Vulnerabilities and Prevention of Session Hijacking
Contributed by Taylor Charles.
This article will assess the technological issue of session hijacking in regards to exposing all of its vulnerabilities as well as provide ways to prevent session hijacking. Session hijacking occurs when someone has unauthorized access and gains the ability to hack into the information or services of a computer. Consequently, many people are unaware of this kind of attack and lose valuable, sensitive information every day. Each time someone is using the web browser, there are cookies that are being used to authenticate the user. A hacker has access to many different tools that aid their hacking behaviors such as sniffing; a cross-sit script attack, and the “man-in-the-middle attack.” Since technology is considered the lifeline of our current society, it is urgent that there be better protections for the large companies, small businesses, and personal users of the Internet. Money travels constantly through network sessions through banking, online payments, and online shopping, which is one reason why hacking has become a huge issue in the technological world.
Session hijacking is TCP based and has the advantage of interfering in real time, during the active session. Sometimes the intrusion can be blocked depending on the level of knowledge the innocent user has to prevent the attack. If a website does not respond to one’s credential information used to access their information within a site, it is possible that someone could initiate a session hijack during that time window. Therefore, there are steps that a person can follow to avoid this situation. One step to use SSL and HTTPS encryptions for websites, which makes the hacking effort more complicated than the hacker may be able to handle. Another method involves the users deleting the cookies of their sites in order to help prevent other hackers from obtaining their log in information. This is a very good practice that can be done at any time before or during the network session by the user.
This document is in PDF format. To view it click here.