Sidejacking

Definition - What does Sidejacking mean?

Sidejacking refers to the use of unauthorized identification credentials to hijack a valid Web session remotely in order to to take over a specific Web server. Usually sidejacking attacks are performed through accounts where the user types in their username and password. Sidejacking attacks work to find a nonsecure sockets layer (SSL) cookie. Usually, websites that have users type in their usernames and passwords are the type that get sidejacked. Websites that use SSLs don’t have as much of a chance of being sidejacked, but if the webmasters neglect to authenticate the site itself through encryption, SSL use can be negated. Unsecured Wi-Fi hot spots are also vulnerable.

Sidejacking employs packet sniffing to steal a cookie and read network traffic. The data sent to the server or the Web pages viewed by the victim are captured, allowing the perpetrator to steal private information and impersonate the user for personal gain.

[WEBINAR] Fostering Effective Alignment of Business and IT

Techopedia explains Sidejacking

Many people would be surprised if they knew how easily someone can hijack the websites they use, especially through open Wi-Fi. Gone are the days when hackers were confined to their homes, conducting their clandestine computer intrusions. Now, a hacker could be sitting right next to his or her victim in a coffee shop, a library, an airport, or anywhere that the user’s password may be remembered on the system. Smartphones and laptops within these hot spots should also be used very carefully.

While it’s difficult to prove, if someone is caught accessing a password-protected page in an unauthorized manner, that person will be charged with a misdemeanor in the U.S. If more than $1,000 in damage occurs, the offense is considered a felony.

Computer experts suggest using a virtual private network when using Wi-Fi, which employs a security tunnel that impostors cannot access.