![]() ![]() "FaceNiff allows users to sniff and intercept web sessions for Facebook, Twitter, YouTube, Amazon, and Nasza-Klasa (a Polish site). Under certain circumstances, Wood explained, it is even possible for a hacker to seize control of a supposed secure – and authenticated – IP session just as the user has entered their payment card data and other personal information.Īnd now FaceNiff appears to automate this process although, Infosecurity notes, Android device users will first have to 'root' their smartphones or tablet computers before installing the app.Īccording to security researcher 'Ms Smith' on NetworkWorld, "like a wicked mobile cousin of Firesheep, FaceNiff could allow even a clueless noob to hack Facebook over WiFi networks." Many sites, Wood told Infosecurity at the time, do not set the secure text flag on their site's session cookie.īecause HTTP sessions have far less data and IT resource overheads than HTTPS sessions, major sites often only use the latter secure protocol when requiring users to enter personal data such as payment card details on specific pages.Īnd if the hacker uses the cookie to take over an internet session – on a wireless or cellular connection, or even in an internet cafe – they can then intercept this personal data. ![]() As reported back in April 2009, pen tester Peter Wood, CEO of First Base Technologies, revealed that a structural flaw in the way browsers switch between HTTPS and HTTP data sessions mean that cookie interception is possible across a public WiFi connection. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |