CookieMonster steals cookies with personal information
CookieMonster steals cookies with personal information
23rd September 2008
The programmer Mike Perry has found that protected HTTPS connections, used to get access to bank accounts and other services over the Internet, are not as safe, as they used to be thought.
Each time a user enters personal data to gain access to his account, the secret information in the form of a cookie-file is transferred via secure channel. But Perry found that site developers can not separate protected cookies elements from unprotected ones and, using fairly simple techniques, an attacker can deceive the browser and transfer cookies via a regular HTTP-connection. The application CookieMonster, written in Python, allows anyone willing to take advantage of the vulnerability found.
The developer of CookieMonster is planning to open broad access to his child in the near future.
Flash Player 10 eliminates problems in Firefox 3
EFI-X: installing Mac OS X to an ordinary PC Featured downloads
Download Free trial
Interact
Now downloading
AutoMe
AutoMe is a reliable and user-friendly windows automation software and macro recorder with task sche...
AutoMe is a reliable and user-friendly windows automation software and macro recorder with task sche...
Blog categories
McAfee (53)
AnyDVD (322)
FlashFXP (61)
Adobe (260)
Yahoo (67)News blog