CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Session Hijacking

December 11, 2009 · Posted in Information Security, Information Systems · Comment 

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Read more

Tags: <, , , , , , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2011-3958 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
      nvd@nist.gov
    • CVE-2012-1033 (bind) February 7, 2012
      The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
      nvd@nist.gov
    • CVE-2011-3971 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
      nvd@nist.gov
    • CVE-2011-3954 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
      nvd@nist.gov
    • CVE-2011-3970 (chrome, libxslt) February 7, 2012
      libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
      The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
      nvd@nist.gov
    • CVE-2011-3969 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
      nvd@nist.gov
    • CVE-2011-3956 (chrome) February 7, 2012
      The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
      nvd@nist.gov
    • CVE-2011-3968 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
      nvd@nist.gov
    • CVE-2012-1035 (ada_web_services) February 7, 2012
      AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes