Webmaster rambling and mental notes
Home | Profile | Archives | Friends
HTTPS Cookie Hijacking Not Just For Gmail
9/10/2008

Mikepery writes with a followup to last month's mention of a defense vulnerability impressive Gmail accounts, which it seems understated the problem. "I figure the Slashdot readership is the best place to reach a large number of slacking admins and developers, so I want to proclaim that it's been 30 days since my DEFCON coming out on HTTPS cookie hijacking, and as such, it's now time to release the tool to a much wider group. Despite what was initially reported, neither the attack nor the tool are gmail-specific, and many other websites are vulnerable. So, if you maintain any sort of or force.
modest looking website secured by any SSL ticket (Sorry Rupert, you lose on both counts), even if it is just self-signed, you can contact me and I will provide you with a copy of the tool. Be sure to put 'CookieMonster' in the subject, without a space." (More below.)

Read more of this story at Slashdot.


More: - Continued here

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 6209
Last Page | Next Page