Questions tagged [session-hijacking]
10 questions
5
votes
4 answers
What can I do to protect myself against Firesheep?
In the SU chat yesterday is was raised that the newly released FF plugin Firesheep makes it very easy (obviously it was already possible, just difficult) for an attacker to session sidejack another user.
This is achieved by copying the sessions…
DMA57361
- 18,793
2
votes
1 answer
How to Launch an App in an Existing Session
When a scheduled task runs I would like to open a Powershell window on my desktop to tail the log file and watch the progress. Specifically I would like the task to open the window on my desktop and run Get-Content C:\LogFile.txt -Wait. When the…
TwistedTech
- 347
1
vote
2 answers
Is hijacking of Facebook sessions possible when having physical access to a computer?
I have tested programs like SSLStrip or dSploit that hijack a Facebook session. This is: if the user logs in and the computer running the interceptor program (i.e: dSploit) is onto the same network (LAN), it is possible to hijack that Facebook…
Sopalajo de Arrierez
- 6,851
1
vote
1 answer
MITM attack, Replay Attack, TCP Session Hijacking
I was going over the internet reading about types of attacks on a computer system and I can not differentiate between MITM, Replay and TCP Session Hijacking.
They appear to be the same.
Sniff the data , change it , retransmit.
Please let me know if…
A User
- 694
1
vote
3 answers
Yahoo Mail vulnerability resulting in emails with no subject and a single link
Lately I've gotten random emails from friends with Yahoo Mail (or sbcglobal.net, which uses Yahoo Mail) without a subject and some random URL that I'm not going to click on.
At first I thought that someone had gotten ahold of their password, and I…
tomlogic
- 185
1
vote
1 answer
Trying to ssh into one server from two different networks results in two different RSA fingerprints
An attempt to connect to the remote server effingham.dreamhost.com via ssh from my company's network resulted in ssh giving an error about an RSA fingerprint mismatch, so I investigated and found that if I connected to the server via my mobile's…
Fabio A.
- 196
0
votes
2 answers
What should I consider when shopping for a private VPN?
I frequently rely on public wireless connections when I'm on the road, so to minimize the risk of session hijacking and packet sniffers I would like to start routing all of my connections through a private VPN.
Aside from price, what factors should…
Hayek
- 2,085
0
votes
1 answer
regarding Firesheep filters
I downloaded it just to check it out, since the concept (showing that many websites need to go to SSL) was pretty cool. I was wondering, however, what the filter was and how does tcp port 80 differ from anything else.
tekknolagi
- 1,420
0
votes
2 answers
Does logging out kill the session on the server's side
When I log in to a website, an active session is created on the server and my browser retains its "logged in" state by sending the identifier of that session to the server on each request.
The problem with this approach is people may be able to…
Merik
- 1
0
votes
2 answers
OS X 10.6: Disallow non-VPN connections on wireless?
With the recent rise in awareness of HTTP session hijacking, surfing the internet on a public wireless network has become quite perilous. At my university, the wireless network is totally open --- no encryption at all. Students are encouraged to use…
Evan Krall
- 53