Methods
There are four main methods used to perpetrate a session hijack. These are:
- Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
- Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
- Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.
- Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Read more about this topic: Session Hijacking
Other articles related to "methods, method":
... A method based on proximity matrices is one where the data is presented to the algorithm in the form of a similarity matrix or a distance matrix ... These methods all fall under the broader class of metric multidimensional scaling ... mapping) are examples of metric multidimensional scaling methods ...
... but his liquor balsamicum preservative was kept a secret to the grave and his methods were not widely copied ... Contemporary embalming methods advanced markedly during the height of the British Empire and the American Civil War, which once again involved many foreign officials, business ... and which became the foundation for modern methods of embalming, replacing previous methods based on alcohol and the use of arsenical salts ...
... Researchers have developed training-methods for artificial-intelligence devices as well ... Evolutionary algorithms, including genetic programming and other methods of machine learning, use a system of feedback based on "fitness functions" to allow computer programs to determine how well an ... The methods construct a series of programs, known as a “population” of programs, and then automatically test them for "fitness", observing how well they perform the intended task ...
... is a very popular sport, which can be done using any of the various methods and any of the general types of flies ...
... Its focus is not only on methods of promoting economic growth and structural change but also on improving the potential for the mass of the population ... Development economics involves the creation of theories and methods that aid in the determination of policies and practices and can be implemented at either the ... This may involve restructuring market incentives or using mathematical methods like inter-temporal optimization for project analysis, or it may involve a mixture of quantitative ...
Famous quotes containing the word methods:
“It would be some advantage to live a primitive and frontier life, though in the midst of an outward civilization, if only to learn what are the gross necessaries of life and what methods have been taken to obtain them.”
—Henry David Thoreau (1817–1862)
“The philosopher is in advance of his age even in the outward form of his life. He is not fed, sheltered, clothed, warmed, like his contemporaries. How can a man be a philosopher and not maintain his vital heat by better methods than other men?”
—Henry David Thoreau (1817–1862)
“I think it is a wise course for laborers to unite to defend their interests.... I think the employer who declines to deal with organized labor and to recognize it as a proper element in the settlement of wage controversies is behind the times.... Of course, when organized labor permits itself to sympathize with violent methods or undue duress, it is not entitled to our sympathy.”
—William Howard Taft (1857–1930)