sidejacking Resources

Sponsored White Papers, Webcasts, and Downloads

Even SSL Gmail can get sidejacked: When Robert Graham demonstrated how Web 2.0 wasn't safe at last year's Blackhat, it was thought that at least the SSL mode HTTPS of Google Gmail would be spared from sidejacking. That presumption now appears to be false according to this updated blog posting from Graham. Even with SSL enabled,...; Tags: Google Gmail, HTTP, SSL, Cookie, Sidejacking, E-mail Providers, Web 2.0, Ssl/Tls, Authentication/Encryption, Network Security, Security, Internet, Networking, George Ou; Blog posts 2008-01-31
Greasemonkey script blocks Gmail cookie-theft attacks: By now, you're probably read about Robert Graham's Black Hat presentation (.pdf) on hijacking Gmail accounts by wirelessly sniffing non-SSL session cookies.The attack technique, called SideJacking, uses two homegrown tools -- Ferret and Hamster -- to sniff cookies from connections to unsecured Wi-Fi networks.Careless Google account users are vulnerable...; Tags: Google Inc., Google Gmail, Attack, Ryan Naraine; Blog posts 2007-08-07

Google using invalid security certificate: It appears that Google is using an invalid security certificate across many of its domains. If you type https://gmail.com or https://google.com/adsense into your favorite Web browser, here's what you see: Very strange. After last year's warnings around sidejacking, I made...; Tags: Google Inc., Security, Ryan Naraine; Blog posts 2008-06-20
Even SSL Gmail can get sidejacked: Even SSL Gmail can get sidejackedZDNet requires cookies to work...when using talkback. This is ridiculous. According to this blog, this is a security risk. Even though security is not a real issue when using talkback, requiring cookies, by this blogs own admission is not the most secure way to conduct...; Tags: SSL/TLS, Authentication/Encryption, E-mail providers, Network security, SECURITY, Last Line, SSL Gmail, SSL, Google Gmail, HTTP, KMail; Discussion threads 2008-01-31
DEFCON 2007 - Wall of Sheep (shame): DEFCON 2007 - Wall of Sheep shameNot goodThis sense of smug superiority can't end well. It's a useful service, but let's not forget they're compromising the easiest targets first and foremost. Let's keep our perspective, please....and yet another homage to Maynor? Wow. Just wow. I hear there were actually other...; Tags: E-mail providers, wall, Maynor; Discussion threads 2007-08-07