Sidejacking - Getting around SSL encrypted passwords

 

Sidejacking is a technique used to gain access to SSL-encrypted web pages such as secure email. Many people think that because they are using SSL browser encryption, they are totally secure. When a hacker uses sidejacking, he takes advantage of people who save their login passwords in cookies so they don't have to log in every time. By recording the wireless WiFi radio signals, the hacker can record those cookies. Once he has those cookies, he has access to your secure email or other web sites. While he doesn't have your password, he still has access to your secure accounts and can log in and do what he wants. The hacker can read your mail, check out what you bought online and even see your bank and credit card information.

 

All it takes is for the web site you are logging into to have a fallback, non-SSL mode. This is a common occurrence on many 'secure' web sites. It only takes a moment for the hacker to grab the cookie and then use it to log himself into your account.

 

Unless you are using a secure personal VPN at your wireless hotspot, you are at risk--even if you think all is safe.