[YLUG] SideJacking!

Alex Howells alex.howells at 0wn3d.us
Tue Sep 2 21:21:33 UTC 2008


2008/9/2 mike cloaked <mike.cloaked at gmail.com>:
> I was reading up recently about the security issue of sidejacking - if
> you use a laptop via open hotspots you might want to have a look at
> the following webpages:
>
> http://erratasec.blogspot.com/2008/01/more-sidejacking.html
> http://erratasec.blogspot.com/2008/08/google-vs-sidejacking-round-7.html
> http://fscked.org/blog/how-properly-provide-mixed-http-and-https-support
> http://fscked.org/blog/fully-automated-active-https-cookie-hijacking

Interesting reads.  I think the technique has been around for a while
now, there was a demonstration at last years BlackHat if I remember
right -- the usual fix is to use a SSH tunnel or OpenVPN when
connected in a public place.



More information about the York mailing list