Back Orifice (BO) is a remote administration system that allows a user to take full control of a computer remotely running the Microsoft Windows operating system (OS) across a TCP/IP connection, either through a simple console or graphical user interface (GUI). BO actually gives the remote machine more control over a local area network (LAN) or...
Web developers are especially wary of session hijacking because the HTTP cookies that are used to sustain a website session can be bootlegged by an attacker.
In the early days, HTTP protocol didn’t support cookies and therefore Web servers and browsers did not contain HTTP protocol. The evolution of session hijacking began in 2000 when HTTP 1.0 servers were implemented. HTTP 1.1 has been modified and modernized to support super cookies which have resulted in Web servers and Web browsers becoming more vulnerable to session hijacking.
Web developers can enlist certain techniques to help avoid session hijacking of their sites, including encryption methods and using long, random numbers for the session keys. Other solutions are to change cookie value requests and implement session regenerations after logins. Firesheep, a Firefox extension, has enabled public user session hijacking attacks by permitting access to personal cookies. Social network websites such as Twitter and Facebook are also vulnerable when users add them to their preferences.
Read More »
Join 138,000+ IT pros on our weekly newsletter
Home | Advertising Info | Write for Us | About | Contact Us
2010 - 2014
Janalta Interactive Sites: