Session hijacking. What a powerful name. For me personally, the name conjures up mental pictures of airplanes with masked gunmen and bomb-laden buses. In actuality, session hijacking is far less physically dangerous and way more financially rewarding. The risk . . .
Session hijacking. What a powerful name. For me personally, the name conjures up mental pictures of airplanes with masked gunmen and bomb-laden buses. In actuality, session hijacking is far less physically dangerous and way more financially rewarding. The risk of a SWAT team shooting you while you are hijacking a session is also extremely low as opposed to hijacking airplanes. When people complain about the problems with the TCP/IP protocol suite, this attack method is one of the reasons. This attack is also one of the reasons client/server (host-to-host) communication encryption schemes should be used even in internal network communications. Session Hijacking is nothing new. In fact, the attack itself was first conceived and discussed in 1989 but unfortunately it is an attack that is just as dangerous now as it was back then. Without further ado (or sensationalism); here's the story...

The link for this article located at Netflood is no longer available.