|
Sidejacking - Getting around SSL encrypted
passwords
Sidejacking is a technique used to gain access to SSL-encrypted
web pages such as secure email. Many people think that because
they are using SSL browser encryption, they are totally secure. When
a hacker uses sidejacking, he takes advantage of people who save
their login passwords in cookies so they don't have to log in every time. By recording the wireless WiFi radio
signals, the hacker can record those cookies. Once he has those
cookies, he has access to your secure email or other web site. While
he doesn't have your password, he still has access to your secure
accounts and can log in and do what he wants. The hacker can read
your mail, check out what you bought online and even see your bank
and credit card information.
All it takes is for
the web site you are logging into to have a fallback, non-SSL mode.
This is a common occurrence on many 'secure' web sites. It
only takes a moment for the hacker to grab the cookie and then use
it to log himself into your account.
Unless you are using
a secure personal VPN at your wireless hotspot, you are at risk--even
if you think all is safe.
|
