of the most popular sites. The database presents sites such as Amazon, Facebook, Google, Twitter, and WordPress. The plugin is customizable, and users can add additional sites in its database. Today plugin have only historical interest. Many of the major sites go to full encryption, because of Firesheep.
Sidejacking with Firesheep – big problem, forcing many people to switch to full encryption
Assume that the user is logged on to the site and has been successfully authenticated. We know that the server transmits the cookie, which is used for authentication of subsequent connections. However, the connections are not always encrypted. Web sites generally only encrypted first interaction, but not each subsequent. The attacker in the same unprotected Wi-Fi network can intercept the session cookie, using the victim’s information to buy goods online, read and send email, etc.
Victims of identity theft can suffer financial losses, while the related sites may face litigation and negative publicity. How can you prevent sidejacking? Full encryption makes decryption of intercepted information impossible for any third parties. Sites must ensure that all the information on the network is encrypted for the entire session using secure methods. This is done via SSL, and the concept is called Always on SSL. Email services Google enable Https for future sessions when accessing email accounts. Today, Google has HTTPS for all its services.
Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.
Comments