Hacking social media sites become easier by exploiting cookies
Scarlet Hugh
2013-03-28
Views 2
http://www.houstonianonline.com/news/hacking-social-media-sites-become-easier-by-exploiting-cookies-1.2819362#.UVOKURenoXu
Internet users may want to keep an eye on their cookie jar, because a new discovery has linked cookies with hacked social media accounts.
Internet researcher Rishi Narang discovered a flaw in the way cookies are used by Twitter, LinkedIn, Microsoft Outlook/Live, and Yahoo. According to Australia’s SC Magazine, Narang found that cookies can be “stolen and used” in a “session fixation” attack.
A session fixation is a method of hacking that tricks a victim into using a session identifier chosen by the attacker. If successful, it represents the simplest method with which a valid session identifier can be obtained.
One student at SHSU however didn’t find the exploit a big deal.
“If I got hacked like that, I wouldn’t really care,” senior student Christopher Valva said. “It’s just a Twitter account. It’s not my entire life.”
If an attacker can intercept cookies while the user is logged in, the attacker could effectively convince the website that their browser is the original user’s browser, gaining “unfettered access” to your account. Not even a password change could keep the attacker out.
It goes without saying that this form of hacking only works if the user is logged in, because the cookie is deleted when the user logs out. LinkedIn is an exception however, because sometimes it retains a user’s cookie for three months.
See this video:
http://www.dailymotion.com/video/xxyx4f_hass-associates-online-scam-du-jour-they-re-creative-everywhere-so-beware-deviantart_news#.UVGzshdTDCY
Read this:
http://www.linkedin.com/groups/Hass-Associates-Online-Cyber-Review-4883972
Internet users may want to keep an eye on their cookie jar, because a new discovery has linked cookies with hacked social media accounts.
Internet researcher Rishi Narang discovered a flaw in the way cookies are used by Twitter, LinkedIn, Microsoft Outlook/Live, and Yahoo. According to Australia’s SC Magazine, Narang found that cookies can be “stolen and used” in a “session fixation” attack.
A session fixation is a method of hacking that tricks a victim into using a session identifier chosen by the attacker. If successful, it represents the simplest method with which a valid session identifier can be obtained.
One student at SHSU however didn’t find the exploit a big deal.
“If I got hacked like that, I wouldn’t really care,” senior student Christopher Valva said. “It’s just a Twitter account. It’s not my entire life.”
If an attacker can intercept cookies while the user is logged in, the attacker could effectively convince the website that their browser is the original user’s browser, gaining “unfettered access” to your account. Not even a password change could keep the attacker out.
It goes without saying that this form of hacking only works if the user is logged in, because the cookie is deleted when the user logs out. LinkedIn is an exception however, because sometimes it retains a user’s cookie for three months.
See this video:
http://www.dailymotion.com/video/xxyx4f_hass-associates-online-scam-du-jour-they-re-creative-everywhere-so-beware-deviantart_news#.UVGzshdTDCY
Read this:
http://www.linkedin.com/groups/Hass-Associates-Online-Cyber-Review-4883972
Report form
RELATED VIDEOS
