This threat has been an on-going concern for web browser developers and security experts for the past five years. It is a very serious threat because it involves you and me, the victims when a hijacker takes over the computer without us even knowing what hit us.
Hackers can easily snatch up all the cookies in the jar. HTTP cookies are the reason we have anti-spyware, malware, and weaknesses in the wall against attack from invaders. They leave a trail of information, since they are basically text files saved by the web browser, a hacker can follow the trail towards sensitive, personal information saved from the internet. Here is a couple tricks the hackers will use to pull your pants down, no one wants to be caught with their britches hanging out in the wind, so Computer Geeks will tell you how to prevent this from happening too.
Session Fixation: A session is when you log onto the internet, either through LAN or Wireless. The fixation is sending a link that will set the user’s session id once the user logs in. Once this is done, the hacker has easy access to that user’s computer.
Sidejacking: This is a common attack from hackers where they sniff out the packets of information being sent back and forth between two parties and steal the session cookie. While many sites encrypt the login password at the homepage, the rest of the site is often unrestricted, allowing hackers to intercept the information that the user might think is secure yet little does he know…a hooded, sniveling little junior high genius knows this is his in, his entrance into your computer. WiFi are vulnerable and are perfect for hackers to run around hijacking your browser and stealing all the files you thought were safe.
Cross-site scripting: Another widely used and widely damaging attack by hackers who want to hijack your computer is by a trick. The trick is by fooling the computer into thinking the code is trusted, meanwhile it is malicious and once in your computer-devastating.
Man-in-the-Middle: The worst one of all. Let’s set the stage for this attack: Two people are involved in a private conversation online about matters that do no need to be heard by anyone else. On the side is a third party, an unknown party that could benefit from the information being said between the two people. All the third party has to do is wait for one of them so send the public key, and once that is intercepted, the third party can impersonate the two people and take complete control of what is talked about. Scary. The best way to prevent this is to put passwords on public keys so that when you are using WiFi, it is not open for hackers to jump right in.
We talked about the different types of hijacking, now let’s talk about preventing them.
Use a long, random number as your session key, this stops the hacker from guessing the key through trial and error. Encrypting your session is a good way to waylay attackers by creating complicated algorithms that will make the sensitive information only readable to you and others who have the key.
One simple and easy tip that Computer Geeks will leave you with: log out when you are done with a session, it will save your life.