Network Security

HTTP injection and Session Hijacking

In this video the presenter demonstrates how easy it is to hijack someones session cookies and log into their online accounts. As a test he hacks his friend Cody’s facebook over our unsecured network by capturing the transactions between the facebook server and Cody’s computer in wireshark. My Notes: Looks like in order to test […]

HTTP Cookie Hijacking in the Wild: Security and Privacy Implications

The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access […]

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set […]